Godley Primary School. E-Security Policy 23/05/2014. Schools ICT Security Policy 1
|
|
- Bernadette Patience Wilkins
- 7 years ago
- Views:
Transcription
1 Godley Primary School E-Security Policy 23/05/2014 Schools ICT Security Policy 1
2 E-Security Information systems (IS) play a major role in supporting the school s activities. The reliability, confidentiality and data integrity of the information systems are all essential to the success of the school s educational and administrative work. To achieve a high level of IS security, all users and administrators will need to comply with the school s IS Security Policy. The policy applies to all staff and students of the school and all other authorised users. It relates to their use of school IS, to private systems when connected to the school network and to school-owned programs and data, whether used on school or on private systems. The objectives of this policy are to ensure that: The school s information systems, programs, data, network and equipment are adequately protected against loss, misuse or abuse; All users are aware of and implement this policy and associated policies including e-safety and data protection; All users are aware of and comply with the relevant UK and European Union legislation; Appropriate security measures are implemented as part of the effective operation and support of IS; All users understand their own responsibilities for protecting the confidentiality and integrity of the data they handle. Schools ICT Security Policy 2
3 Introduction This material reflects effective IS security practice in Tameside schools. The value of a 75 station network is of the order of and it is sensible to protect this investment, to say nothing of the value and sensitivity of the data held. Furthermore, with the integration of curriculum and administration networks, and community access to school ICT facilities, the breadth of threat to systems, data and people grows wider. With broadband initiatives, schools become part of wider network community. No longer are they isolated and only at risk from dangers from within their own LAN (Local Area Network). WAN (Wide Area Network) connectivity places a responsibility on all participating schools to ensure that their own and other LANs are not compromised by poor security and irresponsible user actions. This document sets out areas for consideration to protect our own and other community networks and covers the following points: 1.1 User responsibility and behaviour. 1.2 ICT system integrity and security. 1.3 Hardware and software quality, maintenance and replacement. 1.4 Virus Prevention Strategies. 1.5 Password good practice. 1.6 Wireless Network. 1.7 Disaster recovery procedures. 1.8 References. Schools ICT Security Policy 3
4 1.1 User Responsibility and Behaviour. Everyone is involved in security; this is simply responsible citizenship. All adult users expect an acceptable level of ICT service. Similarly they should expect security and privacy of their data. This implies mutual respect for other peoples privacy and data. Safeguarding your own account and password details is an essential requirement. The Data Protection Act and Computer Misuse Act both apply to school networks and the data held within them. Staff and pupils need to develop responsible approaches to continue to enjoy the privilege of using the school ICT facilities. 1.2 Information Systems Integrity and Security. The school has a responsibility for ensuring that its capital investment in ICT is protected and secured, just as there are procedures for the security and safety of buildings. Network administrators must understand the principles of file level security and the consequences of network access. Users who have network administration rights must safeguard their access and understand their responsibilities. They are potentially the greatest security risk! 1.21 File Security. The network servers are located within a computer room. This room is kept locked when not under direct supervision. The system performs an automatic backup of each server hard disk to tape every night. A different tape is used for each night and then reused the following week. The backup tapes are stored in the school safe and one set is taken off the premises by the ICT Technician. A third level online back up also takes place automatically with out intervention. Workstation backups are not required. A faulty station can be quickly rebuilt by using an image. Precautions are taken to reduce the chances of infection by computer viruses via the Internet, , or other disks. The antivirus software MS essentials which is installed on all school network stations and servers, is Schools ICT Security Policy 4
5 scheduled to update and run automatically on a weekly basis. Remedian will check that anti virus software is operating correctly once a month. All users have their own area for storing their work on the network server hard disk (the "My documents" folder). This means that they can access their work from any network station. Users do not have access to network drives nor are they able to alter or save files outside their own area (except in the authorised shared public drive). Staff can alter and save files on the public drive but pupils can only view the files Access to Software Only Remedian can install new software and hardware. Users can only access software and other resources as made available to them by Remedian. For example, pupils do not have access to staff programs and shared documents. Group policy and Desktop Redirect controls which programs the pupils have access to. An appropriate desk top is created for each year group. Sites visited on the Internet are filtered by Websense Lightspeed 1.3 Hardware and Software Security, Maintenance And Replacement Hardware Security/Inventory An inventory is maintained of all equipment together with make, model, serial number, date of purchase and location. A copy of the inventory is held by Remedian. Rooms with computers are locked overnight. Keys to ICT Suite are located in the key safe in the administrator s office. Schools ICT Security Policy 5
6 All external visitors are required to report to the office and wear identification at all times. All computer rooms and corridors are monitored by the school alarm system after school hours. All major items are security marked to identify them as the property of the school Software Security/ Inventory An inventory is maintained containing a record for each item of software that is available for use on the network and the number of licenses held. Licenses and invoices are held in the ICT Coordinator File or online (accessed via Remedian) Network & Hardware Maintenance Equipment failure in a lesson can have a very negative effect on both teacher and pupil alike. It is essential to have technical support. The school has the following contracts. ICT Support Package provided by Remedian this covers the provision of a technical support service covering broadband; servers, network infrastructure and administration networks; liaison with third parties on behalf of the client. SIMS support is provided by Tameside. The school hardware maintenance contract is managed and sourced by Remedian ensuring value for money. All essential hardware including network components (hubs, routers and switches etc). Maintenance logs of equipment are kept up to date as the previous history of faults to be used to inform repair, or escalate a frequently reported problem for further analysis. Housekeeping procedures i.e. Defragmenting and Scan Disc are performed on all workstations/laptops at least once a year. More frequently, time permitting. Schools ICT Security Policy 6
7 1.34 Electrical Safety All equipment attached to the main electrical supply is safety tested annually. The servers operate from an Uninterruptable Power Supply (UPS) to protect against power surges and blackouts. This will ensure a controlled shutdown of servers should a power failure occur. The power switches of the ICT equipment in the classrooms should be turned off at the end of the day Fire Precautions Waste material i.e. paper/books should be frequently removed from the computer areas. Items should not be placed on laptops and left there. All workstation screens should be switched to off when the workstation is shut down. A carbon dioxide (CO2) fire extinguisher is fitted in ICT Suite. Staff know where it is and how to use it. 1.5 Virus Prevention Strategies At any one time, Tameside schools are vulnerable to virus threats through old software versions, un-patched machines and a lack of regular checking. Schools should regularly review security procedures and ensure compliance, even where staff illness, leave or high workload could disrupt the pattern. Here, the term virus covers worms, Trojans etc. Precautions are taken to reduce the chances of infection by computer viruses via the internet, or other discs. Schools ICT Security Policy 7
8 The antivirus software MS essentials software is installed on all the school network stations and servers. It is scheduled to update and run automatically on a weekly basis. Remedian will check that antivirus software is operating correctly once a month. All workstations are set automatically update Microsoft service packs and security patches. Care should be taken when opening s and their attachments and images from the internet from unknown sources. The attachments in particular should not be opened if at all suspect. Removable media (e.g. external drives) must be scanned for viruses before being used on a machine connected to the network. 1.6 Wireless Network. Connection to the network is through 4 Wireless Access Points. As wireless LAN broadcasts may be monitored beyond the school boundary encrypted transmission must be configured to prevent access. As recommended by Tameside MBC ICT Internal Audit, WPA2 encryption protocol has been enabled. Remedian will connect hardware to the wireless network. Schools ICT Security Policy 8
9 1.7 Choosing and Using Passwords Sensitive medical data and pupil family details are all areas where access by the wrong person could produce problems. A professional approach to authentication will help establish trust that personal or business data is kept secure. The security of the identity / password pair is thus important. All staff will change their password each term. Staff should not disclose their password to anyone. All staff should read the attached Appendix A for password tips. The server automatically will prompt the users to change their password. A log will be kept of each change. 1.8 Disaster Recovery Procedures Risk assessment considering all possible ICT disaster situations and their consequences should be part of a school s management policy. This is the insurance policy. Most disasters are not predicted. Sometimes the warning signs are there network error logs of failing backups and hard disk crashes, but sometimes not. Acts of God such as lightning strikes are usually beyond your control. All users will be informed immediately if there is a loss of ICT services and advised of the cause. The server backup disc will be checked monthly to ensure the discs are readable. As a system crash may require recovery from recent tape backups. The backup tapes are stored in the school safe and a daily set taken off site with the ICT Technician. Schools ICT Security Policy 9
10 References CERT Computer Emergency Response Team The team that provides authoritative security advice to JANET Becta e-safety Site Becta Data protection and Security a summary for schools (search on data protection) Becta National Network Standards including security Google directory on computer security sites Schools ICT Security Policy 10
11 Appendix A Choosing And Using Passwords A password chosen to be easy to remember by association such as matthew or Canterbury is easily guessed. Completely random, long passwords tend to result in people writing them down, a cardinal sin! What is reasonably secure and memorable? A password should not: Contain a dictionary word (to prevent breaking by substitution). Be the name of a pet, town, person or character in a film. Contain a space. A good password: Uses a wide range of characters as well as letters. Any keyboard character will make the password less easy to spot. E.g. qot78*tug or cat&56mice Must be over 6 characters long, but 10 is plenty. Will use some capitals (if passwords are case sensitive), digits and punctuation. For memorable passwords try: Nug78Mer - the consonant-vowel-consonant is pronounceable. Canterbury town wall is a quarter missing = Ctwia1/4m. Password tips We all have many passwords and it is tempting to use one for all systems. This is extremely poor practice! However some things are high security and some not. Never let Windows remember an important password for you! Change important passwords on say a monthly or termly basis. Arrange access for colleagues to shared files, so they don t need your password. Schools ICT Security Policy 11
Husborne Crawley Lower School E-Safety Policy (incorporating Computer Network Security Policy)
Husborne Crawley Lower School E-Safety Policy (incorporating Computer Network Security Policy) What is E-Safety? E-Safety encompasses Internet technologies and electronic communications such as mobile
More informationMountain Ash Comprehensive School Ysgol Gyfun Aberpennar. Network Security Policy
Mountain Ash Comprehensive School Ysgol Gyfun Aberpennar Network Security Policy Updated: September 2010 Next update: September 2013 Table of Contents: Supervised Use page 1 Privacy...page 1 User Access..page
More informationInformation Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationTECHNICAL SECURITY AND DATA BACKUP POLICY
TECHNICAL SECURITY AND DATA BACKUP POLICY PURPOSE Effective technical security depends not only on technical measures, but also on appropriate policies and procedures and on good user education and training.
More informationTameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
More informationNETWORK SECURITY GUIDELINES
NETWORK SECURITY GUIDELINES VIRUS PROTECTION STANDARDS All networked computers and networked laptop computers are protected by GST BOCES or district standard anti-virus protection software. The anti-virus
More informationMike Casey Director of IT
Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date
More informationNETWORK AND INTERNET SECURITY POLICY STATEMENT
TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004
More informationICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen
ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure
More informationIT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST
INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT
More informationUMHLABUYALINGANA MUNICIPALITY ANTIVIRUS MANAGEMENT POLICY
UMHLABUYALINGANA MUNICIPALITY ANTIVIRUS MANAGEMENT POLICY Antivirus Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Originator Recommended by Director
More informationA Guide to Information Technology Security in Trinity College Dublin
A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2
More informationRecords Management and Security Procedure. Approved by: Executive Management Team Version: 1.2 Date: 21.9.2015
Document: Records Management and Security Procedure Approved by: Executive Management Team Version: 1.2 Date: 21.9.2015 1. Overview Senior management of Wentworth Institute ( WINWIN ) have a legal responsibility
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationDene Community School of Technology Staff Acceptable Use Policy
Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,
More informationInformation Security Policy. Policy and Procedures
Information Security Policy Policy and Procedures Issue Date February 2013 Revision Date February 2014 Responsibility/ Main Point of Contact Neil Smedley Approved by/date Associated Documents Acceptable
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationULH-IM&T-ISP06. Information Governance Board
Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible
More informationProcedure Title: TennDent HIPAA Security Awareness and Training
Procedure Title: TennDent HIPAA Security Awareness and Training Number: TD-QMP-P-7011 Subject: Security Awareness and Training Primary Department: TennDent Effective Date of Procedure: 9/23/2011 Secondary
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date
More informationVersion 1.0. Ratified By
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationSITTINGBOURNE COMMUNITY COLLEGE IT SUPPORT MANAGER. Job Description
SITTINGBOURNE COMMUNITY COLLEGE IT SUPPORT MANAGER Job Description Swale Academies Trust Job Description for Sittingbourne Community College IT Support Manager Sittingbourne Community College IT Support
More informationCountering and reducing ICT security risks 1. Physical and environmental risks
Countering and reducing ICT security risks 1. Physical and environmental risks 1. Physical and environmental risks Theft of equipment from staff areas and Theft of equipment from public areas Theft of
More informationStudent Halls Network. Connection Guide
Student Halls Network Connection Guide Contents: Page 3 Page 4 Page 6 Page 10 Page 17 Page 18 Page 19 Page 20 Introduction Network Connection Policy Connecting to the Student Halls Network Connecting to
More informationHIPAA Security COMPLIANCE Checklist For Employers
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationUMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY
UMHLABUYALINGANA MUNICIPALITY IT PERFORMANCE AND CAPACITY MANAGEMENT POLICY Originator: IT Performance and Capacity Management Policy Approval and Version Control Approval Process: Position or Meeting
More informationMSP Service Matrix. Servers
Servers MSP Service Matrix Microsoft Windows O/S Patching - Patches automatically updated on a regular basis to the customer's servers and desktops. MS Baseline Analyzer and MS WSUS Server used Server
More informationWorking Together Aiming High!
Poplar Street Primary School ICT Security and Acceptable Use Policy E-Safety policy 2013/14 Working Together Aiming High! 1 Contents 1. Introduction... 3 2. Policy Objectives... 3 3. Application... 3 4.
More informationSWGfL E-Safety School Template Policies
Ravensmead School Technical Security Policy Introduction Effective technical security depends not only on technical measures, but also on appropriate policies and procedures and on good user education
More informationNetwork Security Policy
IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service
More informationCLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3
CLEO ~Remote Access Services Remote Desktop Access User guide CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3 August 2007 page 1 of 16 CLEO 2007 CLEO Remote Access Services 3SGD
More informationSt Vincent s Catholic Primary School e-safety Policy
St Vincent s Catholic Primary School e-safety Policy Policy e-safety Policy Date January 2015 Date of review January 2016 Signed Chair of Governors Signed Headteacher Effective Practice in e-safety E-safety
More informationInformation Technology Security Procedures
Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationScoMIS Encryption Service
Introduction This guide explains how to implement the ScoMIS Encryption Service for a secondary school. We recommend that the software should be installed onto the laptop by ICT staff; they will then spend
More informationSPICE EduGuide EG0015 Security of Administrative Accounts
This SPICE EduGuide applies to HSC information systems, specifically Administrative login accounts; (aka Admin accounts) and the faculty, staff and students who use them. Admin accounts are logon IDs and
More information4. The Importance of Internet Use in the Primary Curriculum
Policy Contents 1. Introduction 2. Disability 3. Writing and Reviewing the e-safety Policy 4. The Importance of Internet Use in the Primary Curriculum 5. The Benefits of Using the Internet in Education
More informationInformation Security Policy
Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems
More informationSchool Information Security Policy
School Information Security Policy Created By: Newport Education Service Date Created: 22 December 2009 Version: V1.0 Contents Background... 3 IT Infrastructure... 3 IT Access... 3 Acceptable use policy...
More information1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...
Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless
More informationNETWORK INFRASTRUCTURE USE
NETWORK INFRASTRUCTURE USE Information Technology Responsible Office: Information Security Office http://ooc.usc.edu infosec@usc.edu (213) 743-4900 1.0 Purpose The (USC) provides its faculty, staff and
More informationLink2ICT Service Catalogue 2009/2010 Page 1 of 9 Version 2.0
Link2ICT Catalogue 2009/2010 Page 1 of 9 Name Link2ICT, a division of Birmingham Link2ICT, the IT service provider for learning and knowledge across Birmingham City Council, deliver IT support and solutions
More informationHIPAA Privacy and Security Risk Assessment and Action Planning
HIPAA Privacy and Security Risk Assessment and Action Planning Practice Name: Participants: Date: MU Stage: EHR Vendor: Access Control Unique ID and PW for Users (TVS016) Role Based Access (TVS023) Account
More informationSt Bernadette s Catholic Primary School. E-Safety Policy
St Bernadette s Catholic Primary School E-Safety Policy St Bernadette s Catholic Primary School - e-safety policy Our Vision St Bernadette s Catholic Primary School embrace the positive impact and educational
More informationHIPAA Privacy & Security Health Insurance Portability and Accountability Act
HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationCheck Point and Security Best Practices. December 2013 Presented by David Rawle
Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs
More informationHIPAA Compliance Evaluation Report
Jun29,2016 HIPAA Compliance Evaluation Report Custom HIPAA Risk Evaluation provided for: OF Date of Report 10/13/2014 Findings Each section of the pie chart represents the HIPAA compliance risk determinations
More information2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy
Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change
More informationChapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World
Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly
More informationPierce County Policy on Computer Use and Information Systems
Pierce County Policy on Computer Use and Information Systems Pierce County provides a variety of information technology resources such as computers, software, printers, scanners, copiers, electronic mail
More informationSECURITY POLICY REMOTE WORKING
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY REMOTE WORKING Introduction This policy defines the security rules and responsibilities that apply when doing Council work outside of Council offices
More informationNetwork Security Policy
KILMARNOCK COLLEGE Network Security Policy Policy Number: KC/QM/048 Date of First Issue: October 2009 Revision Number: 3 Date of Last Review: October 2011 Date of Approval \ Issue May 2012 Responsibility
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationRetention & Destruction
Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of
More informationThe Bishop s Stortford High School Internet Use and Data Security Policy
Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable
More informationMicrosoft Windows Client Security Policy. Version 2.1 POL 033
Microsoft Windows Client Security Policy Version 2.1 POL 033 Ownership Policy Owner: Information Security Manager Revision History Next Review Date: 2 nd April 2015 Approvals This document requires the
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationABERDARE COMMUNITY SCHOOL
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
More informationADMINISTRATION COMPUTER NETWORK
ADMINISTRATION COMPUTER NETWORK School Administrative Computer Network The Cumberland School operates a network of computers specifically for administrative purposes in the school. This network is electronically
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationBYOD Policy 2016 Bring Your Own Device Acceptable Use Policy
BYOD Policy 2016 Bring Your Own Device Acceptable Use Policy Approved by Leadership Team 27 th April 2016 Approved by the Governing Body: 18 th May 2016 Review Due: May 2017 Rationale The Beaconsfield
More informationE Safety Policy. 6 th March 2013. Annually. 26 th February 2014
E Safety Policy This e safety policy was approved by the Governing Body on: The implementation of this e safety policy will be monitored by: Monitoring will take place at regular intervals: Reporting to
More informationGENERIC JOB DESCRIPTION - SCHOOLS
GENERIC JOB DESCRIPTION - SCHOOLS Job information as shown on organisation chart Job Title: Senior IT Technician Organisational information: Responsible to: Data Manager Post No: GEN75 Grade: HC6 Dimensions:
More informationEXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam
EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored
More informationHow To Write A Health Care Security Rule For A University
INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a
More informationPost No: GEN75. Division/ Department: Schools
JOB DESCRIPTION Job information as shown on organisation chart Job Title: Senior School ICT Technician Directorate: People s Services Organisational information: Post No: GEN75 Division/ Department: Schools
More informationDEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE
2 of 10 2.5 Failure to comply with this policy, in whole or in part, if grounds for disciplinary actions, up to and including discharge. ADMINISTRATIVE CONTROL 3.1 The CIO Bureau s Information Technology
More informationInformation Security Policy
Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current
More informationStable and Secure Network Infrastructure Benchmarks
Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day
More informationSaint Martin s Catholic Academy
Saint Martin s Catholic Academy E-Safety Policy - Acceptable Use - Students January 2015 Why have an Acceptable Use Policy? An Acceptable Use Policy is about ensuring that you, as a student at Saint Martin
More informationThe Coppice Primary School Computing & ICT Policy
The Coppice Primary School Computing & ICT Policy 1 School Vision: Happy, confident and successful learners that are well prepared for life 2 Purpose: 2.1 This policy reflects the school values and philosophy
More informationBirkenhead Sixth Form College IT Disaster Recovery Plan
Author: Role: Mal Blackburne College Learning Manager Page 1 of 14 Introduction...3 Objectives/Constraints...3 Assumptions...4 Incidents Requiring Action...4 Physical Safeguards...5 Types of Computer Service
More informationOn-Site Computer Solutions values these technologies as part of an overall security plan:
Network Security Best Practices On-Site Computer Solutions Brian McMurtry Version 1.2 Revised June 23, 2008 In a business world where data privacy, integrity, and security are paramount, the small and
More informationNetwork Documentation Checklist
Network Documentation Checklist Don Krause, Creator of NetworkDNA This list has been created to provide the most elaborate overview of elements in a network that should be documented. Network Documentation
More informationUniversity of Kent Information Services Information Technology Security Policy
University of Kent Information Services Information Technology Security Policy IS/07-08/104 (A) 1. General The University IT Security Policy (the Policy) shall be approved by the Information Systems Committee
More informationBerwick Academy Policy on E Safety
Berwick Academy Policy on E Safety Overview The purpose of this document is to describe the rules and guidance associated with E Safety and the procedures to be followed in the event of an E Safety incident
More informationPREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:
A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine
More informationInformation Security Operational Procedures Banner Student Information System Security Policy
Policy No: 803 Area: Information Technology Services Adopted: 8/6/2012 Information Security Operational Procedures Banner Student Information System Security Policy INTRODUCTION This document provides
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationSTANDARD ON CONTROLS AGAINST MALICIOUS CODE
EUROPEAN COMMISSION DIRECTORATE-GENERAL HUMAN RESOURCES AND SECURITY Directorate HR.DS - Security Informatics Security Brussels, 21/06/2011 HR.DS5/GV/ac ARES (2011) 663475 SEC20.10.05/04 - Standards European
More informationEMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards
EMMANUEL CE VA MIDDLE SCHOOL IT Security Standards 1. Policy Statement The work of Schools and the County Council is increasingly reliant upon Information & Communication Technology (ICT) and the data
More informationData Network Security Policy
Authors: Mike Smith Rod Makosch Network Manager Data Security Officer IM&T IM&T Version No : 1 Approval Date: March 2005 Approved by : John Aird Director of IM&T Review Date : 1 April 2006 Trust Ref: C7/2005
More informationHang Seng HSBCnet Security. May 2016
Hang Seng HSBCnet Security May 2016 1 Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationENISA s ten security awareness good practices July 09
July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European
More informationCentral Bedfordshire Council. IT Acceptable Use Policy. Version 1.7 January 2016 Not Protected. Not Protected Page 1 of 11
Central Bedfordshire Council IT Acceptable Use Policy Version 1.7 January 2016 Not Protected Not Protected Page 1 of 11 Policy Approval Central Bedfordshire Council acknowledges that information is a valuable
More informationDublin Institute of Technology IT Security Policy
Dublin Institute of Technology IT Security Policy BS7799/ISO27002 standard framework David Scott September 2007 Version Date Prepared By 1.0 13/10/06 David Scott 1.1 18/09/07 David Scott 1.2 26/09/07 David
More informationNetwork Security Policy
Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Version: 0.2 Committee Approved by: Audit Committee Date Approved: 15 th January 2014 Author: Responsible Directorate Information Governance & Security Officer, The Health Informatics
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More information