Remote Access and Home Working Policy London Borough of Barnet
|
|
- Hubert Parker
- 8 years ago
- Views:
Transcription
1 Remote Access and Home Working Policy London Borough of Barnet DATA PROTECTION 11
2 Document Control POLICY NAME Remote Access and Home Working Policy Document Description This policy applies to home and remote working and remote access of the London Borough of Barnet (LBB) network. Document Author 1) Team and 2) Officer and contact details Status 1) Information Management Team 2) Lucy Martin, ext: 2029 Live Version 2.0 (Live/ Draft/ Withdrawn) Last Review Date June 2015 Next Review Due Date August 2016 Approval Chain: Head of Information Management Date Approved August 2015 Version Control Version no. Date Author Reason for New Version /10/13 Rachel Simon, Information Projects Assistant New policy /03/14 Victoria Blyth Review to incorporate business continuity and ownership of devices /06/15 Lucy Martin Rename from Remote Working Policy to Remote Access and Home Working Policy. Annual review & removal of requirement for authorisation to take equipment off site. Considerable changes made. DATA PROTECTION 11
3 Contents 1. Introduction Purpose and scope Remote / Home Working Remote Access Methods of remote access VPN on your LBB tablet or laptop Citrix on your LBB tablet or laptop Information security Confidentiality Electronic storage Taking paper records out of the office Data and devices in transit Working in public locations Network access overseas Responsibilities and liability Data incidents Insurance Business Continuity Policy review Additional policies and guidance DATA PROTECTION 21
4 1. Introduction The council provides officers with the ability and opportunity to work remotely and from home as and when appropriate to your role. This aligns with the council s vision to enable staff to work smarter, with greater flexibility and efficiency through the implementation of Smarter Working. Whilst clear benefits are recognised by increasing the use of mobile devices and working from home, we all need to be mindful of the additional security challenges and risks which will present themselves. This policy should be read in conjunction with the HR issued Home Working Policy, available under HR policies on the intranet. The HR Policy covers elements such as Health and Safety and insurance, which are not specifically addressed in this policy. This document forms part of the wider suite of Information Management policies concerning information management and security and must be adhered to at all times. 2. Purpose and scope This policy applies to all home and remote working arrangements including the remote access of the London Borough of Barnet (LBB) network. The purpose of this policy is to protect the information assets owned and used by the council; to protect other services or networks (to which the council is connected) from misuse; and to comply with all regulatory, legislative and internal policy requirements. This policy applies to all employees, Members, temporary staff, partners and any authorised third parties (suppliers and contractors) who have been permitted access to council data and / or users of computer services and equipment that are provided by LBB, or its ICT providers. Referred throughout the policy as officers or users. This policy is underpinned by risk management and users must be aware of and take mitigating actions to address any areas of risk. The user is responsible for ensuring confidentiality of work information outside the office (aside from IS related risks eg damage or loss of information due to malware, virus etc). Users are responsible for the safe usage and security of equipment, and records and systems in their possession. 3. Remote / Home Working Remote working may involve paper records or use of electronic devices to access the LBB network. You may only use a corporately managed machine (either owned or authorised by the London Borough of Barnet) to work on council information, to access council systems and the LBB network. 4
5 Users are reminded that corporately issued ICT equipment remains the property of LBB. Further guidance regarding acceptable ICT usage can be located in the Acceptable Use Policy. Examples of remote working situations include: Home working (formal or ad hoc arrangements) Working when on the move (eg on a train, during site visits) Working at rest (eg in a library) Working from the premises of customers, clients, delivery partners, contractors, or any other organisations. 4. Remote Access Remote access is where users gain access to the LBB network, their accounts, its systems and resources from remote locations. This must be via corporately managed devices, through the use of corporate BlackBerrys or smart phones, or corporately owned tablets (ipad) or laptops. In normal circumstances you should not attempt access from personally owned computers or other personally owned devices which are not specifically authorised. Any such attempt is a breach of policy. See section 11 Business Continuity for exceptions Methods of remote access You need to be connected to the internet to be able to access the LBB network remotely. You may use a home broadband or a public wireless network and an LBB corporate device. You may not attempt to access the LBB network using a non-approved device as this poses a security risk. The network can be accessed from a home broadband or a public wireless via VPN (Virtual Private Network) on LBB tablets or laptops or via the Citrix system on LBB tablets/laptops (to connect to the council s thin client (Citrix) remote access service).. You will have to provide your username, and a numeric pass-code followed by the numeric code generated by your RSA token. The RSA token is a small device which is used to provide staff with a high level of security access eg authentication of the person accessing the network, together with additional numeric pass-code. Take good care of the token and ensure you do not store your password and pass-code together. There is a charge if the device is lost and any loss must be reported immediately to the IT Service Desk as detailed in the Acceptable Use Policy. The VPN or Citrix client will check that the device you are using has the requisite level of anti-virus and that it meets the council s security requirements. Without this you will not gain access to the network. Should your device be subject to malware or virus attack while you are logged in to the LBB network the connection to the network may be dropped and you may be prevented from further access. Contact the IT Servicedesk if you suspect this has happened. 5
6 4.2. VPN on your LBB tablet or laptop See the user guide for accessing the network via Virtual Private Network (VPN). Contact IS service desk should you need a copy of this guide. VPN enables connection to the network using a private, exclusive link. With VPN, privacy is achieved by encryption, so when information leaves a computer/tablet it is encrypted. It is then sent via a private tunnel/pathway across the internet to a recipient computer /tablet where it is de-coded and received. No one can read the data whilst it is being transmitted, or change it in anyway. VPN should be the preferred method of connection for officers Citrix on your LBB tablet or laptop Citrix is a software client that lets you access the LBB network and your account, with all applications, and data. This is a virtualised version of your desktop, and a secure workspace. You can access the Citrix receiver via the Office Citrix icon pre-installed on your corporate device. If you cannot find this on your device contact the IS service desk for installation. 5. Information security Officers working at home or remotely are responsible for ensuring that all council information (both paper and electronic) is kept confidential and secure to prevent access by a third party. Even though you working in a different environment and aren t in the office, you are still required to adhere to all Information Management policies. Some key principles and guidance, specific to remote and home working are outlined below. For home working it is recommended that the work area of the house should be kept separate from the rest of the household. Always lock your laptop when leaving it unattended When leaving the house (even for a short period), your laptop must be shut down and all paperwork put away out of sight. Equipment should not be left where it would attract the interests of the opportunist thief. In the home it should also be located out of sight of the casual visitor, and paper record kept separate from valuables. VPN fobs / authentication tokens should be kept in a separate location from your laptop. 6
7 5.1. Confidentiality Never leave information accessible to other people eg family members, visitors, or members of the public. Paper files must be put away in a secure cabinet when not in use in the home. Where lockable cabinets are not available in the home, ensure all papers are kept out of sight and away from valuables. Refer to the Paper records Secure Handling and Transit Policy. Where printing facilities are available to you, ensure you do not leave papers lying on the printer and always clear paper jams so as not to inappropriately disclose information to others. Take care when making or receiving phone calls when working remotely. Be aware of what others close by may overhear Electronic storage Do not or divert s to a personal address in order to work on them remotely. Do not create or attempt to transfer council data on to your own home computer. Do not use USB data sticks, CDs or other removable media as portable temporary storage for electronic files and documents unless they have been appropriately encrypted. The Acceptable Use Policy provides further detail and must be followed at all times Taking paper records out of the office Confidential documents/materials or documents containing personal information, must not be taken out of the office without specific authorisation from a line manager. Taking paper records/hard copy material off-site should only happen when it is absolutely essential to do so and there is no alternative method for accessing the information or undertaking the work. Records should not be taken off-site just because it is convenient to do so. Where papers records/hard copy material have to be taken off-site, only the minimum amount of personal or other confidential data necessary for the job in hand should be removed and, where possible, data should be anonymised. The Paper Records Secure Handling and Transit Policy must be followed at all times Data and devices in transit Always shut down your device when in transit (even when only travelling for short journeys), to ensure encryption is engaged and the device is properly protected. Don t leave bags or cases containing paper files / tablet visible in a car; if it is unavoidable to store paper records/hard-copy material in a car, lock them in the boot. 7
8 Never leave your device or papers unattended on view in a vehicle. The council s equipment insurance does not cover incidences where tablets have been left in an unattended vehicle. If you do have to leave the device in a vehicle it must be locked in the boot. When travelling on public transport keep your bag/case containing council assets close by at all times. Items should not be placed in luggage racks or storage areas, as this increases the possibility of theft or the misplacing of the item. 6. Working in public locations When work is required to be done in any public environment care should be taken to ensure that no bystander could overlook any information displayed on the device or any user input (especially passwords). Consider purchasing a privacy screen for your laptop for use when working in a public place. The security and confidentiality of data and equipment must be considered at all times. Working in crowded locations (coffee shops for example) is inadvisable, and it is not recommended to access personal data unless absolutely necessary. 7. Network access overseas Access to the network when overseas: if a situation arises in which users need to take their device out of the UK they must first check with IS if this is appropriate, as it may put council information and the council network at risk. Some countries are banned from connecting to Public Services Network connected networks. Certain countries may confiscate encrypted devices on entry and/or force a user to enter passwords and bypass security. Confiscated devices may not be returned. Please contact the IT service desk itservicedesk@barnet.gov.uk to discuss your requirements and have roaming enabled on your device. 8. Responsibilities and liability Officers Officers must ensure they have line management approval to work remotely or from home. You are responsible for adopting appropriate and necessary security measures; ensuring that all council information (both paper and electronic) is kept confidential and secure to prevent access by a third party. Whilst working with council data, whether remotely or at home you are required to abide by all Information Management policies to ensure information is appropriately protected. 8
9 You are responsible for identifying to your line manager/hiring manager any concerns with work processes or other local arrangements that prevent you complying with this or any other IM policy. Line/hiring managers are responsible for ensuring that users are supported in complying with this policy. Line Managers You are responsible for ensuring your team members have appropriate mechanisms in place to minimise the potential loss/damage of council paperwork / documentation whilst in the home. You may need to agree that the provision of additional equipment will be necessary e.g. fire and tamper proof boxes, lockable filing cabinets or privacy screens for mobile devices, to ensure areas of risk are mitigated. 9. Data incidents The loss of a council owned device, such as laptop, ipad, tablet or BlackBerry, or a loss of paperwork whilst working at home or remotely must immediately be reported to: Your line manager IT Servicedesk on Information Management Team data.protection@barnet.gov.uk or call the police (obtain a crime reference number from the police, as this will be required for claim purposes) Insurance team on (only for the loss of equipment) Timeliness of reporting is vital to ensure measures are put in place to contain and mitigate any security risks or data loss. Every incident must be reported, logged and investigated as soon as it occurs. The Security and Data Protection Incident Management Policy on the intranet has full details of how to handle the loss or theft of council hardware or information. 10. Insurance The council s Employers and Public Liability Insurance arrangements will cover home and remote working in the same way as other employees. See the HR issued Home Working Policy, available under HR policies on the intranet for further details. Council property insurance will cover all council provided equipment and works on an "all risks" basis subject to policy terms and conditions. Tablets etc will be covered in transit and at home, unless left in an unattended vehicle. 9
10 Users shall not incur any liability provided that they take reasonable care of the property. 11. Business Continuity On a day to day basis the use of personally owned equipment or personal accounts for council business is forbidden. If working from home is required on either a regular or ad hoc basis this should only be conducted on council equipment. However, during business continuity incidents such as building failures or extreme weather it may be accepted that some council business could be conducted on personal equipment. Line Managers should discuss these requirements with IMT and seek appropriate sign-off as and when needed. Personal information must only be dealt with when absolutely necessary and not for the sake of convenience. Sensitive personal data (as defined by the Data Protection Act 1998, such as medical or equalities information) should never be sent to or processed using non-council provided equipment. Any use of personal accounts for business continuity purposes should copy in your work account to ensure that the council has an appropriate record of its business. Council data must be deleted from personal equipment and accounts as soon as the necessity to use personal equipment is over. It is expected that users will prepare for expected events such as tube strikes or forecast bad weather and take equipment home with the approval of their line manager if it is expected that attendance at work would not be possible. Users should still abide by this policy and the Acceptable Use Policy during business continuity incidents, and seek appropriate approval when exceptions to policy are required. 12. Policy review This policy will be reviewed on an annual basis or sooner as is required e.g. where there are changes in legislation, or recommended changes to improve best practice. 13. Additional policies and guidance This policy forms part of a suite of Information Management policies which are all available on the intranet. The policies provide further guidance on council information standards, data security and working practices which must be adhered to. 10
11 Further advice and guidance for staff is available from the Information Management Team. Address: Information Management Team London Borough of Barnet Building 2, North London Business Park Oakleigh Road South London N11 1NP Any additional advice or guidance regarding network access, connectivity and device related assistance is available from the IT Servicedesk. Tel No: (020)
SECURITY POLICY REMOTE WORKING
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices
More informationInformation Security Policy London Borough of Barnet
Information Security Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Document Description Information Security Policy Policy which sets out the council s approach to information
More informationData Protection and Information Security. Data Security - Guidelines for the use of Personal Data
Data Protection and Information Data - Guidelines for the use of Personal Data Page 1 of 10 Created on: 21/06/2013 Contents 1. Introduction... 3 2. Definitions... 3 4. Physical... 4 5 Electronic... 6 6
More informationPAPER RECORDS SECURE HANDLING AND TRANSIT POLICY
PAPER RECORDS SECURE HANDLING AND TRANSIT POLICY CORPORATE POLICY Document Control Title Paper Records Secure Handling and Transit Policy Author Information Governance Manager ** Owner SIRO/CIARG Subject
More informationREMOTE WORKING POLICY
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
More informationIxion Group Policy & Procedure. Remote Working
Ixion Group Policy & Procedure Remote Working Policy Statement The Ixion Group (Ixion) provide laptops and other mobile technology to employees who have a business requirement to work away from Ixion premises
More informationBARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY
Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March
More informationAcceptable Use Guidelines
Attachment to the Computer and Information Security and Information Management Policies Acceptable Use Guidelines NZQA Quality Management System Supporting Document Purpose These Acceptable Use Guidelines
More informationCCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationData Transfer Policy. Data Transfer Policy London Borough of Barnet
Data Transfer Policy Data Transfer Policy London Borough of Barnet Document Control POLICY NAME Data Transfer Policy Document Description Policy surrounding data transfers (electronic and paper based).
More informationInformation Management Handbook for Schools. Information Management Handbook for Schools London Borough of Barnet
Information Management Handbook for Schools London Borough of Barnet Document Name Document Description Information Management Handbook for Schools This document is intended for use by Barnet Borough Schools.
More informationWhy do we need to protect our information? What happens if we don t?
Warwickshire County Council Why do we need to protect our information? What happens if we don t? Who should read this? What does it cover? Linked articles All WCC employees especially mobile and home workers
More informationCentral Bedfordshire Council. IT Acceptable Use Policy. Version 1.7 January 2016 Not Protected. Not Protected Page 1 of 11
Central Bedfordshire Council IT Acceptable Use Policy Version 1.7 January 2016 Not Protected Not Protected Page 1 of 11 Policy Approval Central Bedfordshire Council acknowledges that information is a valuable
More informationMobile Devices Security Policy
Mobile Devices Security Policy 1.0 Policy Administration (for completion by Author) Document Title Mobile Devices Security Policy Document Category Policy ref. Status Policy Unique ref no. Issued by GSU
More informationInformation Security Incident Management Policy September 2013
Information Security Incident Management Policy September 2013 Approving authority: University Executive Consultation via: Secretary's Board REALISM Project Board Approval date: September 2013 Effective
More informationABERDARE COMMUNITY SCHOOL
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
More informationLAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationSERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0
SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY
More informationPortable Devices and Removable Media Acceptable Use Policy v1.0
Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working
More informationPS177 Remote Working Policy
PS177 Remote Working Policy January 2014 Version 2.0 Statement of Legislative Compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data Protection
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Rev Date Purpose of Issue/ Description of Change Equality Impact Assessment Completed 1. June 2011 Initial Issue 2. 29 th March 2012 Second Version 3. 15 th April 2013 Third
More informationRemote Working and Portable Devices Policy
Remote Working and Portable Devices Policy Policy ID IG04 Version: V1 Date ratified by Governing Body 29/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review
More informationDATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff
DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has
More informationGuidelines. London School of Economics & Political Science. Remote Access and Mobile Working Guidelines. Information Management and Technology
London School of Economics & Political Science Information Management and Technology Guidelines Remote Access and Mobile Working Guidelines Jethro Perkins Information Security Manager Summary This document
More informationConsumer Device Policy (Smartphones / Tablets) BYOD (Bring Your Own Device)
Consumer Device Policy (Smartphones / Tablets) BYOD (Bring Your Own Device) Policy Number: 422 Supersedes: - Standards For Healthcare Services No/s 1, 5, 19 New Version Date Of Reviewer Completed Date
More informationInformation Security Policy for Associates and Contractors
Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...
More informationAcceptable Use of ICT Policy. Staff Policy
Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.
More informationUniversity of Brighton School and Departmental Information Security Policy
University of Brighton School and Departmental Information Security Policy This Policy establishes and states the minimum standards expected. These policies define The University of Brighton business objectives
More informationInformation Technology Acceptable Usage Policy
Information Technology Acceptable Usage Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly
More informationInformation Security Incident Management Policy
Information Security Incident Management Policy Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT Policy & Regulation
More informationINFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationInformation Security Incident Reporting & Investigation
Information Security Incident Reporting & Investigation Purpose: To ensure all employees, consultants, agency workers and volunteers are able to recognise an information security incident and know how
More informationNHS FORTH VALLEY Information Governance Remote Working Guidance
NHS FORTH VALLEY Information Governance Remote Working Guidance Date of First Issue 09 / 12 / 2011 Approved 12 / 09 / 2013 Current Issue Date 12 / 09 / 2013 Review Date 01 / 12 / 2015 Version V 3.2 EQIA
More informationPRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800
PRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800 ADMINISTRATIVE POLICY NO. 511 IMPLEMENTATION JANUARY 2014 EMPLOYEE ACCEPTABLE USE POLICY
More informationHP Laptop & Apple ipads
Shalom College Student 1:1 Laptop & ipad Program HP Laptop & Apple ipads Policy and Guidelines Booklet TABLE OF CONTENTS 1. Educational Opportunities of A 1 to 1 Laptop & ipad Program... 2 2. Overview
More informationSecurity Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)
Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How
More informationSenior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES
Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the
More informationIslington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014
Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document
More informationPolicy Document. IT Computer Usage Policy
Policy Document IT Computer Usage Policy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Author IT Services Manager Version 4.1 Issue Issue Date
More informationBring Your Own Device (BYOD) for Staff and Visitors
Bring Your Own Device (BYOD) for Staff and Visitors Version 1.01 01.16 Created April 2015 Reviewed by Education and staffing Committee 21.01.16 Review Cycle Triennial Next review September 2019 Source
More informationData and Information Security Policy
St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration
More informationPolicy Document. IT Infrastructure Security Policy
Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT
More informationPolicy: Remote Working and Mobile Devices Policy
Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014
More informationSecure Storage, Communication & Transportation of Personal Information Policy Disclaimer:
Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011
More informationConnolly Primary School An Independent Public School
Connolly Primary School An Independent Public School Information & Communication Technologies Policies & Procedures Excellence Learning Innovation Care ICT Contents Roles & Responsibilities Internet Use
More informationSomerset County Council - Data Protection Policy - Final
Organisation Title Author Owner Protective Marking Somerset County Council Data Protection Policy - Final Peter Grogan Information Governance Manager Unclassified POLICY ON A PAGE Somerset County Council
More informationAppendix 1b. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA. Review of Mobile Portable Devices Management
Appendix 1b DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA Review of Mobile Portable Devices Management DISTRIBUTION LIST Audit Team David Esling, Head of Audit and Assurance
More informationRemote Access Policy
BASINGSTOKE AND NORTH HAMPSHIRE NHS FOUNDATION TRUST Remote Access Policy Summary This is a new document which sets out the policy for remote access to the Trust s network and systems. Remote access is
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationSOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011
SOUTH NORTHAMPTONSHIRE COUNCIL 10/11 REMOTE WORKING FINAL REPORT MARCH 2011 This report and the work connected therewith are subject to the Terms and Conditions of the contract dated 18/06/07 between South
More informationINFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY
Information Management & Technology Security Policy INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY POLICY NO IM&T 003 DATE RATIFIED October 2010 NEXT REVIEW DATE October 2013 POLICY STATEMENT/KEY
More informationHow To Audit Health And Care Professions Council Security Arrangements
Audit Committee 28 Internal audit report ICT Security Executive summary and recommendations Introduction Mazars has undertaken a review of ICT Security controls, in accordance with the internal audit plan
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationCellular/Smart Phone Use Procedure
Number 1. Purpose This procedure is performed as a means of ensuring the safe and efficient use of cell/smart phones throughout West Coast District Health Board (WCDHB) facilities. 2. Application This
More informationRemote Broadband Access (RBA3) Hertfordshire County Council. vworkspace Client Install
Remote Broadband Access (RBA3) vworkspace Client Install Introduction... 3 1 Policy... 3 2 The two ways of accessing RBA3 SecurEnvoy & RSA SecurID Fob.... 3 2.1 SecurEnvoy... 3 2.2 RSA SecurID Fob (Only
More informationHighland Council Information Security Policy
Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...
More informationICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation
ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette
More informationCorporate Information Security Management Policy
Corporate Information Security Management Policy Signed: Chief Executive. 1. Definition of Information Security 1.1. Information security means safeguarding information from unauthorised access or modification
More informationPhysical Security Policy
Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security
More informationThe Bishop s Stortford High School Internet Use and Data Security Policy
Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable
More informationMerthyr Tydfil County Borough Council. Information Security Policy
Merthyr Tydfil County Borough Council Information Security Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of
More informationHR Guide: Agile Working Version: 1.0
HR Guide: Agile Working Version: 1.0 Contents Section 1 Introduction to Agile Working Section 2 What are the Aims of Agile Working Section 3 Can all employees undertake Agile Working? Section 4 How do
More informationAuthorised Acceptable Use Policy 2015-2016. Groby Community College Achieving Excellence Together
Groby Community College Achieving Excellence Together Authorised Acceptable Use Policy 2015-2016 Reviewed: Lee Shellard, ICT Manager: May 2015 Agreed: Leadership & Management Committee: May 2015 Next review:
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationSection 5 Identify Theft Red Flags and Address Discrepancy Procedures Index
Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...
More informationPolicy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.
London School of Economics & Political Science IT Services Policy Remote Access Policy Jethro Perkins Information Security Manager Summary This document outlines the controls from ISO27002 that relate
More informationData Transfer Policy London Borough of Barnet
London Borough of Barnet DATA PROTECTION 11 Document Control Document Description Data Transfer Policy Version v.2 Date Created December 2010 Status Authorisation Name Signature Date Prepared By: IS Checked
More informationMobile Security Standard
Mobile Security Standard Title Mobile Security Standard Mobile Device Security Category Version: 18/07/2013 PUBLISHED Author:, IT Services Contact: itsecurity@contacts.bham.ac.uk Mobile Security Standard
More informationHang Seng HSBCnet Security. May 2016
Hang Seng HSBCnet Security May 2016 1 Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationSchool of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy
School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy Page 1 of 10 Contents 1 Preamble...3 2 Purpose...3 3 Scope...3 4 Roles and responsibilities...3
More informationCorporate Affairs Overview and Scrutiny Committee
Agenda item: 4 Committee: Corporate Affairs Overview and Scrutiny Committee Date of meeting: 29 January 2009 Subject: Lead Officer: Portfolio Holder: Link to Council Priorities: Exempt information: Delegated
More informationProtection of Computer Data and Software
April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal
More informationRemote Working - Remote and Mobile Computing Policy. Purpose 3. Strategic Aims 3. Introduction 3. Scope 5. Responsibilities 5.
Brigade Order Human Resources Brigade Order 3 Part 5 Section Title Remote Working - Remote and Mobile Computing Policy Contents No. Purpose 3 Strategic Aims 3 Introduction 3 Scope 5 Responsibilities 5
More informationWashwood Heath Academy Use by staff of private communication devices policy
As a learning community, Washwood Heath Academy wants all staff and students to be able to be safe users of ICT and all data storage. The development of responsible, independent users is a prime aim of
More informationENISA s ten security awareness good practices July 09
July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European
More informationIntroduction to the NHS Information Governance Requirements
Introduction to the NHS Information Governance Requirements 2 Version April 2014 Information Governance ensures necessary safeguards for, and appropriate use of, patient and personal information. The widely
More informationInformation Governance Framework. June 2015
Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationHIPAA and Health Information Privacy and Security
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
More informationStandard Operating Procedure. Secure Use of Memory Sticks
Standard Operating Procedure Secure Use of Memory Sticks DOCUMENT CONTROL: Version: 2.1 (Amendment) Ratified by: Finance, Infrastructure and Business Development Date ratified: 20 February 2014 Name of
More informationOrder. Directive Number: IM 10-3. Stephen E. Barber Chief Management Officer
Pension Benefit Guaranty Corporation Order Subject: Protecting Sensitive Information Directive Number: IM 10-3 Effective Date: 4/23/08 Originator: OGC Stephen E. Barber Chief Management Officer 1. PURPOSE:
More informationUniversity for the Creative Arts. Mobile Working and Remote Access Policy
Mobile Working and Remote Access Policy Version 1.0 Date: 20 July 2009 Document History Version History 1.0 20 July 2009 Approved for publication by the IS Board after E&FC approval in June 2009 Title:
More informationSchool Information Security Policy
School Information Security Policy Created By: Newport Education Service Date Created: 22 December 2009 Version: V1.0 Contents Background... 3 IT Infrastructure... 3 IT Access... 3 Acceptable use policy...
More informationMike Casey Director of IT
Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date
More informationSAFEGUARDING PRIVACY IN A MOBILE WORKPLACE
SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE Checklist for taking personally identifiable information (PII) out of the workplace: q Does your organization s policy permit the removal of PII from the office?
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationDOCUMENT CONTROL PAGE
DOCUMENT CONTROL PAGE Title: Title Version: 0.2a Reference Number: Supersedes Supersedes: IT Encryption and Security Policy and Guidelines Description of Amendment(s): Clarification of document approval
More informationEXECUTIVE DECISION NOTICE. ICT, Communications and Media. Councillor John Taylor. Deputy Executive Leader
EXECUTIVE DECISION NOTICE SERVICE AREA: SUBJECT MATTER: DECISION: DECISION TAKER(S): DESIGNATION OF DECISION TAKER(S): GOVERNANCE ICT, Communications and Media PERSONAL DEVICE POLICY That the Personal
More informationStudents are expected to have regard to this policy at all times to protect the ipads from unauthorised access and damage.
Penrice Academy Acceptable Use Policy for Mobile Digital Devices including ipads September 2014 Date of Review: May 2015 Introduction Penrice Academy ( The Academy ) may grant a licence to use ipads or
More informationInformation Security Code of Conduct
Information Security Code of Conduct IT s up to us >Passwords > Anti-Virus > Security Locks >Email & Internet >Software >Aon Information >Data Protection >ID Badges > Contents Aon Information Security
More informationRemote Working and Portable Devices Policy
Remote Working and Portable Devices Policy Policy Number: 037 Version: 2 V2 Ratified by: Audit Committee 16 December 2015 Document Location: Policies\01 Final Policies Name of originator/author: Information
More informationKEELE UNIVERSITY IT INFORMATION SECURITY POLICY
Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical
More informationACCEPTABLE USE OF COMPUTERS IN WILTSHIRE LIBRARIES
ACCEPTABLE USE OF COMPUTERS IN WILTSHIRE LIBRARIES Policy Statement Introduction 1. Wiltshire Libraries provide access to the Internet and other computer facilities to support the educational, recreational
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Version: 0.2 Committee Approved by: Audit Committee Date Approved: 15 th January 2014 Author: Responsible Directorate Information Governance & Security Officer, The Health Informatics
More informationInformation Security Incident Management Policy and Procedure
Information Security Incident Management Policy and Procedure Version Final 1.0 Document Control Organisation Title Author Filename Owner Subject Protective Marking North Dorset District Council IT Infrastructure
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment
More informationEncryption Policy Version 3.0
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More information