Remote Working (Policy & Procedure)



Similar documents
Data Protection Policy & Procedure

Personal Data Security Breach Management Policy

Internet and Policy User s Guide

Data Protection Act Data security breach management

HIPAA HITECH ACT Compliance, Review and Training Services

GUIDANCE FOR BUSINESS ASSOCIATES

VCU Payment Card Policy

Process for Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

LINCOLNSHIRE POLICE Policy Document

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

ALBAN CHURCH OF ENGLAND ACADEMY COMPUTER SECURITY POLICY. Approved by Governing Body on: 6 th May 2015

University of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

DisplayNote Technologies Limited Data Protection Policy July 2014

NHS WEST NORFOLK CLINICAL COMMISSIONING GROUP SAFEHAVEN POLICY

In addition to assisting with the disaster planning process, it is hoped this document will also::

How To Deal With A Data Breach In The European Law

Unified Infrastructure/Organization Computer System/Software Use Policy

Process of Setting up a New Merchant Account

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Corporate Standards for data quality and the collation of data for external presentation

For students to participate in BYOD please follow these two steps

TITLE: RECORDS AND INFORMATION MANAGEMENT POLICY

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

TrustED Briefing Series:

Security Services. Service Description Version Effective Date: 07/01/2012. Purpose. Overview

ISMF Standard 141 Endpoint Protection. OCIO/S4.6 Government standard on cyber security

DETROIT PUBLIC SCHOOLS NETBOOK PARENT CONSENT FORM For 8 th 12 th Grade Students Only

Records management guidance 12. Disposing of Information

Public consultation paper

nbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents.

Hampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

Cell Phone & Data Access Policy Frequently Asked Questions

BYOD and Cloud Computing

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company,

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

South Australia Police POSITION INFORMATION DOCUMENT

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Norwood Public Schools Internet & Cell Phone Use Agreement School Year

ensure that all users understand how mobile phones supplied by the council should and should not be used.

Accessible Service Policy

Systems Support - Extended

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

NHVAS Mass Management Spot Check Checklist

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

Employees - recruitment, records and monitoring

Wadham College Information Security Policy

Texas Woman's University University Policy Manual

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

First Global Data Corp.

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Information Services Hosting Arrangements

Hillsborough Board of Education Acceptable Use Policy for Using the Hillsborough Township Public Schools Network

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

Terms and Conditions of Use of Bewley s Hotel Dublin Airport Car Park

Lines of Business: Auto Liability, General Liability, Professional Liability, Worker s Compensation

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

Colorado Rapids Youth Soccer Club Social Media and Electronic Communication Policies

Mbile Plicy FER specification - Review

FAYETTEVILLE STATE UNIVERSITY

Internet Banking Agreement and Disclosure Statement

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

Privacy and Security Training Policy (PS.Pol.051)

Service Level Agreement

SOFTWARE DEVELOPER POSITION BY RIOMED LTD. SAFE. EFFICIENT. QUALITY WORLD CLASS HEALTHCARE SOLUTION

CPIT Aoraki ICT Asset and Media Security Standard

Malpractice and Maladministration Policy

ACTIVITY MONITOR. Live view of remote desktops. You may easily have a look at any user s desktop.

Immaculate Conception School, Prince George Bring Your Own Device Policy for Students

How To Ensure That The Internet Is Safe For A Health Care Worker

How to Address Key Selection Criteria

CMS Eligibility Requirements Checklist for MSSP ACO Participation

DATE APPROVED March Version Date Comments / Changes 1.0 March 2011 Initial policy released

IMPLEMENTATION DETAILS

How To Write A Disaster Recovery Plan

Service Desk Self Service Overview

SKILLS CANADA - ONTARIO

To clarify terms used within these policies, the following definitions are provided:

Information & Communications Technology ICT Security Compliance Guide (Student)

Hi-Tech will not be responsible if your hardware fails and you lose your residents medical record documentation and/or MDS records.

CHANGE MANAGEMENT STANDARD

Use Policy. Effective November 2015 Present

Corporate Account Takeover & Information Security Awareness

Service Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S

Plus500CY Ltd. Statement on Privacy and Cookie Policy

UBC Incident Response Plan V1.5

Wiltshire College. Job Description. Public Relations Officer (Fixed term maternity cover) 5: 21,103 per annum Marketing and Communications Manager

COMPREHENSIVE SAFETY ASSESSMENT INSTRUCTIONS for STUDY ABROAD PROGRAMS

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

Sources of Federal Government and Employee Information

HCHS Student ipad User Agreement

POSITION DESCRIPTION. Classification Higher Education Worker, Level 7. Responsible to. I.T Manager. The Position

Transcription:

Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer & Infrmatin Gvernance Manager Related Infrmatin Cmputer Misuse Act 1990 Data Prtectin Act Gvernment Prtective Marking Scheme ICT Acceptable Use Plicy Mbile Phne Plicy Official Secrets Act 1989 Regulatin f Investigatry Pwers Act The Telecmmunicatins (Lawful Business Practice) (Interceptin f Cmmunicatins) Regulatins 2000 Date First Apprved at FPG 05/12/2012 This Versin Versin 1.0 Created 12/09/2012 Date f Next Review 05/12/2015 September 2012

Remte Wrking PSD Plicy Statement Merseyside Plice needs t maintain a high level f cnfidence and trust with ur custmers, suppliers, ther frces, criminal justice agencies and ur crime and disrder partners. We must, therefre, be able t demnstrate that business infrmatin is prtected frm bth intentinal and unintentinal misuse irrespective f the lcatin at which the infrmatin is handled. Aims This plicy aims t establish minimum prtective measures by utlining the physical and ICT cntrls applicable when wrking n fficial infrmatin away frm fficial premises. The plicy is underpinned by prcedures designed t prvide clear, definitive and unambiguus directin fr all thse invlved in remte wrking. This shuld help t prtect the Merseyside Plice Cmputer Netwrk, equipment and the infrmatin that it hlds. Objectives A brad bjective is t enable the rganisatin and its emplyees t gain the maximum business benefit frm using frce infrmatin. Mre specific assciated bjectives are t: a) Safeguard the rganisatin s infrmatin. b) Prtect the rganisatin frm ptential legal liabilities and prtect the reputatin f Merseyside Plice. c) Ensure all individuals using frce infrmatin in remte lcatins understand their persnal respnsibilities. d) Ensure that ICT systems and equipment used fr remte wrking are used apprpriately. Applicatin and Scpe The plicy applies t the use f all Merseyside Plice infrmatin frm any remte wrking lcatin. Remte wrkers must ensure that they read, understand and cmply with all relevant frce plicies and thse prcedures cntained within, r referenced frm, this dcument. Failure t cmply may lead t a breach in system security and cnsequently may lead t disciplinary actin. Remte wrking refers t any wrk dne utside f Merseyside Plice premises, including accessing, string, prcessing r discussing business infrmatin. This culd be at hme, at anther frce r at a partner agency. It als cvers mbile wrking; traveling n public r private transprt; staying in htels; in public places such as libraries r cffee shps r even having telephne cnversatins in the street. All system use is audited and system users shuld have n expectatin f privacy. Merseyside Plice will take criminal and/r disciplinary actin against any emplyee wh wilfully misuses its systems. Status: V1.0 1 Last Update: 26/09/2012

Remte Wrking PSD Outcme Evaluatin The Anti Crruptin Unit will retain respnsibility fr ensuring that the use f ICT systems and frce infrmatin is audited and mnitred n an nging basis. Relevant data will include the number f cases investigated by the ACU and cmplaints/referrals t PSD n assciated issues. Status: V1.0 2 Last Update: 26/09/2012

Remte Wrking PSD 1. Remte Wrking Prcedures 1.1 Persnal Respnsibility 1.1.1 All users f Merseyside Plice ICT systems, equipment and infrmatin have a persnal respnsibility t prtect frce infrmatin and assets that are under their cntrl. This includes keeping them physically safe when in transit and securely string all papers and prtable ICT equipment when wrk is finished. 1.1.2 When wrking frm hme it is the persnal respnsibility f the individual t make sure infrmatin is safe and the individual s husehld understands the need fr the security measures t be taken. 1.2 Security Measures 1.2.1 The fllwing pints cver the security measures needed t wrk securely utside f Merseyside Plice premises. 1.2.2 It is necessary t: a) Obtain the Head f Department r Area Cmmander s apprval befre cmmencement f remte wrking. b) Be familiar with and abide by the security requirements f all frce plicies and legislatin and in particular: Acceptable Use f ICT Plicy Gvernment Prtective Marking Scheme (GPMS) Data Prtectin Plicy Email & Electrnic Messaging Plicy Internet Plicy c) Cnsider the GPMS prtective marking f the infrmatin yu will be wrking n and handle this in line with frce plicies and prcedures. d) Transprt papers, prtable ICT, fficial briefcases and phnes securely. Keep them with yu at all times when travelling and stre them securely. D nt leave frce infrmatin in vehicles that are left unattended i.e. vernight r during breaks in jurneys. e) Make sure yur lcatin is sensibly secure t wrk in, fr example it is nt verlked. D nt wrk n sensitive matters in a public place. If wrking frm hme, if pssible, use a rm where the dr can be clsed and may be lcked at the end f the day. f) Put yur papers away and lck yur laptp/pc if stepping away frm yur ICT. g) Use the security ptins n yur mbile phne, such as a pin number r a passwrd. h) Remember that telephnes are nt secure, be aware telephne calls are transmitted ver pen lines. i) Ensure that remvable media cntaining frce infrmatin must be encrypted by using frce systems. j) Always recrd business infrmatin n apprved ICT equipment. Be aware that the Freedm f Infrmatin Act applies t any infrmatin cncerning fficial business held in persnal email accunts r n yur persnal ICT. k) Bring prtectively marked infrmatin back int the ffice fr secure dispsal if there is n apprved secure destructin facility available. l) Cntact the ICT Helpdesk, if travelling r wrking verseas, t check whether security restrictins apply. Status: V1.0 3 Last Update: 26/09/2012

Remte Wrking PSD 1.2.3 It is vital that remte wrkers d nt: a) Wrk n r stre persnal data r prtectively marked data n persnal ICT. This includes PCs, laptps, tablets, CDs, DVDs, memry sticks etc. b) Send r frward persnal data r prtectively marked data ver the Internet r t private email addresses. c) Share yur passwrd with anyne. d) Stre yur passwrd with yur ICT. e) Hld sensitive cnversatins, r thse invlving persnal data, in public. Only use secure email r wait until yu are back in the ffice if pssible. f) Give ut persnal cntact numbers withut the wner s cnsent and be wary f unidentified callers. 2 Incident Management Prcedures 2.1 Incident Reprting Structure 2.1.1 Individuals wh becme aware that an IT system infrmatin has, r may have been, cmprmised, must reprt this, at the first available pprtunity, t the ICT Helpdesk and Infrmatin Gvernance Manager via their line manager. Reprts shuld be made using the frm available n the frce Intranet. It is a requirement that they include all relevant details, including, where pssible, what infrmatin may have been cmprmised. The types f incident that need t be reprted are: a) Suspected r actual lss f, r unauthrised access t, Prtectively Marked material this includes unauthrised individuals lking at IT system infrmatin n a terminal screen r in hard-cpy frmat. b) Cmprmise f security measures prtecting IT system infrmatin this includes malfunctining lcks, brken shredders, and lst keys t security cntainers. c) Suspected virus infectin f the IT system r terminal, including unexpected errr messages r warning messages frm anti-virus sftware. d) Previusly unidentified threats t IT system infrmatin. 2.1.2 Where an individual suspects that a virus has infected a terminal, they must stp using the terminal and cntact the ICT Helpdesk immediately fr advice, either by telephne r by e-mail frm a different terminal. 2.1.3 Any suspected lss, theft r cmprmise f IT system infrmatin r equipment will be initially investigated by the Frce Infrmatin Gvernance Manager, in cases where security has been breached, r the Anti Crruptin Unit, where internal miscnduct is suspected. If it is believed that the safety f an individual r individuals may be cmprmised by an incident, apprpriate actin will be taken, in cmpliance with Frce plicy. 2.2 General Incident and Fault Reprting Structure 2.2.1 IT system users shuld cntact the ICT Helpdesk fr general IT system related issues. Only apprved IT supprt staff must deal with any IT system issues. Hwever in sme cases a Systems Administratr may deal directly with sme functinal issues. Status: V1.0 4 Last Update: 26/09/2012

Remte Wrking PSD Appendix 1 Glssary f Terms GPMS Gvernment Prtective Marking Scheme ACU Anti Crruptin Unit ICT Infrmatin Cmmunicatin Technlgy, this is a term used t cver all the technlgies used fr infrmatin prcessing, including sftware, hardware, cmmunicatins technlgies and related services. ICT systems A term used t describe ICT and the prcesses, prcedures and ther functins that are used t supprt a business prcess. Remvable Media All prtable devices used t stre data. e.g. USB Sticks CD-Rm, DVD Malware A Malicius r unwanted sftware prgram. Persnal Data Infrmatin frm which a living individual can be identified either frm that infrmatin r that and ther available infrmatin. Appendix 2 Cntact Infrmatin Rle Descriptin f Rle Cntact ICT Helpdesk Infrmatin Gvernance Manager Data Prtectin Officer IT Security Officer The Frce Recrds Manager Systems Administratr The first pint f call fr all IT issues. Prvides advice and reslutin t IT issues. Prvides advice and guidance n security educatin, training and gd practice. Prvides advice n plicies and prcedures. Prvides advice and guidance n Data Prtectin educatin, training and gd practice. Prvides advice n plicies and prcedures. The IT Security Officer prvides advice and guidance n technical security practice and Infrmatin Systems. Prvides advice n the management f frce recrds and their retentin. Systems Administratrs are respnsible fr the day-t-day management, security, mnitring and administratin f individual systems. ICT Department Tel: 75555 Email: IT Helpdesk Anti Crruptin Unit Tel: 71422 Email: Infrmatin Security Anti Crruptin Unit Tel: 71422 Email: Infrmatin Security ICT Department Tel: 75542 Email: IT Security Officer Infrmatin Bureau Tel: 77055 Email: Recrds Management Each system has its wn systems administratr. Cntact the ICT Helpdesk fr advice. Tel: 75555 Email: IT Helpdesk Status: V1.0 5 Last Update: 26/09/2012

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information