SERVER, DESKTOP AND PORTABLE SECURITY. September 2014. Version 3.0



Similar documents
ELECTRONIC MAIL ( ) September Version 3.1

MANAGEMENT OF USER ACCOUNTS AND PASSWORD POLICY AUGUST Version 2.0

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Protection of Computer Data and Software

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

SECURITY POLICY REMOTE WORKING

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

Data and Information Security Policy

Dene Community School of Technology Staff Acceptable Use Policy

How To Protect Decd Information From Harm

Version: 2.0. Effective From: 28/11/2014

Information Security Policy for Associates and Contractors

Rotherham CCG Network Security Policy V2.0

Highland Council Information Security Policy

Mike Casey Director of IT

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

Remote Working and Portable Devices Policy

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Information Security

Newcastle University Information Security Procedures Version 3

Policy Document. Communications and Operation Management Policy

Network Security Policy

Merthyr Tydfil County Borough Council. Information Security Policy

HIPAA Security Training Manual

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

BARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY

Portable Devices and Removable Media Acceptable Use Policy v1.0

ULH-IM&T-ISP06. Information Governance Board

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

Version 1.0. Ratified By

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

ABERDARE COMMUNITY SCHOOL

HIPAA Security Alert

NETWORK SECURITY POLICY

Why do we need to protect our information? What happens if we don t?

This policy outlines different requirements for the use of PSDs based on the classification of information.

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Standard Operating Procedure. Secure Use of Memory Sticks

LSE PCI-DSS Cardholder Data Environments Information Security Policy

INFORMATION SECURITY POLICY

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

Physical Security Policy

REMOTE WORKING POLICY

PS177 Remote Working Policy

Human Resources Policy documents. Data Protection Policy

Physical and Environment IT Security Standards

Remote Access and Home Working Policy London Borough of Barnet

How to Practice Safely in an era of Cybercrime and Privacy Fears

NETWORK AND INTERNET SECURITY POLICY STATEMENT

Data Security Policy

Ohio Supercomputer Center

State of South Carolina Policy Guidance and Training

Information Security Policy London Borough of Barnet

Burton Hospitals NHS Foundation Trust. On: 16 January Review Date: December Corporate / Directorate. Department Responsible for Review:

Information Security Policy

POLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central.

Corporate Information Security Management Policy

How To Ensure Your School Is Safe Online

School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy

NETWORK SECURITY POLICY

Encryption Policy Version 3.0

Policy: Remote Working and Mobile Devices Policy

University for the Creative Arts. Mobile Working and Remote Access Policy

INFORMATION SECURITY POLICY

Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Data Access Request Service

Dublin Institute of Technology IT Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February Title: Information Security Policy

Course: Information Security Management in e-governance

How To Protect School Data From Harm

Network Security Policy

INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY

Acceptable Use of ICT Policy. Staff Policy

Remote Working - Remote and Mobile Computing Policy. Purpose 3. Strategic Aims 3. Introduction 3. Scope 5. Responsibilities 5.

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

Originator: Chris Parkin Date: 4 March 2015 Approved by: Senior Management Team Type: Policy. Computer Security Policy

Information Security Policy

HR Guide: Agile Working Version: 1.0

How To Protect Research Data From Being Compromised

Grasmere Primary School Asset Management Policy

University of Liverpool

Information Security Policy. Policy and Procedures

Information Security Incident Reporting & Investigation

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Estate Agents Authority

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

Information Technology Acceptable Usage Policy

So the security measures you put in place should seek to ensure that:

Service Children s Education

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Working Together Aiming High!

This factsheet is for: Senior management of small firms that handle, store or dispose of customers personal data in the course of their business.

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

Summary Electronic Information Security Policy

Transcription:

SERVER, DESKTOP AND PORTABLE SECURITY September 2014 Version 3.0 Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable

Policy Title SERVER, DESKTOP AND PORTABLE SECURITY POLICY Policy Reference Number CORP09/005 Original Implementation Date September 2009 Revised Date September 2014 Approved Date November 2014 Review Date November 2016 Responsible Officer FERGAL DUREY, AD for ICT and Telecommunications Western Health and Social Care Trust Page 1 of 6 Server, Desktop and Portable

Table of Contents 1. Background and Purpose 3 2. Guidelines for staff 3 3. Computer Suites and Communication Rooms 5 4. ICT Equipment and Network Security 5 5. Counter Measures 5 6. Additional Resources 6 7. Training 6 8. Equality & Human Right s Statement 6 9. Further Information 6 Western Health and Social Care Trust Page 2 of 6 Server, Desktop and Portable

1. Background and Purpose The Western Health and Social Care Trust (WHSCT) invests heavily in ICT infrastructure to improve performance and service capability for excellent patient / client care. This investment is supported by increased spending on ICT Governance and information security. Staff must be aware of the need to secure ICT devices against theft or damage. The information on these devices can be of a highly sensitive nature and need to be protected against unauthorised access. All staff have a responsibility in relation to the physical and information security of all the ICT devices and systems they use or have access to. The policy sets out measures to be adhered to by staff as part of their responsibilities for safeguarding Trust systems and services- and the data they hold from misuse, abuse, corruption or loss. The policy also includes guidance for ICT Services staff who have an additional responsibility for ICT equipment and network sustainability. The measures outlined in this policy will not be effective without the cooperation of all Western Trust staff. Acceptance of this policy is a prerequisite for approval to use Trust devices or systems. 2. Guidelines for staff 2.1 ICT devices and systems Only authorised devices that are owned by the Trust can be used to store or process Health and Social Care information. Only authorised devices that are owned by the Trust/HSC can have access to the Trust network. No ICT device is to be removed from Trust property without authorised permission. The ICT Service Desk must be informed and appropriate documentation completed. Only authorised members of Trust staff can use ICT devices whether on/off-site All PC s, tablets and laptops must have encryption software installed and activated. Staff carrying or using ICT devices on or off Trust s premises must take all reasonable steps to guard against their theft, loss or damage and against unauthorised use. Do not attach Trust devices to any unauthorised external networks, either fixed or wireless, unless using the Trust approved remote access method. If access is required to a Non-HSC network then approval should be sought in writing from the Assistant Director of ICT and Telecommunications. Staff must not install new software or make configuration changes. This can only be carried out by ICT staff. Installation (by ICT staff) of new software or hardware, or changes to configurations, is only permitted provided appropriate licensing arrangements are in place. Western Health and Social Care Trust Page 3 of 6 Server, Desktop and Portable

The Trust has provided backup arrangements. Users are advised to ensure their business data is backed up in order to safeguard against possible data loss. For further details contact the ICT support desk. Only ICT staff are authorised to move ICT devices and staff should ensure that all requisite documentation must be completed in line with internal ICT procedures. Authorisation must be sought before a 3 rd party removes an ICT device from the premises for repair, staff must ensure that any sensitive data is protected. Requisite documentation must be completed in line with internal ICT procedures. Trust ICT devices should only be used for Trust business. Use of unauthorised Cloud services is prohibited Any ICT device that requires connection to the Trust network must make specific arrangements with the ICT department. Arrangements must be made with ICT staff for the physical disposal of ICT equipment. For further details refer to WHSCT ICT Disposals policy. 2.2 Removable Media This includes the use of CD ROMs, DVDs, Floppy disks, USB devices (e.g. Memory sticks, Pen drives, Flash drives, External hard drives, Memory cards, Smart phones and any other removable device capable of storing information. This is not an exhaustive list) a) NO identifiable patient/client or business sensitive information should be written onto this type of device, unless- i) There is a genuine business imperative for doing so ii) AND approval has been granted under the Data Access Agreement (DAA) iii) AND the media is fully encrypted and complies with all relevant Communications and Electronic Group (CESG) Standards b) Patient/client identifiable information currently held on devices that does not meet these standards should be removed immediately. For advice on safe removal of this type please contact ICT Service Desk. 3. Computer suites and Communication Rooms Controlled access to secure areas is in place. Certain staff roles may necessitate permission to enter these facilities. All requests should be made through the ICT Services Desk for consideration. Where reasonably possible records should be maintained, identifying staff allowed to enter secure areas. Access rights will be reviewed on a regular basis. Must be secured by swipe access or locks, preferably with codes which can be changed periodically. All doors and windows must be locked when such rooms are unattended. Supervised visitor access will be authorised for specific purposes at the discretion of the ICT Services. Such visits will be recorded. Eating and drinking in secure areas is prohibited. Computer suites and communications rooms, although secure, should never be used as storerooms. Western Health and Social Care Trust Page 4 of 6 Server, Desktop and Portable

4. ICT Equipment and Network Security The creation of a new ICT network domain, including those by 3 rd party providers, requires approval from the ICT Department. 5. Countermeasures This policy should be seen as one of a number of countermeasures put in place to protect the organisation and its employees from such things as inadvertent exposure to illicit material, malicious software etc, and also the possibility of legal action as a direct result of computer abuse or misuse. Protection is provided by the following:- Endpoint Security All computers on the Trust network have Endpoint (anti-virus) software installed. The software runs permanently and is updated with the latest version several times a day. Users of other third party devices/modalities that are attached to the Trust network must make special arrangements to have Endpoint software installed via the ICT Service Desk. Software Updates Some software may contain security vulnerabilities that were not identified prior to its release. These issues can cause programs to run less effectively or make them susceptible to certain malicious software attacks. Depending on the seriousness of the vulnerability, the Trust will distribute updates, known as patches, to all computers connected on the Trust network. Patches will be installed on Trust computers automatically and may require them to restart. Monitoring i) The Trust reserves the right to perform adhoc inspections, either physically or remotely, to ensure compliance of this policy. ii) In cases where abuse or misuse is suspected, a line manger may request further usage details from the AD for ICT and Telecommunications. Suspected cases of abuse or breaches in policy will be rigorously investigated within HR guidelines and in conjunction with HR staff. Western Health and Social Care Trust Page 5 of 6 Server, Desktop and Portable

6. Additional Resources This policy should be read in conjunction with other policies relating to effective and appropriate use of ICT services, including: 1) WHSCT Email Policy 2) WHSCT Internet Policy 3) WHSCT Management of User Accounts and Password Policy. 4) WHSCT Malicious Software Policy 5) WHSCT ICT Disposals Policy 6) WHSCT Social Media Policy 7) DHSSPS Code of Practice on Protecting the Confidentiality of Service User Information 8) Information Commissioner Anonymisation: managing data protection risk code of practice (www.ico.gov.uk) 9) Information Commissioner Data sharing code of practice (www.ico.gov.uk) 10) Regulation of Investigatory Powers Act 2000 11) BSO ICT policies 7. Training The Trust is committed to staff development and seeks to consistently improve development standards and opportunities for staff in line with organisational objectives, policies and procedures. Should you or your staff require support in the effective use of ICT please contact the ICT Training Team via the ICT Service Desk. 8. Equality & Human Right's Statement The Western Health & Social Care Trust's Equality and Human Right's statutory obligations have been considered during the development of this policy. 9. Further Information For further information in relation to this policy please refer to:- The ICT User Forum on the ICT service desk portal available on the Trust intranet link below. (http://wta-eservicedesk/portal/). Western Health and Social Care Trust Page 6 of 6 Server, Desktop and Portable

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information