Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data
|
|
- Ann Tate
- 7 years ago
- Views:
Transcription
1 Data Protection and Information Data - Guidelines for the use of Personal Data Page 1 of 10 Created on: 21/06/2013
2 Contents 1. Introduction Definitions Physical Electronic Transferring data securely within the University Transferring data securely to eternal third parties... 9 Page 2 of 10 Created on: 21/06/2013
3 1. Introduction Data is not managed solely through control the use of electronic information systems. Everyone processing personal data needs to be aware of the environment they are working in and take consistent appropriate action to protect against accidental damage or disclosure, unauthorised access or theft. Failure to secure data could result in a 500, 000 fine from the Information Commissioners Office and/or bad publicity for the University. Appropriate action means taking sensible approaches to security relative to the nature and sensitivity of the information for example: More caution should be taken when protecting sensitive personal data than is perhaps necessary with personal data (that does not mean that obligations towards personal data can be ignored) or The transfer of data in paper format may require a different approach to the transfer of data on an encrypted memory stick. This document provides some best practice advice on the security of data and should be implemented locally or individually as appropriate. 2. Definitions For definitions of terms used in the guidance, please see the Data Protection section of the University website 3. Third Party Access Temporary Staff working with personal data are no different to permanent staff. They need to be made aware of their responsibilities towards Data Protection. External contractors such as maintenance engineers may require access to areas or systems in the University containing personal data. Staff should not allow them unattended access to any more than they require in order to complete their work. Page 3 of 10 Created on: 21/06/2013
4 4. Physical 4.1 Working in the Office Most University buildings require large areas to be open access so as to allow students, staff, visitors and contractors to go about their legitimate business. The University takes steps to maintain general security to ensure that most office areas have a level of restricted access, but that does not mean that individuals handling personal data can relax or fail to be mindful of their actions in relation to the information they are handling. Faculties and departments should ensure that access to rooms in which they store personal data is restricted to authorised personnel only (this can include supervised guests ). Unauthorised personnel should not be allowed unattended access into areas where they may be able to access personal data, including where it is stored and accessed electronically. Members of staff should be aware that they are responsible for maintaining the integrity of information security. For physical records this can be achieved through simple common sense actions such as: Where possible, locking the door to an empty office/room when they leave which helps prevent unauthorised access, even if only for a few minutes. Challenging (politely) anyone in a secure area whom they do not recognise. Not leaving files containing personal data lying on a desk for anyone to pick up. Not leaving printed documents sitting on top of the printer for someone else to pick up. Locking sensitive data in secure cabinets, draws or other containers where they are provided. Not placing paper documents next to hazards such as liquids that could damage them. Page 4 of 10 Created on: 21/06/2013
5 Committee or board papers where personal data has been discussed (for example exam boards) should be disposed of securely by the meeting secretary and not taken away to be forgotten about. Disposing of physical records securely using the confidential waste sacks and not in the normal bins. 4.2 Working Off-Site No personal data should be collected or taken off-site without a legitimate and approved (by Faculty Registrar or Head of Service) purpose. Staff who are not required to work on personal data offsite should never transfer it away from the University. There may be times when members of staff may have a genuine reason for doing so, for example researchers may gather information offsite or Academics may from time to time work from home to mark papers. Processing information away from the University increases the risk of accidental loss, damage or theft, therefore staff should take the following precautions to minimise the risk when transferring and storing data. No personal data should be taken offsite without a clear understanding as to why it needs to be taken outside of the University and only with the permission of the appropriate senior manager. A record of what information is being taken offsite should be logged, if possible by type and the details of the individuals to whom it relates e.g. exam papers for module xyz, year 2. This way if they are lost, the University knows what information is missing. A record of when the information is returned to the University should also be kept. When using public transport it is important to ensure that bags containing portable devices are not left unattended or out of sight. This includes ensuring that they are not checked in as baggage on flights or left at the other end of a train carriage in the luggage compartment. Personal data should not be left in unattended cars. If there is a need to leave a car whilst transferring personal information, it must be locked out of sight securely in the boot not left on display on the front seat. Page 5 of 10 Created on: 21/06/2013
6 4.3 Loss of Personal Data Offsite In the event of loss or theft of a physical document containing personal data, notify the Police as soon as possible and make a record of the crime number. Notify the University as to what has been lost and the circumstances of the loss, including any precautions taken prior to the incident. Notices should be sent to the University office, the Records and Information Manager and the relevant Faculty/Department office. 5 Electronic 5.1 Working in the Office The University IT systems have inbuilt levels of security, such as logging on to the University Network or logging on additionally to other systems, but staff should still be aware of the threats posed to the integrity of personal data they access when using their computer. VDU screens should be positioned/angled in a way so that people walking by cannot view the detail displayed on them - not face on to an external window or within the office where visitors might walk past and view them. When leaving the computer unattended, even if it s only for a minute, you should remember to press Ctrl, Alt and Delete and lock the computer. This will prevent anyone accessing the computer without a password. Passwords should not be shared with other users unless there is an absolute emergency, they should then be changed at the earliest opportunity. No member of staff should allow another person, including other staff to use their log on details. Generic team accounts should not be created for accessing personal data Data should not be downloaded from University systems without a documented, legitimate purpose for doing so. Page 6 of 10 Created on: 21/06/2013
7 5.2 Working off Site No personal data should be collected or taken off-site without a legitimate and approved purpose. Staff who are not required to work on personal data offsite should never transfer it away from the University. Where staff have been authorised to work offsite, the following guidance should be adhered to: Portable Devices Portable devices include (but not limited to) Laptops, ipads, USB memory sticks, external hard drives, smart phones. Where possible, use remote access through DesktopANYWHERE (See 5.3) rather than transferring information on a portable device. Only use University supplied encrypted Laptops. If using a laptop/ipad in a public area (coffee shops, trains etc.) it is important to limit the view other people may have of the screen. Do not allow anyone else to use the device whilst personal information may be accessible from it. Do not use a public computer to access University systems containing personal data. Make sure that electronic data is backed up to the University network before you copy it to the device. Never transfer original files. Portable devices must be password protected or encrypted, or in the case of USB drives, disks or other storage devices, each stored file must as a minimum be protected by a password. All personal data should be transferred onto the university network and deleted from portable devices immediately upon return to the office, even if the same information will be taken away again the same day. Where the device synchronises with the University account, s containing personal data should be deleted from the device at the earliest opportunity before leaving the University or upon receipt if already away from the University. Page 7 of 10 Created on: 21/06/2013
8 5.2.2 Remote Access through DesktopANYWHERE Ensure that virus scanning software is up to date on all home computers or other devices used to remote access via DesktopANYWHERE. Do not allow other people (family, friends) to use computers whilst they are connected through DesktopANYWHERE. Documents should not be saved to the computer unless absolutely necessary. Any University Documents stored on the home computer should be saved back onto the University network and then deleted from the home PC. Recycle bins should be emptied immediately upon deletion. 5.3 Loss of Personal Data Offsite Portable devices are susceptible to loss or theft. In the event of loss or theft of an electronic portable device, notify the Police as soon as possible and make a record of the crime number. Notify the University as to what has been lost and the circumstances of the loss, including any precautions taken prior to the incident. Notices should be sent to the University office, the Records and Information Manager and the relevant Faculty/Department office. If the device is a University ipad, notify IT Services so that the data can be remotely wiped. 6 Transferring data securely within the University Should you be asked to provide sensitive personal data to a member of University staff, you should always confirm the identity of the person making the request and the purpose for which it is required. If you are unsure as to whether or not the data should be supplied, contact the Records and Information Manager who will advise. 6.1 Hard Copy Information or portable Electronic Devices Personal data may be transferred internally using the internal mail Records containing sensitive personal data may be transferred via the internal mail system; however, there might be some instances (e.g. Page 8 of 10 Created on: 21/06/2013
9 medical reports) where it is more appropriate to hand deliver the information. Any transfer of personal information should be marked Confidential The decision on the most appropriate method should be based upon the sensitivity of the particular data and the urgency in which it is required s Personal data may be transferred internally using the internal but check to ensure that the recipients in the To, CC or BCC fields are members of staff and not students with the same name. Sensitive personal data may, with prior approval, also be transferred internally using the internal but check the recipients in the To, CC or BCC to ensure that they: o Are members of staff and not students with the same name. o Are entitled to view the information you are sharing (i.e. have a documented legitimate business need) o Have checked that any Delegates on their inbox are authorised to view the information or that they have removed anyone who should not access the data. o Attached documents are password protected. o Subject includes the word **Confidential** 7 Transferring data securely to external third parties For advice on which third parties can received personal data, see the guidance document Guidelines for the use of Personal Data Third Party Access Where the University is the Data Controller, do not use FTP, Dropbox or any other online service (see Guidelines for the use of cloud based storage for storing and sharing University Information ) Where the University is a Data Processor on behalf of an external Data Controller, staff should follow the requirements of the Data Controller. If there are any concerns about the requested method of transfer, raise them with the University Records and Information Manager. Page 9 of 10 Created on: 21/06/2013
10 If personal data is to be transferred externally via or on a disk, password protects the document(s) and telephone the recipient with the password. Never send the documents and the passwords together. Where sending documents (or disks, memory sticks etc.) by post, consider send it via registered delivery, especially where the data included sensitive personal information. Mark all correspondence, whatever the media of transfer as confidential and for the recipient only. If the information is to be faxed, check the number and then check it again before sending. For further guidance or advice, please contact: Duncan James duncan.james@northumbria.ac.uk Records and Information Manager Vice Chancellor s Office Ellison Building Telephone: x7357. Page 10 of 10 Created on: 21/06/2013
SECURITY POLICY REMOTE WORKING
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices
More informationRemote Access and Home Working Policy London Borough of Barnet
Remote Access and Home Working Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Remote Access and Home Working Policy Document Description This policy applies to home and
More informationInformation Security Policy for Associates and Contractors
Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...
More informationBARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY
Putting Barnsley People First BARNSLE CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLIC Version: 2.0 Approved By: Governing Body Date Approved: Feb 2014 (initial approval), March
More informationWorking Practices for Protecting Electronic Information
Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that
More informationData and Information Security Policy
St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationSCRIPT: Security Training
SCRIPT: Security Training Slide Name Introduction Overview 1 Overview 2 Overview 3 Text Welcome to the MN WIC Program Security Training Module for all MN WIC Program staff provided by the MN Department
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Rev Date Purpose of Issue/ Description of Change Equality Impact Assessment Completed 1. June 2011 Initial Issue 2. 29 th March 2012 Second Version 3. 15 th April 2013 Third
More informationWhy do we need to protect our information? What happens if we don t?
Warwickshire County Council Why do we need to protect our information? What happens if we don t? Who should read this? What does it cover? Linked articles All WCC employees especially mobile and home workers
More informationPAPER RECORDS SECURE HANDLING AND TRANSIT POLICY
PAPER RECORDS SECURE HANDLING AND TRANSIT POLICY CORPORATE POLICY Document Control Title Paper Records Secure Handling and Transit Policy Author Information Governance Manager ** Owner SIRO/CIARG Subject
More informationROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY INFORMATION HANDLING
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY INFORMATION HANDLING Introduction and Policy Aim The Royal Borough of Windsor and Maidenhead (the Council) recognises the need to protect Council
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationIxion Group Policy & Procedure. Remote Working
Ixion Group Policy & Procedure Remote Working Policy Statement The Ixion Group (Ixion) provide laptops and other mobile technology to employees who have a business requirement to work away from Ixion premises
More informationDATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff
DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has
More informationDATA AND PAYMENT SECURITY PART 1
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
More informationThis factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business.
FSA factsheet for All firms This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business. It explains: What you should
More informationData Protection Guidance
53 September 2010 Management Circular No. 53 Glasgow City Council Education Services Wheatley House 25 Cochrane Street Merchant City GLASGOW G1 1HL To Heads of all Educational Establishments Data Protection
More informationSecurity Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)
Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How
More informationProtection of Computer Data and Software
April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationABERDARE COMMUNITY SCHOOL
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
More informationEnterprise Information Security Procedures
GHL Network Services Ltd Enterprise Information Security Procedures Prepared By Nigel Gardner Date 16/11/09 1 Contents 1. Openwork s Information Security Policy...3 2. Enterprise Information Security Procedures...3
More informationINFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY
Information Management & Technology Security Policy INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY POLICY NO IM&T 003 DATE RATIFIED October 2010 NEXT REVIEW DATE October 2013 POLICY STATEMENT/KEY
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationStandard Operating Procedure. Secure Use of Memory Sticks
Standard Operating Procedure Secure Use of Memory Sticks DOCUMENT CONTROL: Version: 2.1 (Amendment) Ratified by: Finance, Infrastructure and Business Development Date ratified: 20 February 2014 Name of
More informationSummary Electronic Information Security Policy
University of Chichester Summary Electronic Information Security Policy 2015 Summary Electronic Information Security Policy Date of Issue 24 December 2015 Policy Owner Head of ICT, Strategy and Architecture
More informationData Protection Procedures
Data Protection Procedures PROCEDURE OVERVIEW: This Procedure outlines Down District Council s ( the Council ) commitment to the Data Protection Act 1998 ( the Act ) and provides a framework for the Council
More informationInformation Governance
CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this
More informationBERKELEY COLLEGE DATA SECURITY POLICY
BERKELEY COLLEGE DATA SECURITY POLICY BERKELEY COLLEGE DATA SECURITY POLICY TABLE OF CONTENTS Chapter Title Page 1 Introduction 1 2 Definitions 2 3 General Roles and Responsibilities 4 4 Sensitive Data
More informationSERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0
SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY
More informationPolicy: Remote Working and Mobile Devices Policy
Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014
More informationRemote Working and Portable Devices Policy
Remote Working and Portable Devices Policy Policy ID IG04 Version: V1 Date ratified by Governing Body 29/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review
More informationICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation
ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette
More informationCCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review
More informationInformation Technology Acceptable Usage Policy
Information Technology Acceptable Usage Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly
More informationLegal and statutory obligations, in particular under the Data Protection Act, will be followed, whatever the protective marking used.
Handling information based on the protective marking OFFICIAL INFORMATION MARKING Legal and statutory obligations, in particular under the Data Protection Act, will be followed, whatever the protective
More informationInformation Management Handbook for Schools. Information Management Handbook for Schools London Borough of Barnet
Information Management Handbook for Schools London Borough of Barnet Document Name Document Description Information Management Handbook for Schools This document is intended for use by Barnet Borough Schools.
More informationNetwork Security Policy
KILMARNOCK COLLEGE Network Security Policy Policy Number: KC/QM/048 Date of First Issue: October 2009 Revision Number: 3 Date of Last Review: October 2011 Date of Approval \ Issue May 2012 Responsibility
More informationInformation Security Policy London Borough of Barnet
Information Security Policy London Borough of Barnet DATA PROTECTION 11 Document Control POLICY NAME Document Description Information Security Policy Policy which sets out the council s approach to information
More informationUniversity for the Creative Arts. Mobile Working and Remote Access Policy
Mobile Working and Remote Access Policy Version 1.0 Date: 20 July 2009 Document History Version History 1.0 20 July 2009 Approved for publication by the IS Board after E&FC approval in June 2009 Title:
More informationData Protection and Information Security Policy and Procedure
Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May
More informationOriginator: Chris Parkin Date: 4 March 2015 Approved by: Senior Management Team Type: Policy. Computer Security Policy
Originator: Chris Parkin Date: 4 March 2015 Approved by: Senior Management Team Type: Policy Computer Security Policy Contents 1 Scope... 3 2 Governance... 3 3 Physical Security... 3 3.1 Servers... 3 3.2
More informationThis policy outlines different requirements for the use of PSDs based on the classification of information.
POLICY OFFICE OF THE INFORMATION COMMISSIONER Use of portable storage devices 1. Purpose A Portable Storage Device (PSD) is a mobile device capable of storing and transferring digital information. Examples
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment
More informationThe Bishop s Stortford High School Internet Use and Data Security Policy
Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable
More informationSenior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES
Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationCellular/Smart Phone Use Procedure
Number 1. Purpose This procedure is performed as a means of ensuring the safe and efficient use of cell/smart phones throughout West Coast District Health Board (WCDHB) facilities. 2. Application This
More informationPortable Devices and Removable Media Acceptable Use Policy v1.0
Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working
More informationCase Recording Practice Adults Services
Case Recording Practice Adults Services Guidance on case recording practice and on document management Version: 3.3 Effective from: 1 st October 2014 Next review date: 1 st Nov 2015 Signed off by: Jenny
More informationInformation Security Incident Management Policy
Information Security Incident Management Policy Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT Policy & Regulation
More informationAcceptable Use of ICT Policy. Staff Policy
Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.
More informationAcceptable Use Guidelines
Attachment to the Computer and Information Security and Information Management Policies Acceptable Use Guidelines NZQA Quality Management System Supporting Document Purpose These Acceptable Use Guidelines
More information2014 Core Training 1
2014 Core Training 1 Course Agenda Review of Key Privacy Laws/Regulations: Federal HIPAA/HITECH regulations State privacy laws Privacy & Security Policies & Procedures Huntsville Hospital Health System
More informationGrasmere Primary School Asset Management Policy
Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the
More informationNetwork Password Management Policy & Procedures
Network Password Management Policy & Procedures Document Ref ISO 27001 Section 11 Issue No Version 1.3 Document Control Information Issue Date April 2009, June 2010, September 2011 Status Approved By FINAL
More informationCOVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name
COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access
More informationInformation Security Policy
Information Security Policy Policy Contents I. POLICY STATEMENT II. REASON FOR POLICY III. SCOPE IV. AUDIENCE V. POLICY TEXT VI. PROCEDURES VII. RELATED INFORMATION VIII. DEFINITIONS IX. FREQUENTLY ASKED
More informationData Encryption Policy
Data Encryption Policy Number: THCCGCG36 Version: 01 Executive Summary This Policy defines the Security requirements for data encryption upon laptops, physical media and Secure File Transfer within the
More informationTenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014
Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology
More informationA Guide to Information Technology Security in Trinity College Dublin
A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2
More informationData Protection Policy
1. Introduction 1.1 The College needs to keep certain information about its employees, students and other stakeholders, for example to allow it to monitor performance, achievements and health and safety.
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Data Handling in University Information Classification and Handling Agenda Background People-Process-Technology
More informationyour hospitals, your health, our priority STANDARD OPERATING PROCEDURE: Safe Haven Procedure TW10-110 SOP 3 SOP NO: VERSION NO:
STANDARD OPERATING PROCEDURE: Safe Haven Procedure SOP NO: VERSION NO: APPROVING COMMITTEE: DATE THIS VERSION APPROVED: TW10-110 SOP 3 3 Information Governance Committee July 2013 RATIFYING COMMITTEE:
More informationThe Ministry of Information & Communication Technology MICT
The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.
More informationPolicy Document. IT Infrastructure Security Policy
Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT
More informationWritten Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.
Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR
More informationInformation Security Code of Conduct
Information Security Code of Conduct IT s up to us >Passwords > Anti-Virus > Security Locks >Email & Internet >Software >Aon Information >Data Protection >ID Badges > Contents Aon Information Security
More informationCongregation Data Security Education
Congregation Data Security Education Data Security Risks Incoming and Outgoing Internet Traffic Remote Access Outbound Email Improperly Discarded Paper Portable Media Devices (i.e. laptops, flash drives,
More informationAcceptable Use of Information Systems Standard. Guidance for all staff
Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not
More informationHighland Council Information Security Policy
Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...
More informationIdentity Theft Prevention Program Compliance Model
September 29, 2008 State Rural Water Association Identity Theft Prevention Program Compliance Model Contact your State Rural Water Association www.nrwa.org Ed Thomas, Senior Environmental Engineer All
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationREMOTE WORKING POLICY
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
More informationHIPAA Privacy & Security Health Insurance Portability and Accountability Act
HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would
More informationThe Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training
The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.
More informationENISA s ten security awareness good practices July 09
July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European
More informationCentral Bedfordshire Council. IT Acceptable Use Policy. Version 1.7 January 2016 Not Protected. Not Protected Page 1 of 11
Central Bedfordshire Council IT Acceptable Use Policy Version 1.7 January 2016 Not Protected Not Protected Page 1 of 11 Policy Approval Central Bedfordshire Council acknowledges that information is a valuable
More informationInformation Security Incident Reporting & Investigation
Information Security Incident Reporting & Investigation Purpose: To ensure all employees, consultants, agency workers and volunteers are able to recognise an information security incident and know how
More informationInformation Security Policy. Policy and Procedures
Information Security Policy Policy and Procedures Issue Date February 2013 Revision Date February 2014 Responsibility/ Main Point of Contact Neil Smedley Approved by/date Associated Documents Acceptable
More informationACRONYMS: HIPAA: Health Insurance Portability and Accountability Act PHI: Protected Health Information
NAMI EASTSIDE - 13 POLICY: Privacy and Security of Protected Health Information (HIPAA Policies and Procedures) DATE APPROVED: Pending INTENT: (At present, none of the activities that NAMI Eastside provides
More informationA common sense guide to the Data Protection Act 1998 for volunteers
A common sense guide to the Data Protection Act 1998 for volunteers Why is it necessary? The Data Protection Act 1998 is a law introduced to control the way information held about individuals is handled
More informationIslington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014
Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document
More informationSaint Martin s Catholic Academy
Saint Martin s Catholic Academy E-Safety Policy - Acceptable Use - Students January 2015 Why have an Acceptable Use Policy? An Acceptable Use Policy is about ensuring that you, as a student at Saint Martin
More informationFindings from ICO audits and reviews of community healthcare providers. June 2013 to December 2014
Findings from ICO audits and reviews of community healthcare providers June 2013 to December 2014 Introduction The Information Commissioner s Office (ICO) is the regulator responsible for ensuring that
More informationSecure Storage, Communication & Transportation of Personal Information Policy Disclaimer:
Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011
More informationInformation and Data Security
Information and Data Security Guidance for Knowsley Schools Version 4.0 Version Control Record: Revision Date Author Summary of Changes V1.0 19 th November 2008 L Hornsby V2.0 18 February 2010. Maria Bannister
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility The University of Texas at Dallas Information Security Office (ISO) Purpose of Training Information generated, used, and/or owned by UTD has value. Because
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationSHS Annual Information Security Training
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
More informationMobility and Young London Annex 4: Sharing Information Securely
Young London Matters April 2009 Government Office For London Riverwalk House 157-161 Millbank London SW1P 4RR For further information about Young London Matters contact: younglondonmatters@gol.gsi.gov.uk
More informationPCI Data Security. Information Services & Cash Management. Contents
PCI Data Security Information Services & Cash Management This self-directed learning module contains information you are expected to know to protect yourself, our patients, and our guests. Target Audience:
More informationTameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
More informationNHS Information Governance:
NHS Information Governance: Information Risk Management Guidance: Maintenance and Secure Disposal of Digital Printers, Copiers and Multi Function Devices Department of Health Informatics Directorate July
More information