KEY, SWIPE CARD AND ELECTRONIC FOB POLICY
|
|
- Phyllis Franklin
- 8 years ago
- Views:
Transcription
1 KEY, SWIPE CARD AND ELECTRONIC FOB POLICY DOCUMENT CONTROL Version: 3 Ratified by: Risk Management Group Date Ratified: 30 th April 2014 Name of originator / author: Head of Health, Safety & Security Name of responsible Risk Management Group committee/individual: Date Issued: 30 May 2014 Review Date: April 2017 Target Audience: All managers with responsibilities for the security of premises, keys, access swipe cards, access fobs or similar devices. Also all staff who use such devices should be aware of this policy. Page 1 of 13
2 CONTENTS SECTION PAGE 1. INTRODUCTION 3 2. PURPOSE 3 3. SCOPE 3 4. RESPONSIBILITIES, ACCOUNTABILITIES AND DUTIES ASSISTANT DIRECTORS AND HEAD S OF SERVICE ESTATES DEPARTMENT AND PFI MANAGEMENT PERSONNEL MANAGER HEAD OF FACILITIES TRUST SECURITY ADVISOR DOMESTIC SUPERVISORS KEY CUSTODY STAFF ALL TRUST STAFF 5 5. PROCEDURE / IMPLEMENTATION RECORDS IMPORTANT CONCEPTS TYPES OF KEY LOCATION AND CUSTODY OF KEYS CONTROL OF KEYS Location Keys Issued To Staff For Long Term Personal Use Copying Of Keys Loss Of Or Theft Of Keys COMBINATION LOCKS (BOTH DIGITAL AND MECHANICAL) ELECTRONIC KEY CUPBOARD / TRACKER SYSTEMS 9 6. TRAINING IMPLICATIONS 9 7. MONITORING ARRANGEMENTS EQUALITY IMPACT ASSESSMENT SCREENING Privacy, Dignity and Respect Mental Capacity Act LINKS TO OTHER PROCEDURAL DOCUMENTS REFERENCES APPENDICES 11 App.1 Sample Key Issue And Return Record Form 12 Page 2 of 13
3 1. INTRODUCTION The loss of a key, fob or swipe card is detrimental to the good order of the service, either denying that service until entry can be gained, or reducing security and so placing property, possessions or people at risk. The cost of replacing locks can also be a substantial drain on funds. An effective monitoring and storage system for keys will ensure that security is maintained, while allowing entry to authorised personnel and providing a backup when entry is required out of the normal working function. 1.1 DEFINITIONS Key Any device used to open or close a locking mechanism. This could be the traditional metal key, an electronic fob, proximity detector, or combination number for a key pad. Lock Any device used to secure a closure in place to prevent entry or exit. The closure could be a door, cupboard door, safe door, fridge door, desk drawer, cabinet or anything which requires access or exit limited and controlled. Key Custody Staff Staff who are responsible for the safe custody, issue and management of keys for an area. This ranges from small department to a whole hospital 2. PURPOSE The Trust has a duty to protect our service users, visitors and staff from harm, keep confidential and valuable information secure, and protect assets, property and possessions from damage and theft. An important tool in providing this protection is the control of entrances and exits. The purpose of this policy is to detail how to manage the devices which allow access to, and egress from, premises. 3. SCOPE This policy applies to any area within the Trust which has a secure entrance or exit, and that entrance or exit is secured by a locking device which has a key, swipe card, electronic fob or other device for operating the lock. It also applies to secure locations within our premises, such as safes, drug cupboards etc. Areas with different needs, such as Learning Disability Community homes, will have local procedures, these areas should include those local procedures as attachments to this policy after they are ratified. 4. RESPONSIBILITIES, ACCOUNTABILITIES AND DUTIES 4.1 ASSISTANT DIRECTORS AND HEAD S OF SERVICE Required to: Provide adequate storage, recording and management systems in place for the management of keys in line with this policy. 4.2 ESTATES DEPARTMENT AND PFI MANAGEMENT PERSONNEL Page 3 of 13
4 Required to: 4.3 MANAGER Required to: Liaise with the Security Advisor and Fire Safety Advisor before fitting new locks to a premise, to ensure that the chosen device is fit for purpose and does not interfere with the security and fire integrity of the premise. Maintain the security of premises by fitting new/replacement locks as required as soon as is practicable if there is a breach of security. Manage the security of his/her area of control, and to police the custody of keys for that area. Maintain records and key security as stated within this policy Provide suitable key cupboards for storage, and have systems in place for recording the signing out and return of keys. Provide and maintain the lists of authorised people who are able to access the keys Report and investigate all losses of keys and breaches of security. 4.4 HEAD OF FACILITIES Required to: Manage the security of keys held by the domestic services and other central areas within the Trust. Liaise with PFI bodies, if they hold keys for Trust areas, to ensure the security of keys in line with this policy. 4.5 TRUST SECURITY ADVISOR Provide advice on the type and specification of a locking device to be fitted to ensure consistency across the Trust and effectiveness of security. Provide advice on the safe storage of keys, fobs and swipe cards if requested. 4.6 DOMESTIC SUPERVISORS Required to: Issue keys and monitor returns from Domestic staff as stated within this policy. If a key drop facility is in place, the Domestic Supervisors will instruct staff under their control to use the facility correctly. 4.7 KEY CUSTODY STAFF Staff responsible for the safe keeping of keys Required to: Manage the safe storage, custody and management of keys within their designated area, or central point as instructed by their manager. Maintain records as detailed in this policy Page 4 of 13
5 4.8 ALL TRUST STAFF All Trusts staff should be aware of the importance of security of keys for all areas. They should comply with this policy, and any local security measures in place All staff should have and maintain self-awareness while using controlled access points to ensure that safety and security are not compromised 5. PROCEDURE / IMPLEMENTATION Due to the number of local differences across the Trust, it may be necessary to vary from what is detailed in this policy. Any such deviation should be with the agreement of the Security Advisor. All local agreements should be documented and added as an appendix to this policy. 5.1 RECORDS Local records of who can hold keys, who they are issued to, whether level 1 and level 2 keys can be held together and other relevant information are to be kept by the manager. 5.2 IMPORTANT CONCEPTS All Keys (whether in use, spare or master) need to be stored securely Keys need a record of who they are issued to, whether it is for short or long term use. Keys need a record of when they are returned to store Electronic fobs, their control cards and unissued fobs are classed as keys and require secure storage, issue and return Other devices which control the security of an entrance or exit require to be as secure as keys 5.3 TYPES OF KEY There are five levels of lock and key within the Trust; LEVEL ONE Keys to medically, commercially or confidentially sensitive areas, areas of higher security and dangerous areas. For example, medical records office, cashiers office, Boiler room etc LEVEL TWO Keys to medication stores, medication cupboards and medication fridges LEVEL THREE Keys to all external doors, department entrances and outbuildings LEVEL FOUR Keys to rooms within a department which are not external doors, or rooms which require a higher level of security. Keys to the Trust owned vehicles are included in this level LEVEL FIVE All other keys to cupboards, cabinets, machines, and other locks within the work area. These keys are not classed as security keys, but nonetheless require Page 5 of 13
6 careful storage as their loss will prevent access to a location, cupboard or machine. 5.4 LOCATION AND CUSTODY OF KEYS LEVEL ONE Main set to be kept in a central point, such as switchboard or reception, numbered/named and logged out and in. Only issued to specifically identified staff with permission from the relevant Assistant Director/Head of Service, or relevant Domestic Service Manager. If an emergency occurs within the area, then the duty manager can authorise entry. For departments and units which are based within the community, the central location is a suitable area within the department, such as an office, where the lockable key cupboard can be situated. Level one keys are to be kept in a lockable key cupboard, within a lockable room, both of which are to be locked when the area is vacated. The key to the room and key cupboard are to be held by a responsible person identified by the Assistant Director/Head of Service. Copies of these keys can be held by staff approved by the relevant Assistant Director/Head of Service. Copies should be held only by staff that require entry to these areas during their normal working function, or out of normal hours. See section on personally held keys. A level one key can be kept with a level two key and handed from person to person if the relevant Assistant Director/Head of Service has approved this LEVEL TWO These keys are to be held by approved persons only, and are the responsibility of that person. They are normally to be passed from person to person and not stored in a key cupboard. Level two keys are predominantly drug cupboard keys and so for further guidance refer to the Safe and Secure Handling of Medicines Policy LEVEL THREE Main sets to be held in a central location, numbered/named and logged out and in. Only issued to authorised domestic staff, security staff and other staff authorised by the relevant Manager. If an emergency occurs within the area, then the duty manager can authorise entry. For departments and units which are based within the community, the central location is a suitable area within the department, such as an office, where the lockable key cupboard can be situated. Level three keys are to be kept in a lockable key cupboard, which is to be Page 6 of 13
7 locked when the area is vacated. The key to the key cupboard is to be held by a responsible person identified by the Assistant Director/Head of Service. Copies of these keys can be held by staff authorised by the relevant Manager. Copies should be held only by staff that require entry to these areas during their normal working function, or out of normal hours. See section on personally held keys LEVEL FOUR These keys are to be held within the department in a locked key cupboard or similar secure storage. Managers are responsible for the security of these keys. Each member of staff can hold a key to their own office, and a key bunch can be created for the domestic staff if necessary. Keys for store rooms and utility rooms which have to be kept locked should be held in the key cupboard. See section on personally held keys. The key to the key cupboard should be held by a nominated member of the department, and a spare held by the Manager. Vehicle keys are kept secure by the Facilities department and the Finance Department. These departments have local arrangements for controlling these keys LEVEL FIVE These keys are to be held within the department. They will be suitably labelled and stored in the key cupboard. Access to these keys is decided by the Manager. 5.5 CONTROL OF KEYS LOCATION All keys are to kept in a secure location, all keys/bunch of keys are numbered or named for identification. No key is to be issued until the key custody staff have confirmed the identity of the person by Trust identity card or other approved method. The key custody staff should also ensure that the person is authorised to draw those keys. If they are unsure, then they should contact the relevant Manager or Duty Manager before issuing the keys. To draw the keys, the person should sign a log book with date and time of withdrawal, print their name and sign. Once the keys are returned, the date and time of return and initials/signature of the key custody staff should also be recorded. An example of a suitable key log is at Appendix 1. If suitable, a secure key drop facility may be in place for staff to drop returned keys. This facility must be designed so that keys once dropped Page 7 of 13
8 cannot be retrieved by any except the key custody staff. The key custody staff should empty the key drop facility at regular intervals (as soon as practicable) and record the return of the keys in the key log. As a minimum, once a day (more frequently if local procedures dictate) the key custody staff should check the key cupboard and register to ensure that every key is accounted for, either present in the cupboard, or signed for in the register. If the location of a key is not verified, then the key custody staff should attempt to contact the last person to have the keys. If this is not possible, then they contact the Duty manager for instructions KEYS ISSUED TO STAFF FOR LONG TERM PERSONAL USE These keys are only to be issued with the permission of the Manager. It is not normally suitable for staff to be allowed free access to areas other than their normal work area. For example mail delivery staff should not have a key simply because they deliver mail to a location. Staff from outside a work area should be treated as visitors, and request access to a closed area the same way as a visitor. A register of key holders is to be kept for the area, this register is the responsibility of the Manager. When issued keys, the person should sign for them, recording the date of issue, where the keys are for, print their name and sign. The keys now become the responsibility of the person, it is their duty to keep the keys safe and not allow them to come into the possession of anyone else. When a member of staff leaves a work area permanently then the keys must be handed back into the Manager, again being signed for. This should be part of the termination process COPYING OF KEYS No key is to be copied by anyone without the permission of the manager, or assistant director / head of service for level 1 keys. To copy a key the appropriate form (obtainable from the estates department) is to be completed by the manager. The key cutter will check that the form is correctly completed and cut the requested number of keys. Certain types of key will need to be copied by a specialist locksmith or company. This should be arranged via the use of petty cash or purchasing department LOSS OF OR THEFT OF KEYS Immediately a loss is noted, it is to be reported to the Manager, Security Adviser, key custody staff and manager of the area the key concerns. If a level one key is missing then the relevant Assistant Director is to be informed. Outside normal working hours the Duty Manager, Switchboard (for The Balby campus) and Security office (if there is one for the area) are to be informed. An IR1 report is to be complete as well as any local reporting procedures that Page 8 of 13
9 may be in place. A decision of whether to replace the locks will be made and appropriate action taken. If a level one key is missing, then a decision on what immediate security arrangements are necessary will be made. Other electronic lock opening devices may have the ability to decode a lost/stolen device, or recode all remaining devices. The decision on whether to decode or recode will be made by the relevant Manager in conjunction with the Security Adviser. 5.6 COMBINATION LOCKS (BOTH DIGITAL AND MECHANICAL) The number or entry code required to operate these locks should be seen as important as a key, and kept as secure. However, there is much more chance of such a combination entering into the wrong hands. Combinations are not to be Issued to anyone who does not regularly work within the area. Written on notices or similar to be left on view Easy to identify such as a telephone number, or familiar date etc. Combinations are to be; Changed, as a minimum, every 6 months Changed as soon as it is believed they are compromised It is recommended that combinations are changed when a member of staff leaves, or a department relocates out of that area. 5.7 ELECTRONIC KEY CUPBOARD / TRACKER SYSTEMS A variety of key control systems are available which monitor access and control withdrawal of key bunches. As a minimum, these systems must; Be located within a secure room. Keep the key bunches individually secure within a locked cabinet Be able to identify the person removing the keys, either by biometrics or password or similar Allow the removal of only one bunch of keys designated to the person removing Record the date and time of removal and the identity of the person removing Record the date and time of return Allow checking of the keys physical presence Have a power loss protocol which maintains security 6. TRAINING IMPLICATIONS There are no specific training needs in relation to this policy, but the following individual and groups need to be familiar with its contents: Assistant Directors, Head s of Services, Managers, Key Custody Staff, Key Page 9 of 13
10 holders, Domestic Supervisors, all managers with responsibilities for the security of premises, keys, access swipe cards, access fobs or similar devices. and, any other individual or group with a responsibility for, or an interest in, security. 7. MONITORING ARRANGEMENTS Area for Monitoring Centrally held Keys are secure and recording system is up to date Long term issue of keys record is up to date and all keys accounted for Methodology Who by Reported to Frequency Check that all the keys are accounted for and record system is up to date with keys issued Check records against keys issued. Check that keys issued are accounted for Key Custody Staff Exceptions reported to Service manager Service manager Exceptions reported to Assistant Director Each working day Monthly 8. EQUALITY IMPACT ASSESSMENT SCREENING The completed Equality Impact Assessment for the Key, Swipe Card and Electronic Fob Control Policy has been published on the Equality and Diversity webpage of the RDaSH Website as follows: EQUALITY AND DIVERSITY IMPACT ASSESSMENT 8.1 Privacy, Dignity and Respect The NHS Constitution states that all patients should feel that their privacy and dignity are respected while they are in hospital. High Quality Care for All (2008), Lord Darzi s review of the NHS, identifies the need to organise care around the individual, not just clinically but in terms of dignity and respect. As a consequence the Trust is required to articulate its intent to deliver care with privacy and dignity that treats all service users with respect. Therefore, all procedural documents will be considered, if relevant, to reflect the requirement to treat everyone with privacy, dignity and respect, (when appropriate this should also include how same sex accommodation is provided). Indicate how this will be met There are no additional requirements in relation to privacy, dignity and respect Page 10 of 13
11 8.2 Mental Capacity Act Central to any aspect of care delivered to adults and young people aged 16 years or over will be the consideration of the individuals capacity to participate in the decision making process. Consequently, no intervention should be carried out without either the individuals informed consent, or the powers included in a legal framework, or by order of the Court Therefore, the Trust is required to make sure that all staff working with individuals who use our service are familiar with the provisions within the Mental Capacity Act. For this reason all procedural documents will be considered, if relevant to reflect the provisions of the Mental Capacity Act 2005 to ensure that the interests of an individual whose capacity is in question can continue to make as many decisions for themselves as possible. Indicate How This Will Be Achieved. All individuals involved in the implementation of this policy should do so in accordance with the Guiding Principles of the Mental Capacity Act (Section 1) 9. LINKS TO OTHER PROCEDURAL DOCUMENTS This policy should be read and implemented in association with the following Trust policies: Security Policy 10. REFERENCES None 11. APPENDICES App.1 Sample Key Issue And Return Record Form Page 11 of 13
12 ROTHERHAM DONCASTER AND SOUTH HUMBER NHS FOUNDATION TRUST KEY ISSUE AND RETURN RECORD FORM FOR KEYS HELD AT (LOCATION OF KEY STORAGE) DATE KEY / BUNCH NUMBER NAME OF PERSON TAKING KEYS / BUNCH SIGNATURE OF PERSON TAKING KEYS / BUNCH TIME OUT TIME BACK CONFIRM RETURN INITIALS Page 12 of 13
13 DEFINITIONS AND NOTES DATE Date of issue of keys/bunch KEY/BUNCH NUMBER Could also be name of area if key is not numbered, it is a means of identifying the key/bunch NAME OF PERSON TAKING KEYS/BUNCH keys cannot be signed out on behalf of someone else. The person who takes the keys has responsibility for them. SIGNATURE OF PERSON TAKING BUNCH Must be signed for each time, to accept responsibility. TIME OUT Time the keys leave. TIME BACK Time the keys are returned, or the time the keys are removed from the key drop if present. CONFIRM RETURN INITIALS Initials of the key custody staff to confirm that they have custody of the keys again, and the keys are as issued. In the case of a bunch, all the keys are present. Page 13 of 13
POLICY FOR THE RECEIPT OF DONATIONS TO CHARITABLE FUNDS
POLICY FOR THE RECEIPT OF DONATIONS TO CHARITABLE FUNDS DOCUMENT CONTROL: Version: 3 Ratified by: Finance, Infrastructure and Business Development Group Date ratified: 18 October 2012 Name of originator/author:
More informationFinancial Procedures
Financial Procedures LOSSES AND SPECIAL PAYMENTS PROCEDURE DOCUMENT CONTROL: Version: 3 Ratified by: Finance Infrastructure and Business Development Group Date ratified: 22 August 2013 Name of originator/author:
More informationPOLICY. Use of Text Messages (SMS) to Communicate With Patients
POLICY Use of Text Messages (SMS) to Communicate With Patients DOCUMENT CONTROL: Version: 1 Ratified by: Risk Management Sub Group Date ratified: 30 April 2014 Name of originator/author: Information Governance
More informationScanning of Physical Documentation Policy
Scanning of Physical Documentation Policy DOCUMENT CONTROL: Version: 1 Ratified by: Risk Management Sub Group Date ratified: 17 February 2016 Name of originator/author: Records Manager Name of responsible
More informationData Quality Policy. DOCUMENT CONTROL: Version: 4.0
Data Quality Policy DOCUMENT CONTROL: Version: 4.0 Ratified By: Risk Management Sub Group Date Ratified 27 August 2013 Name of Originator/Author: Head of Information Services Name of Responsible Risk Management
More informationINFORMATION RISK MANAGEMENT POLICY
INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible
More informationASBESTOS CONTAINING MATERIALS POLICY
ASBESTOS CONTAINING MATERIALS POLICY Document Control Version 3 Ratified by Risk Management Sub Group Date Ratified 19 December 2012 Name of Originator/Author Head of Estates and Facilities Name of Responsible
More informationEXIT INTERVIEW AND QUESTIONNAIRE POLICY
EXIT INTERVIEW AND QUESTIONNAIRE POLICY DOCUMENT CONTROL: Version: 2 Ratified by: Human Resources & Organisational Development Policy and Planning Group Date ratified: 04 September 2014 Name of originator/author:
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationSecurity Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)
Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationThe Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3
Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationPersonal data - Personal data identify an individual. For example, name, address, contact details, date of birth, NHS number.
Background The Data Protection Act 1998 i came into force in March 2000 and is followed by all NHS employed staff via their policies and procedures. The act applies to all personal, identifiable information
More informationASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010
ASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010 OBJECTIVE This Security Plan (the Plan ) is intended to create effective administrative, technical and physical safeguards for the protection
More informationData Protection Policy
Data Protection Policy This policy applies to the national office of Special Olympics GB; athletes, volunteers, and paid staff its clubs and regions; all Special Olympics GB donors, sponsors, and supporters;
More informationSection 5 Identify Theft Red Flags and Address Discrepancy Procedures Index
Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...
More informationSecurity, Access Management and Key Control Policy and Procedures
1 Policy Security, Access Management and Key Control Policy 1.1.1 The goal of the Vice President, Business Affairs and Facilities and Services is to provide a safe, comfortable, secure learning environment
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationGrasmere Primary School Asset Management Policy
Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the
More informationTRUST SECURITY MANAGEMENT POLICY
TRUST SECURITY MANAGEMENT POLICY EXECUTIVE SUMMARY The Board recognises that security management is an integral part of good, effective and efficient risk management practise and to be effective should
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationCITY UNIVERSITY OF HONG KONG Physical Access Security Standard
CITY UNIVERSITY OF HONG KONG (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification Publication
More informationHow To Manage Keys At Trent University
POLICY ACCESS CONTROL Category: Approval: Responsibility: Date: Operations & Governance PVP Vice President Administration Date initially approved: September 1, 2005 Date of last revision: April 2012 Definitions:
More informationStandard Operating Procedure (SOP) Telephone text messaging service for Young People within Children Young People and Families, 5-19 pathway
Standard Operating Procedure (SOP) Telephone text messaging service for Young People within Children Young People and Families, 5-19 pathway DOCUMENT CONTROL: Version: 1.2 Ratified by: Clinical Quality
More informationInformation Security Policy for Associates and Contractors
Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...
More informationOFFICE OF THE PREMIER ACCESS CONTROL POLICY
OFFICE OF THE PREMIER ACCESS CONTROL POLICY - 1 THE ACCESS CONTROL POLICY 1. Purpose 1.1 To propose for the introduction of an ID card policy for the Office of the Premier. 2. Background 2.1 The Office
More informationResident Rights in Nursing Homes
Resident Rights in Nursing Homes Nursing home residents have patient rights and certain protections under the law. The nursing home must list and give all new residents a copy of these rights. Resident
More informationMethod Statement Reception Services
CONFORMED COPY Method Statement Revision History Revision Date Reviewer Status 19 th March 2007 Project Co Final Version Table of Contents 1 Objectives... 3 2 Management Supervision and Organisation Structure...
More informationPersonal Information Protection Act (PIPA) Privacy & Landlord - Tenant Matters Frequently Asked Questions
Personal Information Protection Act (PIPA) Privacy & Landlord - Tenant Matters Frequently Asked Questions Are landlords in Alberta bound by privacy law? Yes. The Personal Information Protection Act (PIPA)
More informationPOLICY TEMPLATE. Date initially approved: November 5, 2013 Date of last revision: same
POLICY TEMPLATE Video Surveillance Category: Approval: Responsibility: Date: Operations PVP VP Finance and Administration Date initially approved: November 5, 2013 Date of last revision: same Definitions:
More informationSecurity guidance for all existing or prospective Home Office Controlled Drug Licensees and/or Precursor Chemical Licensees or Registrants
2014 Security guidance for all existing or prospective Home Office Controlled Drug Licensees and/or Precursor Chemical Licensees or Registrants This document provides general advice and guidance on security
More informationHIPAA and You The Basics
HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information
More informationA common sense guide to the Data Protection Act 1998 for volunteers
A common sense guide to the Data Protection Act 1998 for volunteers Why is it necessary? The Data Protection Act 1998 is a law introduced to control the way information held about individuals is handled
More informationSLMS IDHS Remote Working Procedures and Approval
London s global university SLMS IDHS Remote Working Procedures and Approval Document information Document name SLMS-IG21 Remote Working Procedures and Approval Author Shane Murphy Issue date 02/08/2013
More informationThe Newcastle upon Tyne Hospitals NHS Foundation Trust. Occupational Health Records Management and Retention Operational Policy
The Newcastle upon Tyne Hospitals NHS Foundation Trust Occupational Health Records Management and Retention Operational Policy Version No. 1.0 Effective From: 9 October 2013 Expiry Date: 30 September 2016
More informationIslington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014
Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document
More informationWest Byfleet Nursery Accident and Incident Policy
West Byfleet Nursery Accident and Incident Policy Aim The aim of this policy is to outline procedures to deal with any incident or accident related to the pre-school in a calm, professional and safe manner.
More information11 MEDICATION MANAGEMENT
1 11 MEDICATION MANAGEMENT OVERVIEW OF MEDICATION MANAGEMENT Depending on the size, structure and functions of the health facility, there may be a pharmacy with qualified pharmacists to dispense medication,
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationPhysical Security Policy Template
Physical Security Policy Template The Free iq Physical Security Policy Generic Template has been designed as a preformatted framework to enable your Practice to produce a Policy that is specific to your
More informationSecure Storage, Communication & Transportation of Personal Information Policy Disclaimer:
Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011
More informationLAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationInformation Technology Security Policies
Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationInformation Incident Management Policy
Information Incident Management Policy Change History Version Date Description 0.1 04/01/2013 Draft 0.2 26/02/2013 Replaced procedure details with broad principles 0.3 27/03/2013 Revised following audit
More informationYour Identity Card Number And Your Privacy
Your Identity Card Number And Your Privacy INTRODUCTION The Code of Practice on the Identity Card Number and Other Personal Identifiers ( the Code ) has been issued by the Privacy Commissioner for Personal
More informationGuideline on Access Control
CMSGu2011-08 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Access Control National Computer Board Mauritius Version 1.0
More informationStudents are expected to have regard to this policy at all times to protect the ipads from unauthorised access and damage.
Penrice Academy Acceptable Use Policy for Mobile Digital Devices including ipads September 2014 Date of Review: May 2015 Introduction Penrice Academy ( The Academy ) may grant a licence to use ipads or
More informationService Continuity Planning. A Guide for Community Pharmacists
Service Continuity Planning England, Wales and Scotland This guide is aimed primarily at community pharmacists, though the principles will be appropriate to practice within secondary care. However, most
More informationVersion 1.0. Ratified By
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience
More informationBARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY
Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationPCI Data Security. Information Services & Cash Management. Contents
PCI Data Security Information Services & Cash Management This self-directed learning module contains information you are expected to know to protect yourself, our patients, and our guests. Target Audience:
More informationAcceptable Usage Guidelines. e-governance
Acceptable Usage Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type
More informationPOLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL
POLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL CCTV cameras are now a familiar sight throughout the country. They are one of the many measures being introduced to help prevent
More informationPhysical and Environment IT Security Standards
Physical and Environment IT Security Standards Author s Name: Jo Brown Author s Job Title: Head of Technical Services Division: Corporate Department: Technical Services Version Number: 1.0 Ratifying Committee:
More informationMEETINGS. Application for Hire
MEETINGS Application for Hire HIRING INFORMATION ACON s Meeting Centre at 414 Elizabeth Street, Surry Hills has a range of multi-purpose meeting rooms that are made available to groups and organisations
More informationEASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES
EASTERN OKLAHOMA STATE COLLEGE ACCEPTING AND HANDLING CREDIT AND DEBIT CARD PAYMENTS POLICIES AND PROCEDURES This document describes Eastern Oklahoma State College s policy and procedures for the proper
More informationModel Quality Management System
Model Quality Management System For NZ Transport Agency-appointed Warrant of Fitness and Certificate of Fitness Inspecting Organisations UPDATED: 30 OCTOBER 2014 Model Quality Management System 1 November
More informationDavid Jones Storecard and David Jones American Express Card Member Agreement, Financial Services Guide and Purchase Protection. Terms and Conditions
David Jones Storecard and David Jones American Express Card Member Agreement, Financial Services Guide and Purchase Protection Terms and Conditions Issued May 2016 DAVID JONES STORECARD AND DAVID JONES
More informationCode of Practice on the Identity Card Number and other Personal Identifiers Compliance Guide for Data Users
Code of Practice on the Identity Card Number and other Personal Identifiers Compliance Guide for Data Users INTRODUCTION What does the code of practice cover? The code of practice gives practical guidance
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationPolicies & Procedures
2.2 Drug Free Work Place Adopted 1.24.2003 Revised 3.28.2004; 5.26.2006; 3.2.2011 Reference: WAC 388.805.200(3) POLICY In accordance with "The Drug Free Workplace Act of 1988, The Healing Lodge prohibits
More informationData Security Breach Incident Management Policy
Data Security Breach Incident Management Policy Contents 1. Background... 1 2. Aim... 1 3. Definition... 2 4. Scope... 2 5. Responsibilities... 2 6. Data Classification... 2 7. Data Security Breach Reporting...
More informationLouisiana State University School of Medicine at Shreveport
Louisiana State University School of Medicine at Shreveport Policy Date Updated Page Compliance Policy Summary -- 2 Vendor Solicitation Policy 4/1/2011 8 Drug Samples 7/1/2010 11 Continuing Medical Education
More informationInternal Control Guide & Resources
Internal Control Guide & Resources Section 5- Internal Control Activities & Best Practices Managers must establish internal control activities that support the five internal control components discussed
More informationTameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
More informationAnnual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance
Annual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance Information Privacy and IT Security & Compliance The information in this module in addition to the
More informationPhysical Security Policy
Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security
More informationAccess Control Regulations
Access Control Regulations 6 August 2008 1 TABLE OF CONTENTS I. Regulations... 3 II. Introduction... 3 III. Definitions... 3 IV. Single Access Control Alarm Coordinator (SACC)... 4 V. Access to Closed
More informationPOLICY & PROCEDURE DOCUMENT NUMBER: 3.3101. DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants
POLICY & PROCEDURE DOCUMENT NUMBER: 3.3101 DIVISION: Finance & Administration TITLE: Policy & Procedures for Credit Card Merchants DATE: October 24, 2011 Authorized by: K. Ann Mead, VP for Finance & Administration
More informationNHS Central London Clinical Commissioning Group. Retention of Corporate Records Policy. Page 1 of 11
NHS Central London Clinical Commissioning Group Retention of Corporate Records Policy Page 1 of 11 Document Control Document Location The source of this document will be found in Version Author Comments/Summary
More informationBUSINESS CONTINUITY MANAGEMENT POLICY
BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationThe Leeds Teaching Hospitals NHS Trust. Research & Development Department DATA PROTECTION IN RESEARCH GUIDANCE NOTES FOR RESEARCHERS
The Leeds Teaching Hospitals NHS Trust Research & Development Department DATA PROTECTION IN RESEARCH GUIDANCE NOTES FOR RESEARCHERS 1. Introduction The Research Governance Framework for Health & Social
More informationPolicy Name: Data Protection. Nominated Lead Member of Staff: ICT Manager. Status: Review Cycle: 2 Years. Authorisation: Governing Body
Policy Name: Data Protection Nominated Lead Member of Staff: ICT Manager Status: Review Cycle: 2 Years Authorisation: Governing Body Review Date: June 2017 Data Protection Policy The Governing Body of
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationElectronic Fund Transfers Disclosure
Electronic Fund Transfers Disclosure The Electronic Fund Transfers we are capable of handling for consumers are indicated below, some of which may not apply to your account. Some of these may not be available
More informationSCHEDULE 18. Premises. This Schedule 18 sets out certain terms relating to the Service Provider s Premises.
Business Operations- Schedule 18 (Premises) SCHEDULE 18 Premises This Schedule 18 sets out certain terms relating to the Service Provider s Premises. 1. Service Provider's Premises The following provisions
More informationUK SBS Physical Security Policy
UK SBS Physical Security Policy Version Date Author Owner Comments 1.0 16 June 14 Head of Risk, Information and Security Compliance (Mel Nash) Senior Information Risk Owner (Andy Layton) Ist Issue following
More informationAylesford School. and Sixth Form College. wonder aspiration respect discipline RISK MANAGEMENT POLICY. Finance and Premises Committee
Aylesford School and Sixth Form College wonder aspiration respect discipline RISK MANAGEMENT POLICY Written: January 2015 Review Date: January 2017 Lead: Site Manager Via: Finance and Premises Committee
More informationHIPAA Policies and Procedures
HIPAA Policies and Procedures William T. Chen, MD, Inc. General Rule 164.502 A Covered Entity may not use or disclose PHI except as permitted or required by the privacy regulations. Permitted Disclosures:
More informatione-safety Policy for Hertsmere Jewish Primary School
e-safety Policy for Hertsmere Jewish Primary School Reviewed by: Mrs R Wolman, Miss C Stephens and Miss G Geffin Reviewed on: February 2015 Date of Next Review: February 2016 Policy Review This policy
More informationState University of New York at Canton Institutional Review Board. Sample Informed Consent Document
State University of New York at Canton Institutional Review Board Sample Informed Consent Document The following sample informed consent document includes instructions to the person writing the document,
More informationPhysical Security Policy
London School of Economics & Political Science Physical Security Policy Final Draft: 06/11/12 Approved by Estates Strategy Committee: 22/05/13 Next Review Date: 22/05/14 London School of Economics Physical
More informationBoys and Girls Clubs of Kawartha Lakes B: Administration B4: Information Management & Policy: Privacy & Consent Technology
Effective: Feb 18, 2015 Executive Director Replaces: 2010 Policy Page 1 of 5 REFERENCE: HIGH FIVE 1.4.3, 2.2.4, 2.5.3, PIDEDA POLICY: Our Commitment Boys and Girls Clubs of Kawartha Lakes (BGCKL) and the
More informationDenver Public Schools - East High School
Denver Public Schools - East High School Return this page to the Technology Department in room 230 Electronic Web Access Agreement for Viewing Student Information via DPS Infinite Campus Parent/Student
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationStandard Operating Procedure. Secure Use of Memory Sticks
Standard Operating Procedure Secure Use of Memory Sticks DOCUMENT CONTROL: Version: 2.1 (Amendment) Ratified by: Finance, Infrastructure and Business Development Date ratified: 20 February 2014 Name of
More informationGood Practice in Records Management and Information Security
Good Practice in Records Management and Information Security BELB LJ Schools 2013 How Valuable are Records & Documents? Valuable only because of the information they contain. Usable if they can be accessed
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More information2.0 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI-DSS)
CSU, Chico Credit Card Handling Security Standard Effective Date: July 28, 2015 1.0 INTRODUCTION This standard provides guidance to ensure that credit card acceptance and ecommerce processes comply with
More informationInformation Technology
Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing
More informationData Protection and Information Security Policy and Procedure
Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More information