COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name



Similar documents
Policies and Procedures. Policy on the Use of Portable Storage Devices

SERVER, DESKTOP AND PORTABLE SECURITY. September Version 3.0

Policy Document. Communications and Operation Management Policy

Version: 2.0. Effective From: 28/11/2014

MOBILE DEVICE SECURITY POLICY

NETWORK AND INTERNET SECURITY POLICY STATEMENT

LSE PCI-DSS Cardholder Data Environments Information Security Policy

Data Security Policy

Tameside Metropolitan Borough Council ICT Security Policy for Schools. Adopted by:

Acceptable Use Guidelines

ABERDARE COMMUNITY SCHOOL

Portable Devices and Removable Media Acceptable Use Policy v1.0

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Remote Working and Portable Devices Policy

HIPAA Security Training Manual

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies

Data and Information Security Policy

ICT SECURITY POLICY. Strategic Aim To continue to develop and ensure effective leadership, governance and management throughout the organisation

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

PS177 Remote Working Policy

Summary Electronic Information Security Policy

MOBILE COMPUTING & REMOTE WORKING POLICY AND PROCEDURE. Documentation Control. Consultation undertaken Information Governance Committee

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Encryption Policy Version 3.0

Information Security Policy. Policy and Procedures

SUBJECT: Effective Date Policy Number Security of Mobile Computing, Data Storage, and Communication Devices

INFORMATION SECURITY POLICY

BYOD. opos WHAT IS YOUR POLICY? SUMMARY

INFORMATION SECURITY POLICY

Dene Community School of Technology Staff Acceptable Use Policy

Appendix H: End User Rules of Behavior

Data Access Request Service

Course: Information Security Management in e-governance

Human Resources Policy documents. Data Protection Policy

SECURITY POLICY REMOTE WORKING

Dublin Institute of Technology IT Security Policy

Working Together Aiming High!

ENISA s ten security awareness good practices July 09

Ohio Supercomputer Center

ADMINISTRATION COMPUTER NETWORK

Small businesses: What you need to know about cyber security

Network Security Policy

PAPER RECORDS SECURE HANDLING AND TRANSIT POLICY

Angard Acceptable Use Policy

NETWORK SECURITY GUIDELINES

School of Anthropology and Museum Ethnography & School of Interdisciplinary Area Studies Information Security Policy

Merthyr Tydfil County Borough Council. Information Security Policy

REMOTE WORKING POLICY

Protection of Computer Data and Software

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

DriveLock and Windows 7

ITU Computer Network, Internet Access & policy ( Network Access Policy )

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Cyber Security Awareness

Cyber Self Assessment

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Countering and reducing ICT security risks 1. Physical and environmental risks

Cyber Security Awareness

Ixion Group Policy & Procedure. Remote Working

IT Data Security Policy

BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT

Protecting personally identifiable information: What data is at risk and what you can do about it

A practical guide to IT security

USB Portable Storage Device: Security Problem Definition Summary

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

How To Ensure Your School Is Safe Online

Standard Operating Procedure. Secure Use of Memory Sticks

Originator: Chris Parkin Date: 4 March 2015 Approved by: Senior Management Team Type: Policy. Computer Security Policy

Information Technology Acceptable Usage Policy

University of Liverpool

Information security and paper-based data storage and disposal. INFORMATION SECURITY POLICY Version 2.2

Information Security Policy

Transcription:

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name Introduction Removable Media and Mobile Device Policy Removable media and mobile devices are increasingly used to enable information access and transfer. However removable media and mobile devices are also a high risk for the Service in terms of loss of information, lack of Corporate access, duplicate work, and potential for attack on CFRS systems. This policy defines how the Service will use removable media and mobile devices while managing information security risks. Knowledge of this policy will enable employees to maintain CFRS security and avoid inadvertently breaching information security. Owner Head of ICT Last Review Created October 2012 Review Due Date Every 2 years Version Control/Amend 4.1 Schedule Cross References ICT Acceptable Use policy Information Security policy Contents Policy statement Responsibilities Procedures 1. Encryption 3. Security of equipment data 4. Loss of equipment data

BODY OF POLICY DOCUMENT Appendix 5 to Item 4 Policy Document Name: Removable Media and Mobile Device Policy Policy Element Policy statement CFRS will use adopt appropriate security practices when using mobile devices and removable media, and will ensure that Service information and associated systems are adequately protected. Removable media or mobile devices will only be used for information if this method of access or transfer is absolutely necessary, and only if there is an organisational requirement to do so that cannot be met by any other means. Specific commitments Mobile media and removable devices must not be used to store data on a permanent basis. All Service data must be stored on the Service network to allow Corporate access and ensure it is backed up automatically by ICT. This policy will be applied to: All information stored on mobile devices, or transferred by, removable media. Removable media includes, but is not limited to: - USB sticks - CDs, DVDs - Floppy disks - Memory cards (including Compact Flash, Smart Media, Multi Media, Secure Digital Cards, etc) - External hard drives - Laptops, tablet PC s and PDAs - CFRS issued mobile phones All employees, contractors, temporary staff and employees of other organisations who directly or indirectly support our ICT services who handle CFRS information will comply with these requirements. Responsibilities ICT ICT will encrypt USB drives and portable devices that will be used for the storage and transfer of CFRS data. Employees Employees must only use removable media authorised and purchased through ICT. IMPORTANT: Personally identifiable or confidential information must only be copied to or stored on any removable media in line with the Information Security policy. Please contact the ICT Service Desk and Information Manager if you need

advice. Appendix 5 to Item 4 Refer to the Information Security Policy for details. Failure to adhere to this policy which results in an information security breach may lead to appropriate disciplinary action being taken as defined in the Information Security Policy. Procedure Element List of Procedures 1. Encryption 3. Security of equipment data 4. Loss of equipment data 1. Encryption of media Laptops - All CFRS issued laptops will have full disk encryption installed as standard before they re issued to staff. If you are aware of any device that is not encrypted, please notify the ICT Service Desk as soon as possible. USB / removable hard drives Do not store personally identifiable or confidential information on an unencrypted USB / removable hard drive. These devices should only be used for the transfer of information if they are encrypted and you have the permission of the data owner. They should not be used as a storage or back-up device. You must not store or use removable media or mobile devices as back-up systems for any data. These devices are unreliable for this type of data storage and should only be used for the temporary transport of data. Please do not use this type of device for your primary source of data storage. If for any reason the device becomes corrupted, any data will be unrecoverable. Please contact the ICT Service Desk for advice on long term storage and backups. 3. Security of data Sufficient care must be taken to ensure that the removable media is secured at all times and any faults with supplied equipment must be reported to the ICT Service Desk immediately. Failure to do so may result in a security breach. Equipment supplied to customers must be used in accordance with CFRS ICT policies. 4. Loss of data If you lose or have any removable media stolen which contains unencrypted personally identifiable or confidential information, you may be liable to

prosecution under the Data Protection Act and may be subject to disciplinary action. Report any loss of removable media or mobile device (even if encrypted) as soon as possible to the ICT Service Desk. Employees are responsible for ensuring that personally identifiable or confidential information is not left on removable media for periods longer than necessary. Information that is no longer required must be promptly deleted from mobile devices or removable media in order to comply with the Data Protection Act. For further advice on the destruction of confidential information, please contact the Information Manager. Employees using removable media should be aware that the data contained on the device may carry a virus or malicious software (malware). When data is copied to a CFRS computer from any removable media, it must be scanned by the anti-virus software on the workstation or laptop. Please contact the ICT Service Desk on the procedure for manual virus scanning. All users must maintain virus and malware awareness. Users of laptops are responsible for ensuring their anti-virus updates are maintained on a regular basis by connecting to the network daily if possible. When a laptop is connected to the CFRS network via a network cable, Wi-Fi or docking station, the anti-virus definitions will update automatically at noon. If you have any concerns or would like advice on keeping your machine up-todate, please contact the ICT Service Desk. Guidance Element USB Devices & Memory Sticks Frequently asked questions I ve received an unencrypted memory stick contain data I need to access, can I use the device? ICT are implementing software to stop the use on unauthorised USB devices and memory sticks. If you need to access data from an unauthorised device please contact the ICT Service desk who will be able to retrieve the data for you and transfer it to a secured device.

I have been given an encrypted USB stick from a trusted source but my computer will not read the device? Again, ICT are implementing software to only allow authorised devices. You should contact the ICT Service Desk who will be able to open the device for you and retrieve the data. Does all mobile data need to be encrypted? No, only data which contains personal information, is sensitive or has security restrictions on it need to be encrypted.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information