IT Operations Disposal of Media

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "IT Operations Disposal of Media"

Transcription

1 1. Approval and Authorisation Completion of the following signature blocks signifies the review and approval of this Process (signed copy held in safe) Name Job Title Signature Date Authored by:- <Name> Approved by:- <Name> Authorised by:- <Name> Technical Support Officer Information Security Officer Director of Finance & IT 2. Change History Version Date Reason Draft 1.0 First draft for comments Draft 1.1 Draft 1.2 Version 1.0 Version 1.1 Format changes only Addition of Site 1 disposal procedures First Version Amended to include recording of disposals Exemplar_ V1.1.rtf <Date> Page 1 of 12

2 3. Contents 1. Approval and Authorisation Change History Contents Abbreviations & Definitions used in this Report Introduction Requirements of the Information Security policy Disposal process Overview Classification of data and information The processes Recording of Disposal Contributors.8 Appendix 1 - List of external organisations and companies 9 Appendix 2 - List of proprietary packages used to remove data from disks. 11 Appendix 3 - List of contributors.. 12 Appendix 4. Sample Record.. 13 Exemplar_ V1.1.rtf <Date> Page 2 of 12

3 4. Abbreviations & Definitions Used in this Report Trust xxxxxx NHS Trust Unit of medium/units of media an amount of paper or a disk or a tape Secure items items which hold data or information which must be disposed of securely (see Section 7.2 of this document). Non-Secure items items which hold data or information which does not need to be disposed of securely (see Section 7.2 of this document). General waste procedure the process by which items are placed in waste paper bins or the Grundon skip. It is disposed of in land-fill sites. At xxxxxxx this is done by xxxxx Waste Services. Due care and attention must be paid to the Environmental procedures concerning the type of item. At Xxxxxx a full audit trail is kept to keep track of the disposal of waste. 5. Introduction The Trust uses various types of media to store data and information. The main types are paper, magnetic disks, magnetic tapes and optical compact disks. The primary concern of this procedure is to ensure that data and information on these media is rendered unreadable or unusable by parties outside the Trust or department of the Trust which owns that data or information when the unit of medium is no longer required. In physically disposing of the units of media the Environmental Policy of the Trust is adhered to and wherever practicable, in the interests of economy and efficiency, the method of disposal is designed to cover the requirements of both the Information Security policy and the Environmental Policy. For example, re-formatting of a magnetic floppy disk prior to re-issuing of the disk to another user covers the requirements of both policies. Exemplar_ V1.1.rtf <Date> Page 3 of 12

4 6. Requirements of the Information Security policy Disposal of equipment: Computer hardware disposal can only be authorised by the IT security officer who should ensure that data storage devices are purged of sensitive data before disposal or securely destroyed. The procedures for disposal must be documented. Unusable computer media should be destroyed (eg floppy disks, magnetic tapes, CD ROMS). Media disposal: All removable media should be reformatted before disposal, however if this is not possible, the media should be destroyed. 7. Disposal process 7.1 Overview The scope of this process covers all current known media types. Some of the forms of media are not used by the Trust so there is no method of disposal; where this is the case the process in this section is marked as Not Applicable. Medium not used by the Trust. To keep the processes as clear as possible and to make adherence easier, wherever possible common methods of disposal will be applied to the various forms of data and information in use. In these cases cross-reference will be made to the first instance of that method. Exemplar_ V1.1.rtf <Date> Page 4 of 12

5 7.2 Classification of data and information In deciding which method of disposal to adopt it is necessary to classify the data or information that the medium holds into the following categories: a) data or information that needs to be disposed of securely. This includes confidential data and information that is covered by the Data Protection Act, personal information, business information, information that could harm the Trust s reputation or business or interests or those of the NHS, the Department of Health, the wider government or their business partners. (For the rest of this document these items will be called Secure items ). b) data or information that does not need to be disposed of securely. This covers all data or information NOT covered by a) above. (For the rest of this document these items will be called Non-Secure items ). If there is ANY doubt as to which category a particular unit of medium falls in then assume a) above. Who decides into which category a unit of media falls? The user or the user-department must decide into which category a particular unit of medium falls. Advice can be obtained from the Information Security Officer if necessary. Further details on information classification in general can be found in the Compliance procedures produced by xxxxxxxxxxxxxxxxxxxxxxxxx 7.3 The processes 1. Paper documents Secure items must be shredded, using one of the shredders situated on the 2 nd floor of Xxxxxx xxxxx. The shredded material is then sent for recycling with xxxxxxxxx. At Xxxxxx the shredders are located on the d & 3rd floors. Shredded and general waste are all disposed of by Xxxx Waste Services. At Site 1 there are two shredders. One is mobile but generally kept and used in the photocopier room. The other is located on the mezzanine floor in the warehouse section. Shredded and general waste is disposed of by the xxxxx NHS Trust who share and own the premises at xxxxxxxxx. Recycled non-confidential waste is collected by x.x.x. Ltd. Xxxxxxxxx site procedures are the same as at xxxxxxxx site. Non-Secure items can be disposed of either by recycling or through the general waste disposal procedure It should be noted that the recycling process does NOT entail shredding before recycling, thus it should not be used for Secure disposal. Exemplar_ V1.1.rtf <Date> Page 5 of 12

6 The companies used for paper waste disposal are given in Appendix 1 to this document. 2. Voice or other recordings Secure items: Tapes from tape-based telephone answering machines and dictation machines should be erased before disposal. Digital telephone answering machines should have message stores cleared by removing the back-up batteries and unplugging the machine from the mains. The manufacturer s instructions should be consulted on how to do this. Once this is done the machine can be passed on to another user or disposed of in the general waste taking care to follow the environmental policy at the same time. Non-Secure items can be disposed of either by recycling or through the general waste disposal procedure. 3. Carbon paper Not Applicable. Medium not used by the Trust. 4. Output reports. These should be disposed of by the appropriate procedure in Paper documents in section 1 above. 5. One-time-use printer ribbons Not Applicable. Medium not used by the Trust. 6. Magnetic tapes Secure items: all tapes used on IT systems are included in this procedure. All tapes are to be sent to at Xxxxxx xxxxx, Xxxxxxx for erasure of data and disposal. Each tape is to have data removed in accordance with the manufacturer s instructions. In the case of the Laroc dlt tapes these can, if readable, be erased using the Arcserve software. Once the data has been erased tapes be disposed of as in the general waste disposal procedure. Non-Secure procedure. items: be disposed of through the general waste disposal Exemplar_ V1.1.rtf <Date> Page 6 of 12

7 7. Removable disks or cassettes Cassettes: Not Applicable. Medium not used by the Trust. Secure items: (Hard disks should be returned to the department at Xxxxxxx where the data will be removed either by low level reformatting or by use of a proprietary package. [See Appendix 2 for list of proprietary packages.]) Floppy disks and zip disks: these should be either reformatted by the user before disposal or re-use on another system or returned to the department at Xxxxxxx for reformatting for re-use or disposal in the same way as for hard disks in above para. Non-Secure items can be disposed of either by recycling or through the general waste disposal procedure. 8. Optical storage media The Trust uses compact disks (cd) and digital video disks (dvd). Both can contain proprietary software etc. from suppliers and cds can be written to hold Trust data and information. At Xxxxxxx: Secure items: Re-writeable cds & dvds must be re-formatted prior to disposal or re-use. Read-only cds & dvds must be rendered unreadable either by shredding, scratching, heating or similar means which is bad for the item. If sufficient numbers of such disks are to be destroyed the Facilities Manager is able to organise an external company to shred the disks either on or off-site. See Appendix 1 for a list of these companies. Once the data has been removed or rendered unreadable as above the disk material can be disposed of via the general waste disposal procedure. Non-Secure procedure. items can be disposed of through the general waste disposal At Xxxxxx: Cd s are either given to the IT department or destroyed before disposal. At xxxxxxxxxxx & xxxxxxxxx the procedure is as for Xxxxxxx. 9. Program listings Secure items: should be dealt with as Paper documentation Secure items. Non-Secure procedure. items can be disposed of through the general waste disposal Exemplar_ V1.1.rtf <Date> Page 7 of 12

8 10. Test data Secure items: should be dealt with as per the particular type of media s Secure items procedure above. Non-Secure procedure. items can be disposed of through the general waste disposal 11. System documentation Secure items: should be dealt with as per the particular type of media s Secure items procedure above. Non-Secure procedure. items can be disposed of through the general waste disposal Other data and information The Human Resources department shreds all Secure items as in Paper documents above. Other records, which must be kept, are archived at xxxxxx. Details are in Appendix 1. For information, the Purchasing Executives receive tender information from potential suppliers in printed from and quite often on floppy disk. This information is archived in secure off-site storage (details are in Appendix 1). Disposal of these items should be through the processes described above. Users with data or information holding media whose disposal is not covered by one of the above processes should be referred to the IT Security Officer for guidance. All staff in the Trust have a duty to protect all official information that it is entrusted with by ministers, the public, and other organisations. Handling of such information and data is covered in the Compliance procedures prepared by the Trust s Corporate Affairs department. Of particular relevance to this report (Disposal of Media) is the Destruction section under the heading Safeguarding official material outside government as is the Fifth principle of the Data Protection Act (as given in the section headed Data protection and privacy of information. 7.4 Recording of Disposal All disposals of media are recorded in the Media Disposals record log. This records the date received, the owner, the media type, the number of items, the labelling of items, the date disposed of by and who did it. A sample form can be found in Appendix 4. 8 Contributors A list of XXXX staff who were consulted in the gathering of information for this document can be seen in Appendix 3. Exemplar_ V1.1.rtf <Date> Page 8 of 12

9 Appendix 1. List of external organisations and companies 1 Companies used for waste disposal 1 Name: Address: 2 Name:: Address: 3 Name: Address:. 4 Name: Address: 5 Name: Address: 2 HR Records Archive: Registered files containing policy work and the personnel files for all staff: Name of responsible manager, and address where archive held 3 Recall Archive: Name of responsible manager, and address where archive held Exemplar_ V1.1.rtf <Date> Page 9 of 12

10 Appendix 2. List of proprietary packages used to remove data from disks 1 Norton Utilities Exemplar_ V1.1.rtf <Date> Page 10 of 12

11 Appendix 3. List of contributors Name Department Exemplar_ V1.1.rtf <Date> Page 11 of 12

12 Appendix 4. Record Record Date Received Requester/ Owner Media Type No. of items Title/ Label Data Erased Dealt with by Date Disposed Exemplar_ V1.1.rtf <Date> Page 12 of 12

Audio & Video Sanitisation & Destruction Policy

Audio & Video Sanitisation & Destruction Policy Audio & Video Sanitisation & Destruction Policy The purpose of this document is to define the standards for destruction and sanitisation of security-classified media. The cope of this standard is all media,

More information

Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy

Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy Page 1 of 8 Secure Storage, Disposal and Destruction of Electronic Equipment and Media Policy EXECUTIVE SUMMARY Key Messages

More information

UMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05

UMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05 UMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X-1.00.05 I. POLICY STATEMENT Increasing amounts of electronic data are being transmitted and stored on computer systems and electronic media by virtually

More information

Disposal & Destruction of Sensitive Data

Disposal & Destruction of Sensitive Data Disposal & Destruction of Sensitive Data Contents 1 Overview of Data Media Types 1.1 Non-Volatile Magnetic: Hard Disk Drives 1.2 Write Once Optical: CDROM and DVD- 1.3 Write Many Optical: CD-RW and DVD-RW

More information

CITY UNIVERSITY OF HONG KONG. Information Classification and

CITY UNIVERSITY OF HONG KONG. Information Classification and CITY UNIVERSITY OF HONG KONG Handling Standard (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification

More information

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002) (NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002) 1. Approval and Authorisation Completion of the following signature blocks signifies

More information

Media Disposition and Sanitation Procedure

Media Disposition and Sanitation Procedure Media Disposition and Sanitation Procedure Revision History Version Date Editor Nature of Change 1.0 11/14/06 Kelly Matt Initial Release Table of Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope...

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Records Management Policy

Records Management Policy Records Management Policy Document information Document type: Operational Policy Document title: Records Management Policy Document date: November 2014 Author: NHS South Commissioning Support Unit, Information

More information

Information Protective Marking and Handling Policy

Information Protective Marking and Handling Policy Information Protective Marking and Handling Policy Change History Version Date Description Author 0.1 11/01/2013 First Draft Anna Moore 0.2 28/02/2013 Amended taking into account SSTP protective marking

More information

IT Operations Operator and Fault Logs

IT Operations Operator and Fault Logs 1. Approval and Authorisation Completion of the following signature blocks signifies the review and approval of this Process (signed copy held in safe) Name Job Title Signature Date Authored by:-

More information

Tech Application Chapter 3 STUDY GUIDE

Tech Application Chapter 3 STUDY GUIDE Name: Class: Date: Tech Application Chapter 3 STUDY GUIDE Multiple Choice Identify the letter of the choice that best completes the statement or answers the question. 1. This type of device retains data

More information

Moving Information: Privacy & Security Guidelines

Moving Information: Privacy & Security Guidelines Information and Privacy Commissioner/ Ontario Moving Information: Privacy & Security Guidelines Ann Cavoukian, Ph.D. Commissioner July 1997 Information and Privacy Commissioner/Ontario 2 Bloor Street East

More information

Title: Electronic Media Destruction Policy Effective Date: 28 April 2015. Electronic Media Disposal Policy Policy Number 091

Title: Electronic Media Destruction Policy Effective Date: 28 April 2015. Electronic Media Disposal Policy Policy Number 091 Document Control Title Electronic Media Disposal Number 091 Owner Information & Communication Technology Manager Contributors Information & Communication Technology Team Version 1.0 Date of Production

More information

Secure Mobile Shredding and. Solutions

Secure Mobile Shredding and. Solutions Secure Mobile Shredding and Data Erasure Solutions SECURE MOBILE SHREDDING & DATA ERASURE SERVICES... NCE s mobile shredding and data erasure service permanently destroys your data in a secure and controlled

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

University of Liverpool

University of Liverpool University of Liverpool IT Asset Disposal Policy Reference Number Title CSD 015 IT Asset Disposal Policy Version Number v1.2 Document Status Document Classification Active Open Effective Date 22 May 2014

More information

CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd

CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd DESTRUCTION OF DATA ON HARD DRIVES, COMPUTER STORAGE MEDIA AND HANDHELD DEVICES INCORPORATING WEEE RECYCLING MANAGEMENT Version 1 VENDOR DETAILS Data Eliminate

More information

Information Security Policy

Information Security Policy Information Security Policy Contents Version: 1 Contents... 1 Introduction... 2 Anti-Virus Software... 3 Media Classification... 4 Media Handling... 5 Media Retention... 6 Media Disposal... 7 Service Providers...

More information

NHS Central London Clinical Commissioning Group. Retention of Corporate Records Policy. Page 1 of 11

NHS Central London Clinical Commissioning Group. Retention of Corporate Records Policy. Page 1 of 11 NHS Central London Clinical Commissioning Group Retention of Corporate Records Policy Page 1 of 11 Document Control Document Location The source of this document will be found in Version Author Comments/Summary

More information

CD ROM, Inc. 2014 Commercial Catalog. Destruction and Recycling Services

CD ROM, Inc. 2014 Commercial Catalog. Destruction and Recycling Services Destruction and Recycling Services An ISO 9002-compliant company Audited 100% data destruction and green recycling 2014 Commercial Catalog Edition 2014 www.cdrominc.com CD Rom, Inc. Table of Contents About

More information

ISO IEC 27002 2005 (17799 2005) INFORMATION SECURITY AUDIT TOOL

ISO IEC 27002 2005 (17799 2005) INFORMATION SECURITY AUDIT TOOL 7.1 ESTABLISH RESPONSIBILITY FOR ASSETS 1 GOAL Do you protect your organization s assets? 2 GOAL Do you use controls to protect your assets? 3 GOAL Do you account for your organization s assets? 4 GOAL

More information

Information Security Policy

Information Security Policy Central Bedfordshire Council www.centralbedfordshire.gov.uk Information Security Policy January 2016 Security Classification: Not Protected 1 Approval History Version No Approved by Approval Date Comments

More information

Document Management Plan Preparation Guidelines

Document Management Plan Preparation Guidelines Document Management Plan Preparation Guidelines TABLE OF CONTENTS 1. Purpose of Document 1 2. Definition of Document Management 1 3. Objectives of Document Management 1 4. Terms, Acronyms and Abbreviations

More information

Walton Centre. Asset Management. Information Security Management System: SS 03: Asset Management Page 1. Version: 1.

Walton Centre. Asset Management. Information Security Management System: SS 03: Asset Management Page 1. Version: 1. Page 1 Walton Centre Asset Management Document History Date Version Author Changes 01/10/2004 1.0 A Cobain L Wyatt 06/01/2004 1.1 L Wyatt Addition of storage media 16/03/2005 1.2 Liam Wyatt Update storage

More information

UNIVERSITY OF MASSACHUSETTS RECORD MANAGEMENT, RETENTION AND DISPOSITION POLICY

UNIVERSITY OF MASSACHUSETTS RECORD MANAGEMENT, RETENTION AND DISPOSITION POLICY DOC. T99-061 Passed by the BoT 8/4/99 UNIVERSITY OF MASSACHUSETTS RECORD MANAGEMENT, RETENTION AND DISPOSITION POLICY The President of the University shall adopt guidelines to require that each campus

More information

(i.e., the user name and password) and any functions, routines, or methods that will be used to access the credentials.

(i.e., the user name and password) and any functions, routines, or methods that will be used to access the credentials. 1. Credential Policy General In order to maintain the security of MOD Mission Critical internal databases, access by software programs must be granted only after authentication with credentials. The credentials

More information

WHEREAS, the City of Shavano Park wishes to clarify the procedures for the organization, maintenance, disposition and destruction of City Records;

WHEREAS, the City of Shavano Park wishes to clarify the procedures for the organization, maintenance, disposition and destruction of City Records; RESOLUTION R-2015-024 A RESOLUTION ESTABLISHING POLICY FOR THE ORGANIZATION, MAINTENANCE, DISPOSITION AND DESTRUCTION OF CITY OF SHAVANO PARK RECORDS; AS CONSISTENT WITH THE REQUIREMENTS OF THE TEXAS LOCAL

More information

About this Tool Information Security for Residents...

About this Tool Information Security for Residents... About this Tool Information Security for Residents... Purpose: Provide materials to inform and educate Residents in order to reach compliance regarding information security. Audience: New Residents Information

More information

Public Records Policy 05: Disposition of Public Records

Public Records Policy 05: Disposition of Public Records Office of the Public Records Administrator Connecticut State Library State of Connecticut Public Records Policy 05: Disposition of Public Records Date Issued: November 28, 2011 Supersedes: General Letter

More information

Guidance on Personal Data Erasure and Anonymisation 1

Guidance on Personal Data Erasure and Anonymisation 1 Guidance on Personal Data Erasure and Anonymisation Introduction Data users engaged in the collection, holding, processing or use of personal data must carefully consider how to erase such personal data

More information

Somerset County Council - Data Protection Policy - Final

Somerset County Council - Data Protection Policy - Final Organisation Title Author Owner Protective Marking Somerset County Council Data Protection Policy - Final Peter Grogan Information Governance Manager Unclassified POLICY ON A PAGE Somerset County Council

More information

NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12. Issue Date: 15 December 2014 Revised:

NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12. Issue Date: 15 December 2014 Revised: NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL 9-12 Issue Date: 15 December 2014 Revised: NSA/CSS STORAGE DEVICE SANITIZATION MANUAL PURPOSE AND SCOPE This manual provides guidance

More information

Information Security Policy

Information Security Policy Information Security Policy The purpose of this Policy is to describe the procedures and processes in place to ensure the secure and safe use of the federation s network and its resources and to protect

More information

ENVIRONMENTAL POLICY STATEMENT

ENVIRONMENTAL POLICY STATEMENT ENVIRONMENTAL POLICY STATEMENT COMPANY NAME ADDRESS COMPANY ACTIVITIES TRACKYOU LTD BLACKWOOD BUSINESS PARK, ASH ROAD SOUTH, WREXHAM, LL13 9UG Telematics Provider of Vehicle Tracking Units to Local Authorities

More information

Presentation Topics. What is a record? Hawaii State Archives Presentation December 14, 2010 ABC S OF RECORDS MANAGEMENT ACHIEVING BASIC CONTROL

Presentation Topics. What is a record? Hawaii State Archives Presentation December 14, 2010 ABC S OF RECORDS MANAGEMENT ACHIEVING BASIC CONTROL ABC S OF RECORDS MANAGEMENT ACHIEVING BASIC CONTROL Presented by: Adam Jansen adam@dkives.com December 2010 Presentation Topics What is a Record What is Records Management Your Responsibilities Conducting

More information

Blocal government bulletin b

Blocal government bulletin b Electronic Records Standards and Procedures Blocal government bulletin b july 1998 Comments or complaints regarding the programs and services of the Texas State Library and Archives Commission may be addressed

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

The guidance applies to all records, regardless of the medium in which they are held, including e-mail, spreadsheets, databases and paper files.

The guidance applies to all records, regardless of the medium in which they are held, including e-mail, spreadsheets, databases and paper files. Best Practice in Disposing of Records For whom is this guidance intended? This guidance is intended for all University staff that need to dispose of records, on an occasional or regular basis. It is likely

More information

Risk Management Authority

Risk Management Authority Risk Management Authority Records Management Plan RMA Records Management Plan 0 Contents Page 1. Introduction 2 1.1 Background 2 1.2 Records Management in the RMA 3 1.3 Records covered by this Plan 3 1.4

More information

Chapter 8: Security Measures Test your knowledge

Chapter 8: Security Measures Test your knowledge Security Equipment Chapter 8: Security Measures Test your knowledge 1. How does biometric security differ from using password security? Biometric security is the use of human physical characteristics (such

More information

Viad Corp Records Management Policy

Viad Corp Records Management Policy Viad Corp Records Management Policy TABLE OF CONTENTS 1. PURPOSE... 2 Definitions... 3 2. PROCEDURES... 3 Management of Records.... 3 Retention in the Event of Dispute, Litigation, Subpoena, or Inquiry...

More information

Renfrewshire Valuation Joint Board. Records Management Plan

Renfrewshire Valuation Joint Board. Records Management Plan Renfrewshire Valuation Joint Board Records Management Plan The Board s arrangements for the management of records under the Public Records (Scotland) Act 2011 January 2016 Version 8 Title Records Management

More information

LSE PCI-DSS Cardholder Data Environments Information Security Policy

LSE PCI-DSS Cardholder Data Environments Information Security Policy LSE PCI-DSS Cardholder Data Environments Information Security Policy Written By: Jethro Perkins, Information Security Manager Reviewed By: Ali Lindsley, PCI-DSS Project Manager Endorsed By: PCI DSS project

More information

Does it state the management commitment and set out the organizational approach to managing information security?

Does it state the management commitment and set out the organizational approach to managing information security? Risk Assessment Check List Information Security Policy 1. Information security policy document Does an Information security policy exist, which is approved by the management, published and communicated

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title Policy for the Permitted use of removable media - harmonised Version: 4 Reference Number: CO50 Supersedes Supersedes: 3 Description of Amendment(s): No changes

More information

PCI Data Security and Classification Standards Summary

PCI Data Security and Classification Standards Summary PCI Data Security and Classification Standards Summary Data security should be a key component of all system policies and practices related to payment acceptance and transaction processing. As customers

More information

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer:

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer: Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011

More information

SRO Guideline SANITIZING DIGITAL MEDIA AND DEVICES

SRO Guideline SANITIZING DIGITAL MEDIA AND DEVICES Department of Culture and the Arts Government of Western Australia State Records Office of Western Australia SRO Guideline SANITIZING DIGITAL MEDIA AND DEVICES An Information Management Guideline for State

More information

Other terms are defined in the Providence Privacy and Security Glossary

Other terms are defined in the Providence Privacy and Security Glossary Subject: Device and Media Controls Department: Enterprise Security Executive Sponsor: EVP/COO Approved by: Rod Hochman, MD - President/CEO Policy Number: New Date: Revised 10/11/2013 Reviewed Policy Owner:

More information

Records Management. Objectives. With the person sitting next to you, Presented by: Rachel Martin. After this workshop, you ll be able to:

Records Management. Objectives. With the person sitting next to you, Presented by: Rachel Martin. After this workshop, you ll be able to: Records Management Presented by: Rachel Martin Objectives After this workshop, you ll be able to: Implement a new records management system Perfect filing techniques Streamline and improve records management

More information

To provide efficient, economical and effective controls for the maintenance, use and destruction of all College records

To provide efficient, economical and effective controls for the maintenance, use and destruction of all College records Records Management Storage and Destruction Procedures Definitions and Responsibilities Purpose To provide efficient, economical and effective controls for the maintenance, use and destruction of all College

More information

Service Instruction 0759: Destruction of Information Assets (Including Protectively Marked Information)

Service Instruction 0759: Destruction of Information Assets (Including Protectively Marked Information) APPENDIX E Service Instruction 0759 Destruction of Information Assets (Including Protectively Marked Information) Document Control Description and Purpose This instruction is intended to provide guidance

More information

Protection of Personal Information Security and Incident Investigation Procedures and Practices for Local Governmental Units

Protection of Personal Information Security and Incident Investigation Procedures and Practices for Local Governmental Units Fall 2014 Protection of Personal Information Security and Incident Investigation Procedures and Practices for Local Governmental Units Effective January 1, 2015 Darren T. Sammons, Staff Attorney Commonwealth

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY October 2015 1 Subject and version number of document: Serial Number: Records Management Policy COR/010/V2.00 Operative date: October 2015 Author: CCG Owner: Links to Other Policies:

More information

Bedford County Tennessee

Bedford County Tennessee Bedford County Tennessee Digital Media and Hardware Disposal Policy Date: 08.31.11 Approved By: Chris White Policy Number: 1 P age 1.0 INTRODUCTION 3 1.1 Authority. 3 1.2 Purpose.. 3 1.3 Scope 3 1.4 Background.

More information

Records & Information Management Policy

Records & Information Management Policy 2014 Records & Information Management Policy VerQu CONTENTS Document Control... 2 Purpose... 3 Scope... 3 Organizational Placement... 3 Roles and Responsibilities... 3 Corporate Records Manager... 3 Record

More information

Storage, Retrieval and Destruction for Paper and Electronic Records 29 March 2005 to 28 March 2016

Storage, Retrieval and Destruction for Paper and Electronic Records 29 March 2005 to 28 March 2016 Contract No. CUA34504 & CUA123499 Last Updated: 13 August 2015 Document No: 00098577 Storage, Retrieval and Destruction for Paper and Electronic Records 29 March 2005 to 28 March 2016 About the Contract

More information

SJSU Electronic Data Disposition Standard

SJSU Electronic Data Disposition Standard SJSU Electronic Data Disposition Standard Page 1 Executive Summary University data is at risk as long as it is persistently stored on electronic media. This means that data must be properly cared for during

More information

HIPAA Training for Hospice Staff and Volunteers

HIPAA Training for Hospice Staff and Volunteers HIPAA Training for Hospice Staff and Volunteers Hospice Education Network Objectives Explain the purpose of the HIPAA privacy and security regulations Name three patient privacy rights Discuss what you

More information

document destruction Our passion.

document destruction Our passion. document destruction Your office. Our passion. safeguard Our secure destruction service meets all the necessary compliances and helps to support ISO 9001, ISO 14001 and CSR objectives as well as improving

More information

Guideline. January User Guide to Retention Schedule Implementation

Guideline. January User Guide to Retention Schedule Implementation Guideline January 2012 User Guide to Retention Schedule Implementation Approved by: Bridget Sisk Approval date: 2008 Contact:frasera@un.org Review date: 2012 1 Guideline Using Records Retention Schedule

More information

ECM Governance Policies

ECM Governance Policies ECM Governance Policies Records Management Policy Document summary Effective date 13 June 2012 Last updated 26 September 2011 Policy owner Registrar s Office Approved by Council Reviewed by Council Enquiries

More information

Best Practices for Responsible Disposal of Linear Tape-Open (LTO) Tape Media

Best Practices for Responsible Disposal of Linear Tape-Open (LTO) Tape Media Best Practices for Responsible Disposal of Linear Tape-Open (LTO) Tape Media The Environmental and Economic Benefits of Recycling vs. Destruction White Paper Dual-Life Tape Company Dual-Life Tape Company

More information

POLICY FOR PRESERVATION / ARCHIVAL OF DOCUMENTS

POLICY FOR PRESERVATION / ARCHIVAL OF DOCUMENTS POLICY FOR PRESERVATION / ARCHIVAL OF DOCUMENTS (As approved by the board at its meeting held on 27 th October 2015) 1. Introduction Securities and Exchange Board of India (SEBI) has introduced SEBI (Listing

More information

CAVAN AND MONAGHAN EDUCATION AND TRAINING BOARD. Data Breach Management Policy. Adopted by Cavan and Monaghan Education Training Board

CAVAN AND MONAGHAN EDUCATION AND TRAINING BOARD. Data Breach Management Policy. Adopted by Cavan and Monaghan Education Training Board CAVAN AND MONAGHAN EDUCATION AND TRAINING BOARD Data Breach Management Policy Adopted by Cavan and Monaghan Education Training Board on 11 September 2013 Policy Safeguarding personally identifiable information

More information

Information Management Advice 62 Help! We're moving

Information Management Advice 62 Help! We're moving Introduction This advice provides practical guidance on the physical relocation of records in any format when you are moving premises, including: planning for a move how to identify records affected how

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

CITY UNIVERSITY OF HONG KONG. Inventory and Ownership Standard

CITY UNIVERSITY OF HONG KONG. Inventory and Ownership Standard CITY UNIVERSITY OF HONG KONG Inventory and Ownership Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information Officer in September

More information

The legal admissibility of information stored on electronic document management systems

The legal admissibility of information stored on electronic document management systems Softology Ltd. The legal admissibility of information stored on electronic document management systems July 2014 SOFTOLOGY LIMITED www.softology.co.uk Specialist Expertise in Document Management and Workflow

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

DePaul University Records Management Manual November 1, 2014

DePaul University Records Management Manual November 1, 2014 Records Management Manual November 1, 2014 A Note from the Director November 1, 2014 Dear Community Member, On behalf of the Department of Records Management, I welcome you to our vibrant community. As

More information

Safe, Secure and Certified Data Destruction Solutions to meet your individual needs

Safe, Secure and Certified Data Destruction Solutions to meet your individual needs Safe, Secure and Certified Data Destruction Solutions to meet your individual needs Whether you require data destruction supplementary or exclusively to our IT disposal solution, our fully security screened

More information

IT Operations Operational Change Control

IT Operations Operational Change Control 1. Approval and Authorisation Completion of the following signature blocks signifies the review and approval of this Process (signed copy held in safe) Authored by:- Name Job Title Signature Date

More information

Ardington Archives. Components of the process. Audit of needs. Cataloguing. Retrieval. Collection and deposit. Destruction. The archiving.

Ardington Archives. Components of the process. Audit of needs. Cataloguing. Retrieval. Collection and deposit. Destruction. The archiving. Ardington Archives Components of the process Audit of needs Cataloguing Retrieval Collection and deposit Destruction The archiving process 3 Section Contents ARCHIVING PROCESS The archiving process Reference

More information

INTERNATIONAL SOS. Data Retention, Archiving and Destruction Policy. Version 1.07

INTERNATIONAL SOS. Data Retention, Archiving and Destruction Policy. Version 1.07 INTERNATIONAL SOS Data Retention, Archiving and Destruction Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: January 2009 Revised: 2015 All copyright in these materials

More information

Larry Patterson, City Manager

Larry Patterson, City Manager Administrative Policy 2-13 August 20, 2008 DATA MIGRATION POLICY PURPOSE To preserve electronic data as required by Oregon Public Records and Archiving statutes. (ORS 192.050) APPLICABILITY This policy

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy. Abstract This paper addresses the methods and methodologies required to develop a corporate security policy that will effectively protect a company's assets. Date: January 1, 2000 Authors: J.D. Smith,

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

Records Management Plan. April 2015

Records Management Plan. April 2015 Records Management Plan April 2015 Prepared in accordance with the Public Records (Scotland) Act 2011 and submitted to the Keeper of the Records of Scotland for their agreement on 28 April 2015 (Revised

More information

Form #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services

Form #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services Data Destruction and Sanitation Program Mobile (ON-SITE) Data Destruction/Shredding Services 1 Diversified Recycling utilizes state of the art equipment for their data destruction and eradication services.

More information

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013 Information Governance Policy Version 1.0 June 2013 Copyright Notification Copyright London Borough of Islington 2012 This document is distributed under the Creative Commons Attribution 2.5 license. This

More information

NCI-Frederick Safety and Environmental Compliance Manual 03/2013

NCI-Frederick Safety and Environmental Compliance Manual 03/2013 E-1. Records Management I. Scope The Records Management Office maintains a comprehensive records management system meeting regulatory and contractual requirements ensuring documentation is readily accessible.

More information

Information Security Policy

Information Security Policy You can learn more about the programme by downloading the information in the related documents at the bottom of this page. Information Security Document Information Security Policy 1 Version History Version

More information

This policy is not designed to use systems backup for the following purposes:

This policy is not designed to use systems backup for the following purposes: Number: AC IT POL 003 Subject: Backup and Restore Policy 1. PURPOSE The backup and restore policy establishes the need and rules for performing periodic system backup to permit timely restoration of Africa

More information

University of Wisconsin-Madison Policy and Procedure

University of Wisconsin-Madison Policy and Procedure Page 1 of 6 I. Policy UW-Madison strives to ensure the privacy and security of all patient/clients protected health information in the maintenance, retention, and eventual destruction/disposal of such

More information

HIPAA Training for Staff and Volunteers

HIPAA Training for Staff and Volunteers HIPAA Training for Staff and Volunteers Objectives Explain the purpose of the HIPAA privacy, security and breach notification regulations Name three patient privacy rights Discuss what you can do to help

More information

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policies and Procedures Manual Policy Number: I240 Page 1 of 9

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policies and Procedures Manual Policy Number: I240 Page 1 of 9 Page 1 of 9 TITLE: INFORMATION SECURITY: DEVICE AND MEDIA CONTROLS POLICY: Reasonable steps are taken to protect, account for, properly store, back up, encrypt and dispose of hardware, paper and electronic

More information

BUSINESS IMPACT ANALYSIS

BUSINESS IMPACT ANALYSIS Introduction A Business Impact Analysis (BIA) is an assessment by the Business of the potential financial and non-financial impact of an outage. It is designed to define the basic requirements for the

More information

Grasmere Primary School Asset Management Policy

Grasmere Primary School Asset Management Policy Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the

More information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information 6 th Floor, Tower A, 1 CyberCity, Ebene, Mauritius T + 230 403 6000 F + 230 403 6060 E ReachUs@abaxservices.com INFORMATION SECURITY POLICY DOCUMENT Information Security Policy Document Page 2 of 15 Introduction

More information

IFRS FOUNDATION DOCUMENT RETENTION AND DESTRUCTION POLICY

IFRS FOUNDATION DOCUMENT RETENTION AND DESTRUCTION POLICY IFRS FOUNDATION DOCUMENT RETENTION AND DESTRUCTION POLICY Purpose The purpose of this policy is to provide the IFRS Foundation with a framework to govern management decisions on whether particular documents

More information

8. O R G A N I Z A T I O N A L A S S E T M A N A G E M E N T

8. O R G A N I Z A T I O N A L A S S E T M A N A G E M E N T 8.1 ESTABLISH RESPONSIBILITY FOR CORPORATE ASSETS GOAL MEMO To protect assets associated with information and information processing facilities. Define protection responsibilities for assets associated

More information

IT Asset Management Procedure (QM)DT/001. Support Procedure. Written by. Martin Crane. Version /08/2012

IT Asset Management Procedure (QM)DT/001. Support Procedure. Written by. Martin Crane. Version /08/2012 IT Asset Management Procedure (QM)DT/001 Support Procedure Written by Martin Crane Version 1.3 11/08/2012 Revision Version Summary of Changes Contributor date 22/08/2008 1 Initial Draft Martin Crane 22/07/2010

More information

7. WASTE MANAGEMENT AND SUSTAINABILITY

7. WASTE MANAGEMENT AND SUSTAINABILITY 7. WASTE MANAGEMENT AND SUSTAINABILITY The tasks that follow will help you prepare and gather evidence for your assessment related to these topics: waste management management of hazardous waste sustainability.

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

ST. CLAIR CATHOLIC DISTRICT SCHOOL BOARD POLICIES AND PROCEDURES SECTION C: STUDENTS USE OF VIDEO SURVEILLANCE CAMERAS

ST. CLAIR CATHOLIC DISTRICT SCHOOL BOARD POLICIES AND PROCEDURES SECTION C: STUDENTS USE OF VIDEO SURVEILLANCE CAMERAS USE OF VIDEO SURVEILLANCE CAMERAS POLICY EFFECTIVE: 2005 09 01 / 2013 03 05 POLICY STATEMENT: The St. Clair Catholic District School Board is committed to ensuring safe working and learning environments

More information

That s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail.

That s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail. Why Zak Enterprises? Information contained on the hard drives of retired computers must be destroyed properly. Failure to do so can result in criminal penalties including fines and prison terms up to 20

More information