Electronic Communications Monitoring Policy

Size: px
Start display at page:

Download "Electronic Communications Monitoring Policy"

Transcription

1 Electronic Communications Monitoring Policy Printed copies should not be considered the definitive version DOCUMENT CONTROL POLICY NO. 79 Policy Group Information Governance and Security Author Andrew Turner Version No. 1.2 Reviewer Medical Director Implementation Date Aug 2013 Scope (Applicability) Board wide Next review date Aug 2015 Status Final Last review date N/A Approved By Graham Gault Kelly Kennedy Angus Cameron Neil Kelly

2 Contents 1. Overview Key points Policy Aims Scope & Applicability Monitoring of Communications by NHS Dumfries & Galloway Scope of Monitoring Access to accounts Virus scanning... 5 Appendix 1 Policy Approval Checklist... 6 Appendix 2 - Document Status... 7 Appendix 3 - Action Plan for Implementation... 8 Page 2 of 8 Pages

3 1. Overview a. Access to the Board Intranet and the wider Internet is provided to allow staff to undertake their normal business functions. It is important that all users of our Intranet and Internet provision understand exactly what is considered fair usage. b. This paper lays out our Acceptable Use Policy for the Intranet and the external Internet. c. This policy sets out clear guidance for users on what is and is not allowed. It also sets the boundaries as to when personal use is allowed and not allowed. The overarching purpose is to ensure that appropriate access to the Intranet and Internet is available to staff with a legitimate business purpose at all times and this access is not hindered by non-business related activities. d. It demonstrates management support for, and commitment to, the provision of an internet capability through issuing this policy for user acceptance and compliance, as well as any related policies, procedures and guidelines, including user education and awareness across NHS Dumfries & Galloway. The purpose of this policy is to protect all NHS Dumfries & Galloway users from threats, internal or external, deliberate or accidental. 2. Key points All business telephone, and internet traffic may be monitored for specific business purposes (see para 6a). All incoming and outgoing s will be scanned for virus or other malware content. s may be monitored and access provided to appropriate staff where necessary due to sickness or other absences from work (see para 7b). s not marked Personal or stored in a Personal folder will be assumed to be business correspondence. Audit logs of times of access and internet sites visited may be provided to Senior Managers. Audit logs of accesses to information systems containing sensitive personal information will be monitored. Suspected cases of inappropriate access will be investigated. This may result in disciplinary procedures being started which, in extreme cases, may lead to dismissal and possible criminal proceedings. 3. Policy Aims a. This policy aims to: i. Provide guidance on the acceptable use of the Intranet and Internet whilst using the NHS Dumfries & Galloway provided networks. ii. It details the roles and responsibilities and supporting organizational monitoring arrangements for ensuring that access for normal business use is maintained. iii. It provides a framework under which NHS Dumfries & Galloway can ensure compliance with all relevant legislation and policies. Page 3 of 8 Pages

4 4. Scope & Applicability a. This policy applies to accesses to web based services as provided by NHS Dumfries & Galloway in any format and is intended to be fully consistent with the Information Security Policy and Standards of NHS Scotland. b. This policy applies to all users who undertake work for NHS Dumfries & Galloway or use any part of the IT infrastructure, whether as an employee, a student, a volunteer, a contractor, partner agency, external consultant or 3 rd party IT supplier. c. It is a management requirement that all NHS Dumfries & Galloway accesses to the Intranet and Internet for legitimate business use goes un-hindered. 5. Monitoring of Communications by NHS Dumfries & Galloway a. NHS Dumfries & Galloway is ultimately responsible for all business communications but subject to that will, so far as possible and appropriate, respect your privacy and autonomy while working. 6. Scope of Monitoring a. NHS Dumfries & Galloway may monitor your business communications for reasons which may include but is not restricted to: i. providing evidence of business transactions; ii. ensuring that NHS Dumfries & Galloway s business procedures, policies and contracts with staff are adhered to; iii. complying with any legal obligations; iv. monitoring standards of service, staff performance, and for staff training; v. preventing or detecting unauthorised use of NHS Dumfries & Galloway s communications systems or criminal activities; and vi. maintaining the effective operation of NHS Dumfries & Galloway s communications systems. b. NHS Dumfries & Galloway will monitor telephone, and internet traffic data (i.e. sender, receiver, subject; non-business attachments to , numbers called and duration of calls; domain names of websites visited, duration of visits, and files downloaded from the internet) at a network level (but covering both personal and business communications) for the purposes specified at item 6a. c. For the purposes of your maintenance of your own personal privacy, you need to be aware that such monitoring might reveal sensitive personal data about you. For example, if you regularly visit websites which detail the activities of a particular political party or religious group, then those visits might indicate your political opinions or religious beliefs. d. By carrying out such activities using NHS Dumfries & Galloway s facilities you consent to our processing any sensitive personal data about you which may be revealed by such monitoring. 7. Access to accounts a. Sometimes it is necessary for NHS Dumfries & Galloway to access your business communications during your absence, such as when you are away because you are ill or while you are on holiday. Unless your mailbox settings are such that the individuals who need to do this already have permission to view your inbox, access Page 4 of 8 Pages

5 will be granted only with the permission of one of the persons authorised to grant such access [in accordance with our policy " Acceptable Use Policy"]. b. Any s which are not stored in your "Personal" folder in your mailbox and which are not marked PERSONAL in the subject heading will be treated, for the purpose of availability for monitoring, as business communications since we will have no way of knowing that they were intended to be personal. Therefore you must set up a rule to automate the routing of personal to your personal folder ask IT Support for guidance on how to do this. Furthermore, there is a risk that any person authorised to access your mailbox may have their own preview pane option as a default setting, which would reveal the content of any of your personal not filed in your "Personal" folder, whether or not such are marked PERSONAL. It is up to you to prevent the inadvertent disclosure of the content of personal by filing your personal in accordance with this policy. In particular, you are responsible to anybody outside NHS Dumfries & Galloway who sends to you, or receives from you, a personal , for the consequences of any breach of their privacy which may be caused by your failure to file your personal . c. In certain very limited circumstances we may, subject to compliance with any legal requirements, access marked PERSONAL. Examples are when we have reasonable suspicion that they may reveal evidence of unlawful activity, including instances where there may be a breach of a contract with NHS Dumfries & Galloway. 8. Virus scanning a. All incoming s are scanned by the organisation contracted to operate the NHSMail service on behalf of the NHS and therefore on behalf of NHS Dumfries & Galloway using virus-checking software. The software will also block unsolicited marketing (spam) and which have potentially inappropriate attachments. If there is a suspected virus in an which has been sent to you, the sender will automatically be notified and you will receive notice that the is not going to be delivered to you because it may contain a virus. Page 5 of 8 Pages

6 Appendix 1 Policy Approval Checklist NHS DUMFRIES AND GALLOWAY POLICY APPROVAL CHECKLIST This checklist must be completed and forwarded with the policy to the appropriate approval group POLICY TITLE Electronic Communications Monitoring Policy POLICY NO.. EXECUTIVE LEAD Dr Angus Cameron Why has this policy been developed? Has the policy been developed in accordance with or related to legislation? Please give details of applicable legislation. Has a risk control plan been developed? Who is the owner of the risk? Who has been involved/consulted in the development of the policy? Has the policy been assessed for equality and diversity in relation to:- Race/Ethnicity Gender Age Religion/Faith Disability Sexual Orientation Does the policy contain evidence of the Equality & Diversity Impact Assessment Process? Is there an implementation plan? When will the policy take effect? If the policy applies to partner agencies, please explain the reasons for this and how they will be informed of their responsibilities Compliance with Board Information Assurance Strategy CEL 26/2012 Data Protection Act 1998 Electronic Communications Act 2000 Computer Misuse Act ehealth Lead and staff, Dr Cameron, Internal Audit, Staff side representative Has the policy been assessed for Equality and Diversity not to disadvantage the following groups:- Minority Ethnic Communities Women and Men Religious & Faith Groups Disabled People Young People L, G, B & T Community YES YES Immediate Not applicable Page 6 of 8 Pages

7 Appendix 2 - Document Status Title Electronic Communications Monitoring Policy Author Andrew Turner Approver Graham Gault Document reference Version number 1,3 Document Amendment History Version number Edited by Edit date Topics covered 0.1 Pinsent Nov 2007 Exemplar document Mason Solicitor 1.0 Andrew 26 th June st Draft for peer review Turner 1.1 Andrew 30 th June nd Draft for IA Committee. Turner 1.2 Andrew 11 th July 2013 Final draft following review and amendments as Turner recommended by Information Assurance Committee Key Points added 1.3 Andrew 8 th August 2013 Final for recommendation to APF for approval Turner Distribution Name Version number Responsibility Board Secretary 1.3 Place on policy register Communications Team 1.3 Place on Intranet and in latest news Board Management Group 1.3 Dissemination to all staff through line management IM&T Department 1.3 To all staff Staff side representative 1.3 For comment prior to presentation to APF Associated Documents ISO/IEC The Code of Practice for Information Security Management CEL26/2012 NHS Scotland Information Security Policy NHS Dumfries & Galloway Information Assurance Strategy NHS Dumfries & Galloway Information Assurance Policy NHS Dumfries & Galloway Information Systems Procurement, Development and Implementation Policy NHS Dumfries & Galloway Information Security Policy NHS Dumfries & Galloway Access to Information Policy NHS Dumfries & Galloway Mobile Devices Policy NHS Dumfries & Galloway Acceptable Use Policy NHS Dumfries & Galloway Internet and Internet Acceptable Use Policy NHS Dumfries & Galloway Communications Monitoring Policy Page 7 of 8 Pages

8 Appendix 3 - Action Plan for Implementation Name Responsibility Timeframe Place on policy register Board Secretary Immediate Place in latest news Place on Intranet Dissemination to all staff through line management Communications Team Communications Team Board Management Group Immediate Immediate On going continual process Routinely issue to all staff IM&T Department Continual process Update staff contracts HR Department Immediate Page 8 of 8 Pages

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

Use of the Internet and E-Mail Policy

Use of the Internet and E-Mail Policy Use of the Internet and E-Mail Policy This procedural documentsupersedes : Use of the Internet and E-Mail Policy CORP/EMP 16 v.4 Name and title of author/reviewer Samantha Francis HR Advisor Date revised

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

Email Usage Policy Document Profile Box

Email Usage Policy Document Profile Box Document Profile Box Document Category / Ref QSSD 660 Version: 0004 Ratified by: Governance and Risk Committee Date ratified: 12 th January 2012 Name of originator / author: Name of responsible committee

More information

E-Mail Use Policy. All Staff Policy Reference No: Version Number: 1.0. Target Audience:

E-Mail Use Policy. All Staff Policy Reference No: Version Number: 1.0. Target Audience: E-Mail Use Policy Authorship: Barry Jackson Information Governance, Security and Compliance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date:

More information

UNIVERSITY OF ST ANDREWS. EMAIL POLICY November 2005

UNIVERSITY OF ST ANDREWS. EMAIL POLICY November 2005 UNIVERSITY OF ST ANDREWS EMAIL POLICY November 2005 I Introduction 1. Email is an important method of communication for University business, and carries the same weight as paper-based communications. The

More information

Email Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual:

Email Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual: Version: 1.1 Ratified by: NHS Bury CCG IM&T Steering Group Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual: Greater Manchester CSU - IT Department NHS Bury

More information

Email Policy and Code of Conduct

Email Policy and Code of Conduct Email Policy and Code of Conduct UNIQUE REF NUMBER: CCG/IG/011/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure

More information

Sample Employee Network and Internet Usage and Monitoring Policy

Sample Employee Network and Internet Usage and Monitoring Policy CovenantEyes Internet Accountability and Filtering Sample Employee Network and Internet Usage and Monitoring Policy Covenant Eyes is committed to helping your organization protect your employees and members

More information

Internet Use Policy and Code of Conduct

Internet Use Policy and Code of Conduct Internet Use Policy and Code of Conduct UNIQUE REF NUMBER: AC/IG/023/V1.1 DOCUMENT STATUS: Agreed by Audit Committee 18 July 2013 DATE ISSUED: July 2013 DATE TO BE REVIEWED: July 2014 1 P age AMENDMENT

More information

Data Protection and Privacy Policy

Data Protection and Privacy Policy Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

John Leggott College. Data Protection Policy. Introduction

John Leggott College. Data Protection Policy. Introduction John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and

More information

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services Issue 1.0 (Effective 27 June 2012) This document contains a copy of the STFC policy statements outlining

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012 Monitoring and Logging Policy Document Status Security Classification Version 1.0 Level 1 - PUBLIC Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Change History

More information

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent Scope Information Services Regulations for the Use of Information Technology (IT) Facilities at the University of Kent 1. These regulations apply to The Law All students registered at the University, all

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Access Control Policy

Access Control Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

INTERNET, E-MAIL USE AND

INTERNET, E-MAIL USE AND INTERNET, E-MAIL AND TELEPHONE USE AND MONITORING POLICY Originated by: Customer Services LJCC: 10 th April 2008 Full Council: June 2008 Implemented: June 2008 1.0 Introduction and Aim 1.1 The aim of this

More information

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012 Electronic Messaging Policy 1. Document Status Security Classification Level 4 - PUBLIC Version 1.0 Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Retention

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS Policy: Title: Status: ISP-S9 Use of Computers Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1. Introduction 1.1. This information security policy document contains high-level

More information

ABERDARE COMMUNITY SCHOOL. Email Policy. Drafted June 2014 Revised on ... (Chair of Interim Governing Body)

ABERDARE COMMUNITY SCHOOL. Email Policy. Drafted June 2014 Revised on ... (Chair of Interim Governing Body) ABERDARE COMMUNITY SCHOOL Email Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) E-MAIL POLICY Review This policy has been approved

More information

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format. University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

Data Protection Policy June 2014

Data Protection Policy June 2014 Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

Email Services Policy

Email Services Policy Email Services Policy CONTENTS Page 1 Introduction 3 2 Scope 3 3 Review and Evaluation 3 4 General Principles 4 5 Responsibilities 4 6 Business Use and Continuity 4 7 Personal Use 6 8 Managing Email Messages

More information

Internet, Social Networking and Telephone Policy

Internet, Social Networking and Telephone Policy Internet, Social Networking and Telephone Policy Contents 1. Policy Statement... 1 2. Scope... 2 3. Internet / email... 2 4. Social Media / Social Networking... 4 5. Accessing the internet, email or social

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most

More information

Islington ICT Email Policy A council-wide information technology policy. Version 0.9 June 2014

Islington ICT Email Policy A council-wide information technology policy. Version 0.9 June 2014 A council-wide information technology policy Version 0.9 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document is distributed under the Creative Commons Attribution

More information

E-Mail and Internet Policy

E-Mail and Internet Policy E-Mail and Internet Policy Document reference Title: E-Mail and Internet Policy Product ID: Version Number: 8.0 Status: Live Distribution / Issue date: 12 November 2014 Author: K. Fairbrother Review Period:

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy Recommending Committee: Approving Committee: Information Governance Steering Group Patient Safety & Experience Council Signature: Designation: Chief Executive Date: Version Number:

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT.

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT. Website - Terms and Conditions Welcome to our website. If you continue to browse and use this website you are agreeing to comply with and be bound by the following terms and conditions of use, which together

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

Internet and Social Media Policy

Internet and Social Media Policy Internet and Social Media Policy Page 1 of 19 Review and Amendment Log / Control Sheet Responsible Officer: Chief Officer Clinical Lead: Author: Date Approved: Committee: Version: Review Date: Medical

More information

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

Policy. London School of Economics & Political Science. Application Control. Jethro Perkins Information Security Manager IMT

Policy. London School of Economics & Political Science. Application Control. Jethro Perkins Information Security Manager IMT London School of Economics & Political Science IMT Policy Application Control Jethro Perkins Information Security Manager Summary This document outlines IMT s application control policy, as endorsed by

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

Network Security Policy

Network Security Policy Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant

More information

LINCOLNSHIRE COUNTY COUNCIL. Information Security Policy Framework. Document No. 8. Email Policy V1.3

LINCOLNSHIRE COUNTY COUNCIL. Information Security Policy Framework. Document No. 8. Email Policy V1.3 LINCOLNSHIRE COUNTY COUNCIL Information Security Policy Framework Document No. 8 Email Policy V1.3 Document Control Reference V1.3 Email Policy Date 17 July 2015 Author Approved by Version History David

More information

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document. Report to: Cabinet Date: 14 th October 2004. Report: of Head of Corporate Personnel Services Report Title: USE of INTERNET POLICY Summary of Report. The use of the Internet is growing rapidly. Over the

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé NHS HDL (2006)41 abcdefghijklm = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé Dear Colleague NHSSCOTLAND INFORMATION SECURITY POLICY Summary 1. NHSScotland IT Security Policy was

More information

Policy: Accessing Legal Advice

Policy: Accessing Legal Advice Policy: Accessing Legal Advice Executive or Associate Director lead Policy author/ lead Feedback on implementation to Rosie McHugh Wendy Hedland Wendy Hedland Date of draft April 2014 Dates of consultation

More information

HUMAN RESOURCES EQUAL OPPORTUNITIES POLICY

HUMAN RESOURCES EQUAL OPPORTUNITIES POLICY HUMAN RESOURCES EQUAL OPPORTUNITIES POLIC Policy Manager EO PIN Group Policy Group WAG Forum Policy Established Last Updated September 2008 Policy Review Period/Expiry June 2013 This policy does / does

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

Trust Operational Policy. Information Security Department. Third Party Remote Access Policy

Trust Operational Policy. Information Security Department. Third Party Remote Access Policy Trust Operational Policy Information Security Department Policy Reference: 3631 Document Control Document Title Author/Contact Document Reference 3631 Pauline Nordoff-Tate, Information Assurance Manager

More information

Personal use of computers

Personal use of computers Personal use of computers Personal Use In addition to the internal mail system, ICO staff have direct access to the Internet and external email from their IT equipment. This statement of the Commissioner

More information

Use of Social Networking Websites Policy. Joint Management Trade Union Committee. ENDORSED BY: Consultative Committee DATE: 14 February 2013

Use of Social Networking Websites Policy. Joint Management Trade Union Committee. ENDORSED BY: Consultative Committee DATE: 14 February 2013 Use of Social Networking Websites Policy START DATE: March, 2013 NEXT REVIEW: March 2015 COMMITTEE APPROVAL: Joint Management Trade Union Committee CHAIR S SIGNATURE: STAFF SIDE CHAIR S SIGNATURE: DATE:

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Electronic Mail Policy Version: 5 Reference Number: CO6 Keywords: (please enter tags/words that are associated to this policy) Email Supersedes Supersedes: Version

More information

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the

More information

ACCEPTABLE IT AND COMPUTER USE POLICY GUIDE FOR STAFF

ACCEPTABLE IT AND COMPUTER USE POLICY GUIDE FOR STAFF ACCEPTABLE IT AND COMPUTER USE POLICY GUIDE FOR STAFF The African Academy of Sciences (AAS) Postal Address: P.O. Box 24916 00502, Nairobi, KENYA Physical Address: 8 Miotoni Lane, Karen, Nairobi Tel: +

More information

Data Protection Act 1998. Bring your own device (BYOD)

Data Protection Act 1998. Bring your own device (BYOD) Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...

More information

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Information Security and Electronic Communications Acceptable Use Policy (AUP) Policy No.: AUP v2.0 Effective Date: August 16, 2004 Revision Date: January 17, 2013 Revision No.: 1 Approval jwv / mkb Information Security and Electronic Communications (AUP) 1. INTRODUCTION Southwestern

More information

1. Owner Manager, Business Operations 2. Compliance is required by Staff, contractors, consultants and volunteers 3. Approved by The Commissioner

1. Owner Manager, Business Operations 2. Compliance is required by Staff, contractors, consultants and volunteers 3. Approved by The Commissioner Policy Details 1. Owner Manager, Business Operations 2. Compliance is required by Staff, contractors, consultants and volunteers 3. Approved by The Commissioner 4. Date created February 2015 5. Date of

More information

Computer Network & Internet Acceptable Usage Policy. Version 2.0

Computer Network & Internet Acceptable Usage Policy. Version 2.0 Computer Network & Internet Acceptable Usage Policy Version 2.0 April 2009 Document Version Control Version Date Description 1.0 Sept 2003 Original Version (adopted prior to establishment of BoM) 2.0 March

More information

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8 The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8 Introduction The IT systems must be used in a reasonable manner and in such a way that does not affect their efficient operation,

More information

COMPUTER USAGE - EMAIL

COMPUTER USAGE - EMAIL BASIC BELIEF This policy relates to the use of staff email at Mater Dei and is designed to provide guidelines for individual staff regarding their use. It encourages users to make responsible choices when

More information

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette

More information

Birmingham City Council Internet Monitoring Standard

Birmingham City Council Internet Monitoring Standard If you have inquiries about this Standard, contact the Business Policy Team of the ICF on 0121 675 1431 or 0121 464 2877. Standard Owner: Author: Version: 2.0 Date: 22/04/2009 Classification Unclassified

More information

E-mail & Internet Policy

E-mail & Internet Policy E-mail & Internet Policy Recommending Committee: Approving Committee: Clinical Standards & Focus Council Trust Governance Board Signature: Designation: Chief Executive Date: Version Number: 02 Date: August

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

Human Resources Policy No. HR46

Human Resources Policy No. HR46 Human Resources Policy No. HR46 Maintaining Personal Files and ESR Records Additionally refer to HR04 Verification of Professional Registration HR33 Recruitment and Selection HR34 Policy for Carrying Out

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

TITLE: SCCD ELECTRONIC INFORMATION RESOURCES

TITLE: SCCD ELECTRONIC INFORMATION RESOURCES SEATTLE COMMUNITY COLLEGE DISTRICT PROCEDURE NUMBER: 259.10-40 TITLE: SCCD ELECTRONIC INFORMATION RESOURCES 259.10 Definitions: 259.10.01 Electronic Information Resources (EIRs). All electronic hardware,

More information

Policy: Remote Working and Mobile Devices Policy

Policy: Remote Working and Mobile Devices Policy Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014

More information

RIPA (Regulations and Investigatory Powers Act)

RIPA (Regulations and Investigatory Powers Act) Dartmoor National Park Authority INTERNET MONITORING POLICY & INVESTIGATION PROTOCOL Approved: February 2010 Review Date: September 2010 1. Introduction Private use of the computer facilities is covered

More information

Email, Internet & Social Networking Policy Version 3.0. 5 th December 2014

Email, Internet & Social Networking Policy Version 3.0. 5 th December 2014 Email, Internet & Social Networking Policy Lead executive Name / title of author: Chief Nurse Colin Owen, Information Governance and Data Security Lead Date reviewed: October 2014 Date ratified: 5 th December

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

Acceptable Use of Information Technology Policy

Acceptable Use of Information Technology Policy Acceptable Use of Information Technology Policy Date created: January 2006 Updated Review date: April June 2008 Review date: Oct Dec 2009 Introduction VAW provides IT facilities for promoting its charitable

More information

Privacy Policy. Approved by: College Board, 01/12/2005 Principal from 14/02/2014

Privacy Policy. Approved by: College Board, 01/12/2005 Principal from 14/02/2014 Privacy Policy Approved by: College Board, 01/12/2005 Principal from 14/02/2014 Revised Date: 11/01/2008 26/08/2011 19/03/2013 14/02/2014 Review Date: 14/02/2016 PLEASE NOTE: Version control for this document

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

INTERNET AND EMAIL POLICY

INTERNET AND EMAIL POLICY Author: Computer Services Manager Valid Until: 25/02/16 Category: Public Impact Assessed: Ref: 66 Assessed: 05/03/08 10/02/10 30/01/11 25/02/15 INTERNET AND EMAIL POLICY 1 SCOPE This Internet/Email policy

More information

Data Protection and Data security Policy

Data Protection and Data security Policy Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us

More information

CCSS IT ACCEPTABLE USE POLICY Guidance for Staff and Pupils

CCSS IT ACCEPTABLE USE POLICY Guidance for Staff and Pupils CCSS IT ACCEPTABLE USE POLICY Guidance for Staff and Pupils Contents 1. Scope 2 2. Use of IT Facilities 2 3. Monitoring of IT Facilities 5 4. Maintenance & Repairs 6 5. Copyright and Licence Agreements

More information

Version: 2.0. Effective From: 28/11/2014

Version: 2.0. Effective From: 28/11/2014 Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director

More information

Data Protection Policy

Data Protection Policy Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's

More information

Email policy and practice

Email policy and practice Email policy and practice This policy applies to all staff (including agency workers, casual and temporary staff), visitors, contractors, students, alumni and researchers of Anglia Ruskin University, and

More information

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data 1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that

More information

Service Schedule for Business Email Lite powered by Microsoft Office 365

Service Schedule for Business Email Lite powered by Microsoft Office 365 Service Schedule for Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION Service Overview 1.1 The Service is a hosted messaging service that delivers the capabilities of Microsoft

More information

Information & ICT Security Policy Framework

Information & ICT Security Policy Framework Information & ICT Security Framework Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT & Regulation Group and IMG January

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

MANAGEMENT OF PERSONAL FILES POLICY

MANAGEMENT OF PERSONAL FILES POLICY MANAGEMENT OF PERSONAL FILES POLICY Executive Director lead Author/ lead Feedback on implementation to Andrew Avery (Interim Director of HR) Liz Thompson (HR Manager) Liz Thompson (HR Manager) Date of

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Acceptable Use of Information Systems Standard. Guidance for all staff

Acceptable Use of Information Systems Standard. Guidance for all staff Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Acceptable Use of Information. and Communication Systems Policy

Acceptable Use of Information. and Communication Systems Policy Use of Information Purpose of this document This document describes what is acceptable and what is unacceptable use of the company s systems. It has been prepared to help Intu Properties plc employees,

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Informatics Policy. Information Governance. Email and Internet Use and Monitoring Policy

Informatics Policy. Information Governance. Email and Internet Use and Monitoring Policy Informatics Policy Information Governance Document Control Document Title Author/Contact Document Reference 3539 Version 6 Pauline Nordoff-Tate, Information Assurance Manager Status Approved Publication

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information