Version: 2.0. Effective From: 28/11/2014



Similar documents
IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

Information Security

Dene Community School of Technology Staff Acceptable Use Policy

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

NETWORK AND INTERNET SECURITY POLICY STATEMENT

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

HIPAA Security Training Manual

STANDARD ON CONTROLS AGAINST MALICIOUS CODE

ITU Computer Network, Internet Access & policy ( Network Access Policy )

Internet, and SMS Texting Usage Policy Group Policy

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February Title: Information Security Policy

Burton Hospitals NHS Foundation Trust. On: 16 January Review Date: December Corporate / Directorate. Department Responsible for Review:

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

SERVER, DESKTOP AND PORTABLE SECURITY. September Version 3.0

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Acceptable Use of ICT Policy. Staff Policy

Acceptable Use of Information Systems Standard. Guidance for all staff

LSE PCI-DSS Cardholder Data Environments Information Security Policy

The Bishop s Stortford High School Internet Use and Data Security Policy

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

Angard Acceptable Use Policy

So the security measures you put in place should seek to ensure that:

Information Security Code of Conduct

EMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards

UTC Cambridge ICT Policy

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Central Bedfordshire Council. IT Acceptable Use Policy. Version 1.7 January 2016 Not Protected. Not Protected Page 1 of 11

Information Security Policy for Associates and Contractors

, Internet & Telephone. Policy and Procedure

Data Management Policies. Sage ERP Online

Trust Advantages and Disadvantages of Using Intranet

INFORMATION SECURITY POLICY

Usage Policy Document Profile Box

How To Behave At A School

Acceptable Use Policy

SECURITY POLICY REMOTE WORKING

Portable Devices and Removable Media Acceptable Use Policy v1.0

NETWORK SECURITY POLICY

UNIVERSITY OF ST ANDREWS. POLICY November 2005

ABERDARE COMMUNITY SCHOOL

Internet Use Policy and Code of Conduct

Newcastle University Information Security Procedures Version 3

(Self-Study) Identify How to Protect Your Network Against Viruses

Information Security Policy

ANTI-VIRUS POLICY OCIO TABLE OF CONTENTS

UNESCO-IHE Code of Conduct regarding Information Technology (IT)

Network and Workstation Acceptable Use Policy

DOCUMENT CONTROL PAGE

YMDDIRIEDOLAETH GIG CEREDIGION A CHANOLBARTH CYMRU CEREDIGION AND MID WALES NHS TRUST PC SECURITY POLICY

How To Ensure Your School Is Safe Online

DATA AND PAYMENT SECURITY PART 1

Information Technology Security Policies

Working Together Aiming High!

E-SAFETY POLICY 2014/15 Including:

HAZELDENE LOWER SCHOOL

INFORMATION SECURITY POLICY

Summary Electronic Information Security Policy

ICT POLICY AND PROCEDURE

CITY OF BOULDER *** POLICIES AND PROCEDURES

Information Security Policy London Borough of Barnet

U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

Cyber Security Awareness

Computing Guide. How to set up McAfee virus scanning software and become computer virus savvy

Small businesses: What you need to know about cyber security

Information Incident Management Policy

Information Services. Protecting information. It s everyone s responsibility

Notice: Page 1 of 11. Internet Acceptable Use Policy. v1.3

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

Information Systems Acceptable Use Policy for Learners

What you can do prevent virus infections on your computer

Human Resources Policy documents. Data Protection Policy

Remote Working and Portable Devices Policy

Information Governance Policy (incorporating IM&T Security)

Data Encryption Policy

Policy Document Control Page

TECHNICAL VULNERABILITY & PATCH MANAGEMENT

INTERNET, USE AND

University of Liverpool

Cyber Security Awareness

DATA PROTECTION AND DATA STORAGE POLICY

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE

Policy Document. Communications and Operation Management Policy

Rotherham CCG Network Security Policy V2.0

MOBILE COMPUTING & REMOTE WORKING POLICY AND PROCEDURE. Documentation Control. Consultation undertaken Information Governance Committee

EMERSON PARK ACADEMY

Remote Access and Network Security Statement For Apple

Responsible Computer Use Policy for Students

Information Security Incident Management Policy and Procedure

SOFTWARE LICENSING POLICY

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent

How To Ensure Network Security

ICT Acceptable Use Policy

Transcription:

Policy No: OP58 Version: 2.0 Name of Policy: Anti Virus Policy Effective From: 28/11/2014 Date Ratified 17/09/2014 Ratified Health Informatics Assurance Committee Review Date 01/09/2016 Sponsor Director of Finance and Information Expiry Date 16/09/2017 Withdrawn Date This policy supersedes all previous issues. Anti Virus Policy v2

Version Control Version Release Author / Reviewer Ratified By / Authorised By 1.0 04/04/2009 D Prudhoe Information Governance Committee 2.0 28/11/2014 D Prudhoe Health Informatics Assurance Committee Date April 2009 17/09/2014 Changes (Please identify page no.) Anti Virus Policy v2 2

Contents 1 Introduction... 4 2 Scope... 4 3 Aim of Policy... 4 4 Duties (Roles and Responsibilities)... 4 5 Definitions... 5 6 Anti Virus Policy... 5 6.1 Use of e mail and the internet... 5 6.2 Anti Virus Controls... 5 6.3 What to do if a virus is found or suspected... 6 6.4 Hoax Viruses... 7 6.5 Data Protection Act 1998... 7 7 Training... 7 8 Equality and Diversity... 7 9 Monitoring Compliance with the Policy... 8 10 Consultation and Review... 8 11 Implementation of Policy (including raising awareness)... 8 12 Associated Documentation... Anti Virus Policy v2 3

Anti Virus Policy 1 Introduction The software and hardware that make up the computer networks are essential resources for the NHS Organisations. They aid staff in carrying out their everyday duties and without them important communication systems would not exist. Computer viruses pose considerable risks to these systems. They can cause them to run erratically, cause loss of information, and information to become corrupted, with the consequential loss of productivity for the organisation. This policy is designed to give guidance and direction on minimising the risk of a virus infection, and what to do if they are encountered. 2 Scope. This policy applies to: All employees whilst using Trust equipment and accessing the Trust s Network at any location, on any computer or Internet connection. Other persons working for the organisation, persons engaged on business or persons using equipment and networks of the organisation. Anyone granted access to the network. 3 Aim of Policy. The Aim of this policy is to ensure that: All staff are aware of their responsibilities in relation to safeguarding the confidentiality, integrity, and availability of data and software within the organisation. Best practice concerning the use of software within the organisation is identified. Instructions are provided on the prevention of virus infection, and what steps to take should a virus be found 4 Duties (Roles and Responsibilities). All staff and Non Executive Directors are obliged to adhere to this policy. It is the responsibility of the individual to ensure that they understand this policy. Managers at all levels are responsible for ensuring that the staff for whom they are responsible are aware of and adhere to this Policy. They are also responsible for ensuring staff are updated in regard to any changes in this Policy. Breaches of this policy should be regarded as serious misconduct which could lead to disciplinary action in accordance with the Trust s Disciplinary Policy. Anti Virus Policy v2 4

Every individual defined within the scope of this document is responsible for the implementation of this policy whilst operating any personal computer resources to access any of the Trust s systems. 5 Definitions. For the scope of this policy, a virus is defined as a self replicating piece of software, which may cause damage to the operating system of the computer, the storage devices, and any data and/or software stored on them. For the scope of this policy, software is defined as a computer program that is designed to carry out specific functions For the scope of this policy, a personal computer is defined as any one of the following. Desktop computers, laptop computers, tablet computers and any other mobile device capable of executing and/or running malicious software. For the scope of this policy, the Anti Virus software used by the Trust will include protection against virus, spyware and malware. 6 Anti Virus Policy. 6.1 Use of e mail and the internet. E mail is one of the main ways used to distribute computer viruses. This is due to the ease of which information can be distributed globally. Viruses can be hidden in email attachments or in material downloaded from the internet. To help protect against viruses being distributed over the network, the following should be applied: Make sure you know the sender of the e mail is genuine before opening any attachments. If you are suspicious in any way then contact the sender to confirm they have sent the e mail. If you think you have received an e mail virus, or have received an alert from your PC to this effect then please contact the IT Service Desk. Any form of software, screen savers, or games must not be downloaded or copied from any source. Do not action any e mails that suggest they have been sent to fix a problem with your machine (e.g. Emails from Microsoft). Reputable vendors would never distribute software patches in this way. If you have any suspicions regarding a received e mail do not open it, but contact the IT Service Desk immediately. 6.2 Anti Virus Controls. 6.2.1 Requirements Anti Virus software must only be installed and configured by IT Services. Users must not disable or interfere with anti virus software installed on any computer or server. Anti Virus Policy v2 5

IT Services must ensure that automatic updates are applied to all workstations and servers on a daily basis and that all devices are up to date with the latest signature file. No computer or server may be connected to the network without adequate protection i.e. up to date anti virus software being installed and activated. Only portable devices owned by the Trust may be connected to the network. Portable device users must regularly connect to the network to ensure that the anti virus software remains updated. Failure to do so could result in unnecessary virus outbreaks. Users must not change or delete any anti virus software that is installed on the Trusts network, servers or PC s. 6.2.2 Software Controls No software programs or executable files should be downloaded from the Internet and installed onto a PC without the consent of IT Services. Unauthorised downloading of software may breach the copyright licence, could introduce a computer virus to the system, and is a breach of the Trusts Internet Policy. The unauthorised copying of software is a criminal offence under the Copyright, Design and Patents Act 1998. 6.2.3 Avoiding virus infection Avoid the transfer of information by floppy disc, CD or USB memory sticks between computers. Do not introduce the above media from home onto NHS computers. Do not start up a PC with a floppy disk, CD or USB memory stick inserted unless instructed by IT Services. Where practical write protect floppy disks and USB memory sticks until the write option is required. Save data/documents etc. on your home directory. Do not save information on the PC so that if infection does occur, data can be recovered. 6.3 What to do if a virus is found or suspected 6.3.1 If you find or suspect a virus on your PC Contact IT Services immediately. Do not use the PC until approved by the IT Department. 6.3.2 The responsibilities of IT Services are to: Check the infected PC Anti Virus Policy v2 6

6.4 Hoax Viruses Check any media that have been used in the infected PC Check any other PC that the media has been used with Delete or clean any infected files Check any Servers that may have been accessed during the incident Inform the IT Security Officer of any viruses detected Ensure that the incident is addressed within an appropriate timescale Hoax emails are very common. The usual format is a warning of a virus (usually labelled as the worst yet or some other equally alarmist phrase). The email will give details of a virus carried in an email with a particular subject line or attachment name then give details of how the virus will cause huge amounts of data loss. The email will then go on to tell you to send the warning to everyone you know. Staff should not pay heed to these emails. If there is any doubt whether the details are genuine staff should contact the IT Service Desk for advice. 6.5 Data Protection Act 1998 7 Training. The Data Protection Act governs the processing of personal identifiable data, and protecting the data from loss, damage or destruction, whether accidental or deliberate. This includes having anti virus controls in place to safeguard information and ensure the Act is complied with. The security measures must take into account the harm that may result from unauthorised or unlawful processing, loss, damage or destruction. The nature of the data being protected also needs to be considered. Appropriate personnel checks need to be taken to ensure the integrity of the staff that have access to the data being protected. Any training required can be provided via the IT Directory and Security Team within the IT Department. 8 Equality and Diversity. The Trust is committed to ensuring that, as far as is reasonably practicable, the way we provide services to the public and the way we treat our staff reflects their individual needs and does not discriminate against individuals or groups on any grounds. Reasonable adjustments can be made to ensure disabled staff and people with other health conditions can utilise the system. Anti Virus Policy v2 7

9 Monitoring Compliance with the Policy. Standard/process/issue Ensure Anti Virus installations are up to date Monitoring and audit Method By Committee Frequency Reports via Directory Daily admin Services console Team Ensure infections are dealt with promptly Ensure inappropriate file types are not downloaded Highlight report to Health Informatics Assurance Committee Automatic email alerts via admin console/ser vice Calls via Service Desk Automatic email alerts via admin console Directory Services Team Directory Services Team Directory Services Team Health Informatics Assurance Committee Real Time Real Time Bi Monthly 10 Consultation and Review. Health Informatics Assurance Committee 11 Implementation of Policy (including raising awareness). This Policy will be published as per normal policies and circulated as per standard. This Policy will be available at all the Trust s designated locations. 12 Associated Documentation. IT Security Policy Internet, Intranet and Email Acceptable Use Policy Anti Virus Policy v2 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information