Policies and Procedures. Policy on the Use of Portable Storage Devices
|
|
- Felicia Clarke
- 8 years ago
- Views:
Transcription
1 Policies and Procedures Policy on the Use of Date Approved by Trust Board Version Issue Date Review Date Lead Person One May 2008 Dec 2012 Head of ICT Two Dec 2012 Dec 2014 Head of ICT Procedure /Policy number IMxx.V1 Procedure /Policy type Information Governance Policy 1 of 9
2 Contents Page No 1 Introduction 3 2 Background 3 3 Definitions 3 4 Risks 4 5 Authorised use of portable storage devices 5 6 Relevant Policies and Legislation 5 7 Scope 6 8 Responsibilities 6 9 Implementation and awareness 6 10 Reporting Procedures 6 11 Review and Monitoring 6 Appendices A B C Signature Sheet Data Log Transfer of Portable Storage Device 2 of 9
3 1.0 Introduction 1.1 There is a wide range of portable storage devices available, capable of holding huge amounts of data at relatively little cost. This policy has been developed to instruct staff in what the Trust policy is for use of these devices. Staff should observe these polices and be aware of the risks associated with the use of these devices, the limitations on their use and how they may be used in a controlled manner. 2.0 Background 2.1 There has been much publicity surrounding the loss of personal data in transit in both the public and private sector. Some incidents have involved the NHS, including the loss of numerous patient records. This has focussed attention on how organisations can best safeguard the data with which they are entrusted. This policy is part of the Trust s provision of guidance on the various data transfer methods in use to ensure good practice is followed. 3.0 Definitions 3.1 The term staff is used generically and covers all persons with access to Trust data including contractors and employees of the Trust. 3.2 The term confidential includes personal data (see below). The term also includes financial and operational data that should not be disclosed. Example reasons for non-disclosure include, but are not restricted to, the following: Financial data - disclosure of detailed building refurbishment costs could provide an outside body with a commercial advantage. Operational data disclosure of certain information regarding site security could compromise the Trust s business. 3.3 The term personal data includes data from which an individual can be identified or data which can contribute to the identification of an individual. Examples of personal data include name, address, video image, health records etc. 3.4 The terms data and information are used interchangeably. Examples include, but are not limited to, the following: MRI Images Computer files created using MS Office products such as Word and Excel PET/CT scans Case notes 3 of 9
4 3.5 The term storage device covers any medium that is capable of storing computerized data. The term portable means the medium may be connected to a different computer where data may be transferred, copied, read, amended or deleted. Examples of portable storage devices include, but are not limited to, the following: USB memory sticks Digital cameras Mobile telephones PDAs MP3 players, e.g. an ipod External hard drives Floppy discs, CDs and DVDs 3.6 Internal hard drives in PCs must not be used to store data. These drives are thus not treated as portable storage devices for the purposes of this policy. 4.0 Risks 4.1 Risks associated with the use of portable storage devices include, but are not limited to, the following: In the case of unauthorised use of a portable storage device, staff could be liable to prosecution under the Misuse of Computers Act Loss of Trust data, in which case staff may be liable to prosecution under the Data Protection Act 1998, may be effected in a number of ways: o o o The device may be lost or stolen. An authorised user may access data in an insecure physical environment, allowing data to be viewed by unauthorised persons. An authorised user may access data via an insecure computer, allowing data to be stolen by unauthorised persons. Spread of computer viruses and other malicious programmes from one computer to another. The data stored could be treated as if it were current even though it may have become out of date. Data held on the device is not backed up. Data held on the device is updated and the data held on the server is not, resulting in multiple, unsynchronised versions of the data. 4 of 9
5 5.0 Authorised use of portable storage devices 5.1 All Trust data must be stored on the appropriate server. Data may only be transferred from the server to a portable storage device as follows: Trust staff must only used portable storage devices provided by the Trust to store and process sensitive or health care related data. The use of personal storage devices for sensitive or health related data is strictly prohibited. In such cases, the device must have been supplied by the Trust and be used for the sole use of Trust business. Personal data sticks may be used for personal education, training purposes but must not contain sensitive data. Personal, medical or otherwise sensitive data must not be stored in unencrypted form on any portable computer storage media. The storage of unencrypted sensitive data on such devices is strictly prohibited. It must be absolutely necessary to transfer the data to a portable device for subsequent access on a different computer in order to conduct the Trust s business. The device must be available on request for inspection by the Trust IT manager. The IT department will keep a log of all portable storage devices issued and will allocate a named nominal owner to each. Data must be deleted from the device when no longer required. A description of all sensitive bulk data (file or files contain sensitive information about more than 10 patients) held on portable devices must be logged. (Appendix B) Where possible the device should bear a label displaying the number of its log entry and indicating the data present on the device. All devices held on Trust premises, whether containing data or not, must be securely stored. Staff must take personal responsibility for the safekeeping and, where appropriate, the safe return of storage devices removed from Trust premises. Where a portable storage device is passed to a non-trust body the IT department must be notified immediately via a signed form as set out in Appendix C. 5 of 9
6 6.0 Relevant Policies and Legislation 6.1 Relevant Trust policies include: IM&T Security Policy Data Protection Act and Access to Patient Records Trust Confidentiality Code of Conduct Staff and Public Disclosure Policy 6.2 Relevant legislation includes: Data Protection Act 1998 Access to Health Records Act Scope 7.1 This policy relates to the transfer of Trust data onto any removable storage device. This includes information relating to patients, expatients, staff, ex-staff, Trust financial matters and Trust operational issues. All staff are required to adhere to this policy. 8.0 Responsibilities 8.1 Managers are responsible for ensuring all staff adhere to this policy. 9.0 Implementation and Awareness 9.1 This policy should be implemented from the Issue Date. Managers should employ the Signature Sheet at Appendix A to ensure all their staff are aware of policy contents Reporting Procedures 10.1 All cases of deviation from this policy must be reported in accordance with incident management policies set out in the Trust IM&T Security Policy Review and Monitoring 11.1 This policy will be reviewed at two-yearly intervals or whenever a material change occurs. The content of relevant incident reports will be used to inform reviews. 6 of 9
7 Signature Sheet Policy on the Use of Appendix A This sheet should be used to record the names of staff members who have read and understood the above policy document. Name (please print) Job Title Date Signature 7 of 9
8 Data Log [Department Name] Appendix B Example 1 Device No: 1 Device Type: USB stick Category of data held: medical Current Owner Dr Who List of data held: Item Description No. 1 Medical notes for 52 ortho. patients Date copied to device 01/02/yyyy Date deleted 17/03/yyyy Notes 3 Radiology images for patients x,y,z etc. 13/02/yyyy 8 of 9
9 Appendix C South Tyneside NHS Foundation Trust Transfer of Portable Storage Device From: Department Name: Device Owner: Device Number: Device Type: I have transferred this device to the receiving person identified below. Signed: Date: To - Receiving Person: Organisation Name: Department: I acknowledge receipt of the device identified above. I undertake to ensure the data contained on the device will be treated strictly in accordance with the Data Protection Act 1998 and all other legislation relevant to its safekeeping. When the data is no longer required I further undertake to either: (a) Permanently delete data from the device, and will inform Tyneside NHS Foundation Trust accordingly or (b) Return the device intact to South Tyneside NHS Foundation Trust. Signed: Date: 9 of 9
COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name
COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationPolicy: Remote Working and Mobile Devices Policy
Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014
More informationSCHEDULE 18. Premises. This Schedule 18 sets out certain terms relating to the Service Provider s Premises.
Business Operations- Schedule 18 (Premises) SCHEDULE 18 Premises This Schedule 18 sets out certain terms relating to the Service Provider s Premises. 1. Service Provider's Premises The following provisions
More informationLAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationPOLICY DOCUMENT. Policy on Mobile / Portable Computing Devices and Data Security. Release: Final Date Created: 3 March 2009
POLICY DOCUMENT Policy on Mobile / Portable Computing Devices and Data Security Release: Final Date Created: 3 March 2009 Owner: David Priest Compiled by: David Priest Document Reference: Page 1 of 8 Printed:
More informationMOBILE DEVICE SECURITY POLICY
State of Illinois Department of Central Management Services MOBILE DEVICE SECURITY Effective: October 01, 2009 State of Illinois Department of Central Management Services Bureau of Communication and Computer
More informationHow To Protect School Data From Harm
43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationIM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers
IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment
More informationInformation Security Policy for Associates and Contractors
Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...
More informationGrasmere Primary School Asset Management Policy
Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the
More informationINFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies
INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies REMOVABLE MEDIA: NSW MoH are currently undergoing review with a state-wide working party developing the Draft NSW
More informationSafe Haven Procedure. Final. Date Issued March 2009 Review Date March 2010 NHS East Midland Employees. Safe Haven Procedure: v1.
Safe Haven Procedure Final Version 1.0 (Final) Ratified By Executive Team Originator/Author Fabian Henderson Date Issued March 2009 Review Date March 2010 Target NHS East Midland Employees Safe Haven Procedure:
More informationData Encryption Policy
Data Encryption Policy Number: THCCGCG36 Version: 01 Executive Summary This Policy defines the Security requirements for data encryption upon laptops, physical media and Secure File Transfer within the
More informationPolicy Document. Communications and Operation Management Policy
Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationDene Community School of Technology Staff Acceptable Use Policy
Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,
More informationUSE OF PERSONAL MOBILE DEVICES POLICY
Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014
More informationSafe Haven Policy. Equality & Diversity Statement:
Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review
More informationMANAGEMENT OF USER ACCOUNTS AND PASSWORD POLICY AUGUST 2011. Version 2.0
MANAGEMENT OF USER ACCOUNTS AND PASSWORD POLICY AUGUST 2011 Version 2.0 Western Health and Social Care Trust Page 0 of 6 Management of User Accounts Policy Policy Title MANAGEMENT OF USER ACCOUNTS AND
More information2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy
Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change
More informationData and Information Security Policy
St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration
More informationCorporate Affairs Overview and Scrutiny Committee
Agenda item: 4 Committee: Corporate Affairs Overview and Scrutiny Committee Date of meeting: 29 January 2009 Subject: Lead Officer: Portfolio Holder: Link to Council Priorities: Exempt information: Delegated
More informationNHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction
NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers
More informationStandard Operating Procedure. Secure Use of Memory Sticks
Standard Operating Procedure Secure Use of Memory Sticks DOCUMENT CONTROL: Version: 2.1 (Amendment) Ratified by: Finance, Infrastructure and Business Development Date ratified: 20 February 2014 Name of
More informationInformation Technology Policy and Procedures
Information Technology Policy and Procedures Responsible Officer Author Ben Bennett, Business Planning & Resources Director Policy Development Group Date effective from April 2005 Date last amended February
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationREMOTE WORKING POLICY
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
More informationABERDARE COMMUNITY SCHOOL
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
More informationInformatics Policy. Information Governance. Network Account and Password Management Policy
Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information
More informationVersion: 2.0. Effective From: 28/11/2014
Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director
More informationPersonal Identifiable Data Security Policy
Personal Identifiable Data Security Policy Number: THCCGCG43 Version: 01 Executive Summary This Policy defines the Security requirements for all Staff involved in handling Person Identifiable Data (PID)
More informationPS177 Remote Working Policy
PS177 Remote Working Policy January 2014 Version 2.0 Statement of Legislative Compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data Protection
More informationDATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff
DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has
More informationNetwork Security Policy
KILMARNOCK COLLEGE Network Security Policy Policy Number: KC/QM/048 Date of First Issue: October 2009 Revision Number: 3 Date of Last Review: October 2011 Date of Approval \ Issue May 2012 Responsibility
More informationData Protection Breach Management Policy
Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/
More informationSERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0
SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY
More informationPortable Devices and Removable Media Acceptable Use Policy v1.0
Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working
More informationINFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE
INFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE Original Approved by: Policy and Procedure Ratification Sub-group on 23 October 2007 Version 2.1 Approved by: Information Governance
More informationICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation
ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette
More informationDATA AND PAYMENT SECURITY PART 1
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
More informationINFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationTameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
More informationCCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review
More informationCYBERSAFETY USE AGREEMENT for Cambridge High School Students
CYBERSAFETY USE AGREEMENT for Cambridge High School Students Cambridge High School This document is comprised of this cover page and three sections: Section A: Introduction Section B: Cybersafety Rules
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Rev Date Purpose of Issue/ Description of Change Equality Impact Assessment Completed 1. June 2011 Initial Issue 2. 29 th March 2012 Second Version 3. 15 th April 2013 Third
More informationSt. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy
Learn, sparkle & shine St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Adopted from the LA Policy April 2015 CONTENTS Page No 1. Introduction 1 2. Guiding Principles
More informationAcceptable Usage Guidelines. e-governance
Acceptable Usage Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September
More informationIT Data Security Policy
IT Data Security Policy Contents 1. Purpose...2 2. Scope...2 3. Policy...2 Access to the University computer network... 3 Security of computer network... 3 Data backup... 3 Secure destruction of data...
More informationCOMMERCIALISM INTEGRITY STEWARDSHIP. Security Breach and Weakness Policy & Guidance
Security Breach and Weakness Policy & Guidance Document Control Document Details Author Adrian Last Company Name The Crown Estate Division Name Information Services Document Name Security Breach & Weakness
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Policy for the electronic transfer of Person Identifiable Data - harmonised Version: 5 Reference Number: CO51 Supersedes Supersedes: 4 Description of Amendment(s):
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationResponsible use of ICT Devices Agreement
Responsible use of ICT Devices Agreement This document is comprised of this cover page and three sections: Section A: Section B: Section C: Introduction Cybersafety Rules for Junior Primary Students Cybersafety
More informationName of responsible committee: Information Governance Board Date issued: 15 th April 09 Review date: 14 th April 11 Referenced Documents:
Storage and Transfer of Person Identifiable Information Policy Trust Wide Policy number: ULH-IM&T-AUP03 Version: 1.1 New or Replacement: New Approved by: Executive Board Date approved: 14 th April 09 Name
More informationUniversity of Birmingham. Closed Circuit Television (CCTV) Code of Practice
University of Birmingham Closed Circuit Television (CCTV) Code of Practice University of Birmingham uses closed circuit television (CCTV) images to provide a safe and secure environment for students, staff
More informationLSE PCI-DSS Cardholder Data Environments Information Security Policy
LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project
More informationCAVAN AND MONAGHAN EDUCATION AND TRAINING BOARD. Data Breach Management Policy. Adopted by Cavan and Monaghan Education Training Board
CAVAN AND MONAGHAN EDUCATION AND TRAINING BOARD Data Breach Management Policy Adopted by Cavan and Monaghan Education Training Board on 11 September 2013 Policy Safeguarding personally identifiable information
More informationNetwork Security Policy
Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant
More informationCyber-safety Agreements are also an educative tool and shall be used as a resource to support the professional development of the school community.
Cyber Safety Policy Rationale Mannum Community College places a high priority on providing its school community with Internet facilities, ICT devices and equipment which will benefit student learning outcomes
More informationIxion Group Policy & Procedure. Remote Working
Ixion Group Policy & Procedure Remote Working Policy Statement The Ixion Group (Ixion) provide laptops and other mobile technology to employees who have a business requirement to work away from Ixion premises
More informationPolicy Document. IT Computer Usage Policy
Policy Document IT Computer Usage Policy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Author IT Services Manager Version 4.1 Issue Issue Date
More informationThe Ministry of Information & Communication Technology MICT
The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.
More informationRemote Working and Portable Devices Policy
Remote Working and Portable Devices Policy Policy ID IG04 Version: V1 Date ratified by Governing Body 29/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review
More informationHuddersfield New College Further Education Corporation
Huddersfield New College Further Education Corporation Card Payments Policy (including information security and refunds) 1.0 Policy Statement Huddersfield New College Finance Office handles sensitive cardholder
More informationAcceptable Use Policy
Acceptable Use Policy Recommending Committee: Approving Committee: Information Governance Steering Group Patient Safety & Experience Council Signature: Designation: Chief Executive Date: Version Number:
More informationSECURITY INCIDENT REPORTING AND MANAGEMENT. Standard Operating Procedures
SECURITY INCIDENT REPORTING AND MANAGEMENT Standard Operating Procedures Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme.
More information(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)
(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002) 1. Approval and Authorisation Completion of the following signature blocks signifies
More informationMOBILE COMPUTING & REMOTE WORKING POLICY AND PROCEDURE. Documentation Control. Consultation undertaken Information Governance Committee
MOBILE COMPUTING & REMOTE WORKING POLICY AND PROCEDURE Documentation Control Reference GG/INF/020 Date Approved 13 Approving Body Directors Group Implementation date 13 Supersedes Not Applicable Consultation
More informationRoxio Secure Solutions for Law Firms
Roxio Secure Solutions for Law Firms Law firms can easily protect sensitive data stored on CD, DVD, Blu-ray Disc and USB flash media with Roxio Secure Solutions Introduction Law firms and their clients
More informationVideo surveillance policy (PUBLIC)
29 July 2015 EMA/133708/2015 Administration Division POLICY/0046 POLICY/0046 Effective Date: 01/01/2015 Review Date: 01/01/2018 Supersedes: Version 1 1. Introduction and purpose For the safety and security
More informationBurton Hospitals NHS Foundation Trust. On: 16 January 2014. Review Date: December 2015. Corporate / Directorate. Department Responsible for Review:
POLICY DOCUMENT Burton Hospitals NHS Foundation Trust INFORMATION SECURITY POLICY Approved by: Executive Management Team On: 16 January 2014 Review Date: December 2015 Corporate / Directorate Clinical
More informationINFORMATION GOVERNANCE POLICY: NETWORK SECURITY
INFORMATION GOVERNANCE POLICY: NETWORK SECURITY Original Approved by: Policy and Procedure Ratification Sub-group on 23 October 2007 Version 1.2 Approved by: Information Governance Group Approval Date:
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationInformation Security Policy London Borough of Barnet
Information Security Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Document Description Information Security Policy Policy which sets out the council s approach to information
More informationROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY INFORMATION HANDLING
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY INFORMATION HANDLING Introduction and Policy Aim The Royal Borough of Windsor and Maidenhead (the Council) recognises the need to protect Council
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationSenior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES
Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the
More informationITU-10002 Computer Network, Internet Access & Email policy ( Network Access Policy )
ITU-10002 Computer Network, Internet Access & Email policy South Norfolk Council IT Unit Documentation www.south-norfolk.gov.uk Page : 2 of 8 Summary This policy informs all users about acceptable use
More informationHighland Council Information Security Policy
Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...
More informationSummary Electronic Information Security Policy
University of Chichester Summary Electronic Information Security Policy 2015 Summary Electronic Information Security Policy Date of Issue 24 December 2015 Policy Owner Head of ICT, Strategy and Architecture
More informationVirginia Primary School Learning Together, Learning for our Future
Virginia Primary School Learning Together, Learning for our Future RESPECT CARING FAIRNESS ACHIEVEMENT DIVERSITY Information Technology - Cyber-Safety Policy The measures to ensure the cyber-safety of
More informationAngard Acceptable Use Policy
Angard Acceptable Use Policy Angard Staffing employees who are placed on assignments with Royal Mail will have access to a range of IT systems and mobile devices such as laptops and personal digital assistants
More informationBARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY
Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March
More informationDOCUMENT CONTROL PAGE
DOCUMENT CONTROL PAGE Title: Title Version: 0.2a Reference Number: Supersedes Supersedes: IT Encryption and Security Policy and Guidelines Description of Amendment(s): Clarification of document approval
More informationAcceptable Use of Information Systems Standard. Guidance for all staff
Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationInformation Security Policy. Policy and Procedures
Information Security Policy Policy and Procedures Issue Date February 2013 Revision Date February 2014 Responsibility/ Main Point of Contact Neil Smedley Approved by/date Associated Documents Acceptable
More informationE- Safety and Digital Photography - College ICT
Penrice Academy E-SAFETY POLICY Adopted by the Governing Body on June 2013 Review date: June 2015 Scope of the Policy This policy applies to all members of the College community (including staff, students,
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationCYBERSAFETY AT WESTLAKE GIRLS HIGH SCHOOL
CYBERSAFETY AT WESTLAKE GIRLS HIGH SCHOOL CYBERSAFETY USE AGREEMENT FOR STUDENTS 2014 This document consists of a cover page and three sections: Section A Cybersafety In The School Environment Important
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More informationYears 3-7 Acceptable Use Policy & Agreement
Years 3-7 Acceptable Use Policy & Agreement Reidy Park Primary School is committed to enhancing teaching and learning through the safe use of information and communication technologies (ICTs). We require
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationData Protection and Information Security. Data Security - Guidelines for the use of Personal Data
Data Protection and Information Data - Guidelines for the use of Personal Data Page 1 of 10 Created on: 21/06/2013 Contents 1. Introduction... 3 2. Definitions... 3 4. Physical... 4 5 Electronic... 6 6
More informationResponsible Computer Use Policy for Students
Responsible Computer Use Policy for Students Introduction By using the Sheldon College Network and ICT Services students agree to accept the terms and conditions outlined in this document. This policy
More information