Information Security Policy Fraud



Similar documents
Information Security Policy

NHS Lanarkshire Information Governance Committee

NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records

INFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY

Corporate Information Security Policy

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

Use of Social Networking Websites Policy. Joint Management Trade Union Committee. ENDORSED BY: Consultative Committee DATE: 14 February 2013

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February Title: Information Security Policy

Electronic Communications Monitoring Policy

NHS Business Services Authority Information Security Policy

Ulster University Standard Cover Sheet

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

General Register Office for Scotland information about Scotland s people. Paper NHSCR GB 1/08. NHSCR Scotland Information Governance Standards

INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT

Information Governance Policy (incorporating IM&T Security)

Highland Council Information Security Policy

INFORMATION TECHNOLOGY SECURITY STANDARDS

Information security policy

UNIVERSITY OF ST ANDREWS. POLICY November 2005

University of Ulster Standard Cover Sheet

Information Security and Governance Policy

2.0 RECOMMENDATIONS Members of the Committee are asked to note the information contained within this report.

Network Security Policy

POLICY DOCUMENT. Policy on Mobile / Portable Computing Devices and Data Security. Release: Final Date Created: 3 March 2009

Information Security Policy

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

Information Security Policy. Information Security Policy. Working Together. May Borders College 19/10/12. Uncontrolled Copy

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

Dene Community School of Technology Staff Acceptable Use Policy

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

Corporate Information Security Management Policy

University of Liverpool

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Information Governance Policy

INFORMATION SECURITY POLICY

Caedmon College Whitby

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

TABLE OF CONTENTS Information Systems Security Handbook Information Systems Security program elements. 7

Policy and Procedure for Handling and Learning from Feedback, Comments, Concerns and Complaints

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

General Register Office for Scotland information about Scotland s people. Paper NHSCR GB 5/07. NHSCR s quality assurance procedures

Information & ICT Security Policy Framework

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

ISO27001 Controls and Objectives

CONTROLLED DOCUMENT. Traffic Management Policy

Policy Number: ULH-IM&T-ISP01 Version 3.0 Page 1 of 25

and Internet Policy

West Lothian College. and Computer Network Responsible Use Policy. September 2011

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

GUIDEILINE FOR MONITORING STAFF COMPUTER USE

Public Records (Scotland) Act NHS Health Scotland Assessment Report. The Keeper of the Records of Scotland. 5 th August 2015

INFORMATION SECURITY POLICY

IT change management policy

ULH-IM&T-ISP06. Information Governance Board

GROUP POLICY MANUAL CODE OF CONDUCT AND ETHICS POLICY

Nursing and Midwifery Workload and Workforce Planning Project: A Good Practice Guide in the Use of Supplementary Staffing

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

Rules for the use of the IT facilities. Effective August 2015 Present

University of Sunderland Business Assurance Information Security Policy

INFORMATION & COMMUNICATIONS TECHNOLOGY (ICT) PHYSICAL & ENVIRONMENTAL SECURITY POLICY

Secure Storage, Communication & Transportation of Personal Information Policy Disclaimer:

Mike Casey Director of IT

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Service Children s Education

Usage Policy Document Profile Box

Data Protection Policy June 2014

Internet and Social Media Policy

PS 172 Protective Monitoring Policy

Information Management and Security Policy

University of Liverpool

Peninsula Community Health. Server Back Up Procedures

How To Ensure Network Security

Information Security: Business Assurance Guidelines

2014 No. ELECTRONIC COMMUNICATIONS. The Data Retention Regulations 2014

Network Security Policy

HUMAN RESOURCES POLICIES & PROCEDURES

Corporate Credit Card Policy and Procedures

Internet Use Policy and Code of Conduct

Online Research and Investigation

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

Assistant Director of Facilities

Harper Adams University College. Information Security Policy

How To Ensure Information Security In Nhs.Org.Uk

Data Retention and Investigatory Powers Bill

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Employment Policies and Procedures

IT SECURITY POLICY (ISMS 01)

INFORMATION GOVERNANCE POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

The Evolution of NHS Scotland into a World-Class Healthcare Provider

Notice: Page 1 of 11. Internet Acceptable Use Policy. v1.3

University of Liverpool

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

Information Governance Strategy & Policy

U 16 Internet Monitoring Policy & Investigation Protocol

GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES

Electronic business conditions of use

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

MANAGEMENT OF USER ACCOUNTS AND PASSWORD POLICY AUGUST Version 2.0

Transcription:

Information Security Policy Fraud Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September 2010 Version Number: 2.3 Review Date: September 2016 Information Governance Committee Version No. 2.3 Page 1 of 6

CONTENTS i) Consultation and Distribution Record ii) Change Record 1. INTRODUCTION 2. AIM, PURPOSE AND OUTCOMES 3. SCOPE 3.1 Who is the Policy Intended to Benefit or Affect 3.2 Who are the Stakeholders 4. PRINCIPLE CONTENT 5. ROLES AND RESPONSIBILITIES 6. RESOURCE IMPLICATIONS 7. COMMUNICATION PLAN 8. QUALITY IMPROVEMENT MONITORING AND REVIEW 9. EQUALITY AND DIVERSITY IMPACT ASSESSMENT 10. REFERENCES APPENDIX 1 Version No. 2.3 Page 2 of 6

Contributing Author / Authors CONSULTATION AND DISTRIBUTION RECORD Alan Ashforth, IT Security Manager, ehealth Craig Tannahill, Information Governance Manager, ehealth Consultation Process / Stakeholders: Donald Wilson, General Manager, ehealth Alan Lawrie, Director of Acute Services & Executive Lead for ehealth Information Governance Committee members Distribution: All staff CHANGE RECORD Date Author Change Version No. Mar 2006 A Ashforth Revised in view of new policy template 1.0 Mar 2007 A Ashforth Revised in view of new policy template 1.0 Sept 2010 A Ashforth Revised in view of new policy template 2.0 May 2013 A Ashforth Revised in view of comments 2.2 Feb 2014 A Ashforth & C Tannahill Revised in view of comments 2.3 Version No. 2.3 Page 3 of 6

1. Introduction This policy relates to Fraud and forms part of the overall Information Security policy for NHS Lanarkshire. 2. Aim, Purpose and Outcomes To ensure that INFORMATION SECURITY is maintained Ensure that confidentiality and integrity of personal and sensitive information is maintained Ensure that information is available to authorised users Ensure that information is not disclosed to unauthorised people To prevent destruction of information The purpose of this policy is to inform computer users within NHSL of their obligations in respect of the prevention of computer fraud. 3. Scope 3.1 Who is the Policy intended to Affect? This policy is intended for all NHS Lanarkshire staff to maintain information security 3.2 Who are the Stakeholders All staff Version No. 2.3 Page 4 of 6

4. Principle Content Access to computer systems Access is provided to staff to assist them in their day to day operational duties. These systems are provided for particular purposes and staff should only make use of the systems for the purposes which they are provided. NHSL allows personal usage of the Internet if it is reasonable and does not interfere with work e.g. lunch or other suitable work breaks. This is particularly relevant to software systems where personal or financial information is collected, stored and processed. Inappropriate Use of Computer Systems If staff are unclear regarding the appropriate use of any computer system, they should contact their system administrator or line manager. Inappropriate use of computer systems that could lead to the suspicion of computer fraud may result in NHSL taking action under the relevant HR policy. System Administration In order to ensure that the systems in use by NHSL are appropriately protected from the threat of computer fraud the following is implemented (where appropriate or operationally feasible) in all NHSL computer systems. System Administration A named individual (s) will be responsible for the administration of the system. This will cover initial access, password control, access control levels, user maintenance, and review of audit functionality where available. System administrators will also provide discrete division of functions where this is a requirement of the system. Procurement Requirements As part of the procurement / replacement process for all systems, suppliers will be required to demonstrate where appropriate how their proposed systems provide protection from computer fraud. Audit All NHSL computer systems are subject to regular audit scrutiny of which computer fraud may be a facet, dependent upon the perceived risk. Version No. 2.3 Page 5 of 6

5. Roles and Responsibilities Authors/Contributors: Executive Director: Endorsing Body: IT Security Manager, ehealth Information Governance Manager, ehealth Director of Acute Services & Executive Lead for ehealth Information Governance Committee 6. Resource Implications No resource implications 7. Communication Plan To be deployed by Policy Management System. 8. Quality Improvement Monitoring and Review To be reviewed at regular intervals by IT Security Manager. 9. Equality and Diversity Impact Assessment This policy meets NHS Lanarkshire s EDIA 10. References Appendix 1 (tick box) The Principal Acts of Parliament and Scottish Government circulars relevant to this policy are: Public Records (Scotland) Act 2011 CEL 25 (2012) NHS Scotland Mobile Data Protection Standard SGHD HDL (2006) 41 NHS Scotland Information Security Policy Freedom of Information (Scotland) Act 2002 MEL 2000 (17) Data Protection Act 1998 Scottish Government Records Management: NHS Code Of Practice (Scotland) Version 2.1 January 2012 Copyright, Design and Patents Act 1988 Computer Misuse Act 1990 Data Protection Act 1998 The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 Regulation of Investigatory Powers (Scotland) Act 2000 Civil Contingencies Act 2004 ISO/IEC 27001:2005 Information technology Security techniques. Further details can be obtained from your local Information Security Officer X Version No. 2.3 Page 6 of 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information