YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY
|
|
- Whitney French
- 8 years ago
- Views:
Transcription
1 YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY Author Head of IT Equality impact Low Original Date September 2003 Equality No This Revision September 2005 assessment done Next Review Date September 2008 Review Body IM&T Steering Group Approved by IM&T Steering Group Policy Number IMT 07 Date of Approval November 2005 Classification IM&T
2 PC Security Policy Contents Page 1. Purpose 2 2. Scope 2 3. Roles and Responsibilities 2 4. Acquisition of Computer Assets 2 5. PC Security Software Copyright The Data Protection Act Password Security Good Password Practice Password Maintenance Prevention from Software Viruses Actions against Software Viruses 6 6. Hardware and Software Procurement System Installation Maintenance Disposal/Relocation of Equipment 7 7. Equality 7 8. Training and Awareness 7 9. Review Discipline 7 PC Security Policy 1
3 1. Purpose The purpose of this policy is to make users aware of the requirements that need to be met when using Trust PCs to ensure secure use. This policy is also designed to adhere to the BS7799 standard. 2. Scope This policy applies to all employees of the Trust in all locations including the Non-Executive Directors, temporary employees, locums and contracted staff. 3. Roles and Responsibilities The Head of IT will publicise appropriate PC security standards and guidelines. The Head of IT will also ensure they are conformed to and will monitor compliance where necessary. 4. Acquisition of Computer Assets Please refer to IM&T Procurement Policy (IM&T03) In addition the IT Department will hold a central asset register of all PC Hardware and Software, for auditing and software licensing compliance. 5. PC Security Each PC user will take personal responsibility for the security of the equipment, software and data under his/her control. Line managers will ultimately be responsible for ensuring that users under their management are aware of this and that adequate security measures are in place to protect these assets. IT Security reviews can be undertaken by the Head of IT or Data Protection Lead PC s and peripherals (scanners, printers and barcode readers etc.) will be switched off when not in use for long periods of time. PC s will, where practical, be physically protected from exposure to: Excessive heat, cold and humidity Dust Magnetic fields Static Electricity Liquids A PC or peripheral will only be opened (to expose its electronic components) and worked on by authorised Trust IT staff. It is the responsibility of the user or their line manager to verify the identity of the person attending to any equipment to ensure they are authorised individuals. PC Security Policy 2
4 Only computer software authorised by the IT Department will be loaded onto or used on PCs that are or may be connected to the Trust s network infrastructure. Only the members of the IT Department is permitted to load software on to PCs in use in the Trust. PCs that are fitted with locks or other security devices will be secured when left unattended. Any key, token or other device will be removed and retained by the user for safekeeping. All PCs are to be logged off or locked (Windows + l) when left unattended. Master copies of software will be held in the IT department. No member of staff will use a PC without proper authority i.e must have a valid user name and password which was issued to the user using the system. Any suspected unauthorised use of a PC will need to be reported in line with the Trust s Incident Reporting procedures. PCs identified by managers as at risk (defined as at risk of unauthorised access) will be protected by a BIOS password (start-up password) or other security measures as deemed appropriate by the Head of IT. Server and PCs that are used as servers will be clearly marked, be physically separated from the LAN PCs and located in a secure area. 5.1 Software Copyright Each PC user will ensure that no one loads unauthorised (pirate) software on his/her PC. This is to ensure that all software on the PC is properly licensed and registered as required by law under the The Copyright, Designs and Patents Act Each PC user will ensure that no illegal copies of the software are made from either software that is resident on his/her PC or from media in his/her possession. The IT Department retains the right to remove any illegal or unauthorised software. Software resident on the PC will be deleted if the PC is being disposed of (see Disposal of PC and Printer Equipment Policy (IMT04), or if the original version of the software is passed on to another individual or PC with the Trust. 5.2 The Data Protection Act 1998 Each PC user will need to be familiar with the Data Protection Act before using a PC. It is the responsibility of the user to ensure compliance with the Act. It is also the responsibility of the user to read and comply with the Trust s Data Protection Policy (CP15). PC Security Policy 3
5 Each user will ensure that any personal data processed on his/her PC is covered by, or exempt from, Data Protection Registration and also complies with security standard BS7799. Further information about the Data Protection Registration and BS7799 are available from the Head of IT. New systems will be assessed to identify the need for notification and registration of the data usage under the Act. All full risk assessment and compliance with BS 7799 will also be sort before connection to the Trust s LAN (Local Area Network). 5.3 Password Security Passwords will always be allocated by the Systems Managers in a manner which classifies the level of the most sensitive data held on the system to which a user is allowed access. In the majority of cases passwords are allocated to individuals for their specific access to a system, which must not be shared with anyone else. The only current exception to this is the system where some mailboxes are set-up for shared access (e.g. all Ward staff). In these exceptions the username for the system will be a shared name (i.e. Ward name), rather than an individual s name. No one should use a username and password to access a system where that password has been allocated to another individual for their sole use. This is a strict breach of IM&T Security Policies. 5.4 Good Password Practice Each member of staff will have his/her individual username and password for the system(s) that they access. All Trust PCs will have automatically activate the screensaver if left idle for 15 minutes. Regaining access to the PC will require the user to input their password. The Library public access PCs are exempt from this. PCs when left unattended for anytime, must either be logged off the Network, screen saver activated or workstation locked (Windows NT, 2000 & XP only). When someone leaves the Trust or no longer requires access to a particular system, his/her line manager must notify the IT Helpdesk of the date that access is no longer required and access will be removed. Where it is necessary to write down a password (e.g. business continuity) it will be stored in a secure place. E.g. they must not be pinned to notice boards, left inside desk drawers, attached to keyboards or in places that are easy to access. Passwords will not been displayed on screens as they are entered. Where temporary passwords are known to systems managers or IT staff (e.g. granting access to new users or systems maintenance), the user will change the password immediately on receipt. PC Security Policy 4
6 If you suspect that your password has been breached change your password immediately and report the incident for normal Trust incident reporting procedures. Passwords must consist of a minimum of 6 characters, at least one of which will need to be a non-alpha character. Passwords will not relate to the system being accessed. Password will not relate to the user e.g. family names pet names, football teams etc. 5.5 Password Maintenance Password will be changed regularly (at least every three months or as specified in the Secure Operating Procedures for the system). Each time a password is changed a new password will be used. Reuse of passwords is not permitted. Passwords will always be changed immediately in the event that it is suspected to be known by others. Password software will ask the user for re-authentication by re-entering the old password before accepting a change of password. The new password will also need to be entered twice to ensure accuracy. Password data will be held on computer systems in encrypted form. Automated log-on procedures may contain passwords but will themselves be protected. 5.6 Prevention from Software Viruses Adequate back-up procedures must be established for PCs, documented and followed. It is recommended that users store their documents on a server to ensure back up, if you require this facility contact IT Helpdesk Procedures will be developed and used in conjunction with software developed by a reputable supplier for virus checking all disks received. Users are responsible for checking that files received on either removable media, attachments or from Internet/Intranet download are virus scanned before use. If an officially provided PC is used away from Trust premises, authorised Trust staff will only use it. Users are also required to ensure that virus detection signatures are updated regularly (once a month at a minimum). The IT Department have established procedures for regular, and recored, virus checking on all PCs connect to the Trust s LAN. 5.7 Actions against Software Viruses PC Security Policy 5
7 If an infected PC is detected, the procedure will be to: Report the incident to the IT Helpdesk Virus checking of all other possibly infected PCs Isolating the PC immediately e.g. if connected to the LAN the PC will be removed to prevent further infection. Preventing the use of the infected PC again until its reuse has been approved by the Head of IT. Removal of the Virus. Data will be reloaded from the most recent clean back-up if necessary. 6. Hardware and Software Procurement Please consult IM&T Procurement Policy (IMT03) The procurement procedures will take into account the need for hardware and software compatibility needed to support the system s contingency and recovery arrangements. Hardware or software changes which may affect the network management or other operational sites, will be agreed by all parties affected. On-going maintenance arrangements (defining levels of maintenance and minimum levels of performance) will be the subject of contractual agreement i.e. Service Level Agreement (SLA). 6.1 System Installation Only staff from or authorised by the IT Department are permitted to install hardware or software. 6.2 Maintenance Only staff from or authorised by the IT Department are permitted to allowed access to hardware or software for maintenance purposes. 6.3 Disposal/Relocation of Equipment For disposal of PC and Printer equipment refer to the Disposal of PC and Printer Equipment Policy (IMT04) and for disposal of Media please refer to the Disposal of Media Policy (IMT 06). The IT department will need to be involved in the disconnection and reconnection of all PC related equipment from the network to ensure continuity of service, however Hotel Services will need to be contacted for equipment to be moved. Disconnection and reconnections of PC equipment by non IT staff may result in the PC not functioning properly in it s new location, requiring immediate attention from an IT Technician and disrupting the IT Helpdesk service to other departments. Departments should give 2 weeks notice to the IT department to ensure that the work is scheduled appropriately. PC Security Policy 6
8 Where a substantial quantity of IT equipment is to be relocated a co-ordinator will be identified for the move. The relocation co-ordinator will compile a detailed list of all equipment (including serial numbers) being moved prior to the move and again on arrival. 7. Equality The Trust recognises the diversity of the local community and those in its employ. Our aim is therefore to provide a safe environment free from discrimination and a place where all individuals are treated fairly, with dignity and appropriately to their need. The Trust recognises that equality impacts on all aspects of its day to day operations and has produced an Equality Policy Statement to reflect this. All policies and procedures are assessed in accordance with the Equality initial screening toolkit, the results for which are monitored centrally. This policy has undergone the initial screening process in line with the Trust s Race Equality Scheme and has shown a low level of impact. 8. Training and awareness The requirement of this policy will be brought to the attention of staff via the Trust s induction training programme. A copy of this policy will be available to all staff via the Trust s Intranet web pages. Awareness of the policy will be raised through Hysbysrwydd and Team Brief. 9. Review This policy will be reviewed in 3 years time. Earlier review may be required in response to exceptional circumstances, organisational change or relevant changes in legislation or guidance. 10. Discipline Breaches of this policy will be investigated and may result in the matter being treated as a disciplinary offence under the Trust s disciplinary procedure. PC Security Policy 7
Information Security
Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff
More informationICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation
ICT SECURITY POLICY Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation Responsibility Assistant Principal, Learner Services Jannette
More informationTameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
More informationNetwork Security Policy
IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service
More informationMike Casey Director of IT
Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date
More informationRotherham CCG Network Security Policy V2.0
Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationULH-IM&T-ISP06. Information Governance Board
Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet
More informationABERDARE COMMUNITY SCHOOL
ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been
More informationIM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers
IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version
More informationNETWORK AND INTERNET SECURITY POLICY STATEMENT
TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004
More informationPhysical Security Policy
Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security
More informationICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationAs a System user you need to be informed of the following issues that are governed by Trust policies and by law. Password Control Page 2
JAC MEDICINES MANAGEMENT CLINICAL DATA SYSTEM SECURITY DOCUMENT It is very important that information on JAC is kept secure from unauthorised access and that no one is able to use the system that has not
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationNHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction
NHSnet : PORTABLE COMPUTER SECURITY POLICY 9.2 Introduction This document comprises the IT Security policy for Portable Computer systems as described below. For the sake of this document Portable Computers
More informationPolicy Document. IT Infrastructure Security Policy
Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT
More informationInformatics Policy. Information Governance. Network Account and Password Management Policy
Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information
More informationVersion 1.0. Ratified By
ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience
More informationIslington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014
Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document
More informationA Guide to Information Technology Security in Trinity College Dublin
A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Version: 0.2 Committee Approved by: Audit Committee Date Approved: 15 th January 2014 Author: Responsible Directorate Information Governance & Security Officer, The Health Informatics
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact
More informationLAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee
More informationIT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)
IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationNetwork Security Policy
Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant
More informationREMOTE WORKING POLICY
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
More informationEmail Services Policy
Email Services Policy CONTENTS Page 1 Introduction 3 2 Scope 3 3 Review and Evaluation 3 4 General Principles 4 5 Responsibilities 4 6 Business Use and Continuity 4 7 Personal Use 6 8 Managing Email Messages
More informationWorking Together Aiming High!
Poplar Street Primary School ICT Security and Acceptable Use Policy E-Safety policy 2013/14 Working Together Aiming High! 1 Contents 1. Introduction... 3 2. Policy Objectives... 3 3. Application... 3 4.
More informationLEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction
LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed
More informationINFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE
INFORMATION GOVERNANCE POLICY: PROTECTION AGAINST MALICIOUS SOFTWARE Original Approved by: Policy and Procedure Ratification Sub-group on 23 October 2007 Version 2.1 Approved by: Information Governance
More informationNEWLY CREATED / REVISED POSTS JOB MATCHING POLICY AND PROCEDURE
YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST NEWLY CREATED / REVISED POSTS JOB MATCHING POLICY AND PROCEDURE Author Director of Human Resources Equality impact
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationInformation Security Code of Conduct
Information Security Code of Conduct IT s up to us >Passwords > Anti-Virus > Security Locks >Email & Internet >Software >Aon Information >Data Protection >ID Badges > Contents Aon Information Security
More informationEMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards
EMMANUEL CE VA MIDDLE SCHOOL IT Security Standards 1. Policy Statement The work of Schools and the County Council is increasingly reliant upon Information & Communication Technology (ICT) and the data
More informationTerms and Conditions of Use - Connectivity to MAGNET
I, as the Client, declare to have read and accepted the terms and conditions set out below for the use of the network connectivity to the Malta Government Network (MAGNET) provided by the Malta Information
More informationGuidelines for smart phones, tablets and other mobile devices
Guidelines for smart phones, tablets and other mobile devices Summary Smart phones, tablets and other similar mobile devices are being used increasingly both privately and in organisations. Another emerging
More informationInformation Technology Security Policies
Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral
More informationVersion: 2.0. Effective From: 28/11/2014
Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director
More informationICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen
ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure
More informationInformation Security Policy
Information Security Policy The purpose of this Policy is to describe the procedures and processes in place to ensure the secure and safe use of the federation s network and its resources and to protect
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September
More informationInformation Technology (IT) Security Guidelines for External Companies
Information Technology (IT) Security Guidelines for External Companies Document History: Version Name Org.-Unit Date Comments 1.1 Froehlich, Hafner Audi I/GO VW K-DOK 25.05.2004 Table of Contents: 1. Goal...3
More information2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy
Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change
More informationSoftware Policy. Software Policy. Policy and Guidance. June 2013
Software Policy Policy and Guidance June 2013 Project Name Software Policy Product Title Policy and Guidance Version Number 1.2Final Page 1 of 8 Document Control Organisation Title Author Filename Owner
More informationAcceptable Use of ICT Policy. Staff Policy
Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationDraft Information Technology Policy
Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software
More informationCITY OF MARLBOROUGH MARLBOROUGH, MASSACHUSETTS 01752-3812
CITY OF MARLBOROUGH MARLBOROUGH, MASSACHUSETTS 01752-3812 APPLICATION FOR INTERNET ACCESS To obtain Internet Access, complete the following form, sign and obtain department head signature and return to
More informationGrasmere Primary School Asset Management Policy
Grasmere Primary School Asset Management Policy 1. INTRODUCTION: 1.1.1 The Governing Body of Grasmere Primary School is responsible for the proper management and security of the school premises and the
More informationIM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...
IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Data Handling in University Information Classification and Handling Agenda Background People-Process-Technology
More informationThe Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3
Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment
More informationIT ACCESS CONTROL POLICY
Reference number Approved by Information Management and Technology Board Date approved 30 April 2013 Version 1.0 Last revised Review date March 2014 Category Owner Target audience Information Assurance
More informationIxion Group Policy & Procedure. Remote Working
Ixion Group Policy & Procedure Remote Working Policy Statement The Ixion Group (Ixion) provide laptops and other mobile technology to employees who have a business requirement to work away from Ixion premises
More informationUSE OF PERSONAL MOBILE DEVICES POLICY
Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014
More informationTenth Judicial Circuit of Florida Information Systems Acceptable Use Guidelines Polk, Hardee and Highlands Counties as of January 2014
Tenth Judicial Circuit of Florida Information Systems Acceptable Use s Polk, Hardee and Highlands Counties as of January 2014 The following guidelines define the acceptable use of information technology
More informationData Access Request Service
Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationICT OPERATING SYSTEM SECURITY CONTROLS POLICY
ICT OPERATING SYSTEM SECURITY CONTROLS POLICY TABLE OF CONTENTS 1. INTRODUCTION... 3 2. LEGISLATIVE FRAMEWORK... 3 3. OBJECTIVE OF THE POLICY... 4 4. AIM OF THE POLICY... 4 5. SCOPE... 4 6. BREACH OF POLICY...
More informationDene Community School of Technology Staff Acceptable Use Policy
Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,
More informationU.S. Department of the Interior's Federal Information Systems Security Awareness Online Course
U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course Rules of Behavior Before you print your certificate of completion, please read the following Rules of Behavior
More informationProtection of Computer Data and Software
April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal
More informationPolicy Document. Communications and Operation Management Policy
Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author
More informationSchool of Computer Science and Engineering policy with regard to self-administered computers
School of Computer Science and Engineering policy with regard to self-administered computers CSE Computer Security Committee October, 2002 Abstract The School s Computing Support Group (CSG) provides a
More informationComputer Network & Internet Acceptable Usage Policy. Version 2.0
Computer Network & Internet Acceptable Usage Policy Version 2.0 April 2009 Document Version Control Version Date Description 1.0 Sept 2003 Original Version (adopted prior to establishment of BoM) 2.0 March
More informationInformation Security Policies. Version 6.1
Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access
More informationData and Information Security Policy
St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration
More informationDecision on adequate information system management. (Official Gazette 37/2010)
Decision on adequate information system management (Official Gazette 37/2010) Pursuant to Article 161, paragraph (1), item (3) of the Credit Institutions Act (Official Gazette 117/2008, 74/2009 and 153/2009)
More informationUniversity of Aberdeen Information Security Policy
University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...
More informationPolicy Number: ULH-IM&T-ISP01 Version 3.0 Page 1 of 25
Information Security Policy Policy Number: ULH-IM&T-ISP01 Version 3.0 Page 1 of 25 Document Information Trust Policy Number : ULH-IM&T-ISP01 Version : 3.1 Status : Approved Issued by : Information Governance
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationCITY OF WAUKESHA HUMAN RESOURCES POLICY/PROCEDURE POLICY B-20 SOFTWARE USAGE AND STANDARDIZATION
CITY OF WAUKESHA HUMAN RESOURCES POLICY/PROCEDURE POLICY B-20 SOFTWARE USAGE AND STANDARDIZATION 1.0 Purpose and Scope of Policy It is the policy of the City of Waukesha (City) to respect all computer
More informationInformation Security Policy. Policy and Procedures
Information Security Policy Policy and Procedures Issue Date February 2013 Revision Date February 2014 Responsibility/ Main Point of Contact Neil Smedley Approved by/date Associated Documents Acceptable
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationJOB AND PERSON SPECIFICATION
JOB AND PERSON SPECIFICATION Position Title: Help Desk Officer Classification Code: ASO-3 Division: Central Northern Adelaide Health Service Branch: The Queen Elizabeth Hospital Type of Appointment: Section:
More informationNotice: Page 1 of 11. Internet Acceptable Use Policy. v1.3
Notice: Plymouth Community Healthcare Community Interest Company adopted all Provider policies from NHS Plymouth when it became a new organisation on 1 October 2011. Please note that policies will be reviewed
More informationPBGC Information Security Policy
PBGC Information Security Policy 1. Purpose. The Pension Benefit Guaranty Corporation (PBGC) Information Security Policy (ISP) defines the security and protection of PBGC information resources. 2. Reference.
More informationCorporate Affairs Overview and Scrutiny Committee
Agenda item: 4 Committee: Corporate Affairs Overview and Scrutiny Committee Date of meeting: 29 January 2009 Subject: Lead Officer: Portfolio Holder: Link to Council Priorities: Exempt information: Delegated
More informationDEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE
2 of 10 2.5 Failure to comply with this policy, in whole or in part, if grounds for disciplinary actions, up to and including discharge. ADMINISTRATIVE CONTROL 3.1 The CIO Bureau s Information Technology
More informationCCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review
More informationTHE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY
THE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY Version Author Date Approved by Board 2009-1 Gillian Kirkup 24 March 2010 Page 1 of 8 THE RICE MARKETING BOARD FOR
More informationAcceptable Use of Information Systems Standard. Guidance for all staff
Acceptable Use of Information Systems Standard Guidance for all staff 2 Equipment security and passwords You are responsible for the security of the equipment allocated to, or used by you, and must not
More informationSecure Storage, Communication & Transportation of Personal Information Policy Disclaimer:
Secure Storage, Communication & Transportation of Personal Information Policy Version No: 3.0 Prepared By: Information Governance, IT Security & Health Records Effective From: 20/12/2010 Review Date: 20/12/2011
More informationa) Access any information composed, created, received, downloaded, retrieved, stored, or sent using department computers.
CAYUGA COUNTY POLICY MANUAL Section 11 Subject: Electronic messaging and internet 1 Effective Date: 5/25/10; Res. 255-10 Supersedes Policy of: November 28, 2000 Name of Policy: County Computer Hardware-Software
More informationCaldwell Community College and Technical Institute
Caldwell Community College and Technical Institute Employee Computer Usage Policies and Procedures I. PURPOSE: The purpose of this section is to define the policies and procedures for using the administrative
More informationTHE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE
THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationINFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes
INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most
More informationEast Cheshire NHS Trust - A Review of the New Jersey Policy
ICT Security Policy Information Security Manager Page 1 Policy : Executive Summary: ICT Security Policy This policy introduces a single policy for ICT for Information Security within East Cheshire NHS
More informationCorporate Information Security Policy
Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives
More informationSoftware compliance policy
Software compliance policy Name of policy, procedure or regulation Software compliance policy Purpose of policy, procedure or regulation To provide a coordinated approach to software asset management Who
More information