Mobile Working Policy
|
|
- Cornelius Barnett
- 6 years ago
- Views:
Transcription
1 Mobile Working Policy Date completed: Responsible Director: Approved by/ date: Ben Westmancott, Director of Compliance Author: Ealing CCG Governing Body 15 th January 2014 Ben Westmancott, Director of Compliance Review date: Amended: Mobile Working Policy Version 2.2 Page 1 of 10
2 Mobile Working Policy For more information on this document, please contact: Director of Compliance, Ben Westmancott, CWHH CCGs Collaborative 15 Marylebone Road, London NW1 JD Version History Version Date issued Brief summary of change Owner s name 1.0 July 2013 Amended to reflect CWHH procedures Ben Westmancott 2.0 August 2013 Circulated to local CCG IT Committee for Comment Ben Westmancott 2.1 September 2013 Amendments from IT Strategic Lead Farid Fouladinejad 2.2 November 2013 Version for committee consideration NB, will also apply to Ealing CCG following adoption by governing bodies. Ealing CCG will need to be added to references to CCGs throughout. Ben Westmancott Document Imprint Copyright Central London, West London, Hammersmith & Fulham, Hounslow, and Ealing Clinical Commissioning Groups, 2013: All rights reserved Re-use of all or part of this document is governed by copyright and the Re-use of Public Sector Information Regulations SI2005 No 1515 Information on re-use can be obtained from: Director of Compliance, Ben Westmancott, CWHHE CCGs Collaborative Tel: , ben.westmancott@inwl.nhs.uk Mobile Working Policy Version 2.2 Page 2 of 10
3 Contents 1.0 Purpose Definitions Scope Policy Summary Physical Security/access control Usage in any public accessible area Usage in areas not generally accessible to the public Home Usage Supplied equipment Staff owned equipment Teleworking Authorisation to remove data Sending from home Connection to the Network Disaster recovery/major incidents Termination of Employment... 9 ` Mobile Working Policy Version 2.2 Page 3 of 10
4 1.0 Purpose This policy has been developed to promote best practice with regards to information handling outside the boundaries of Central London, West London, Hammersmith and Fulham, Hounslow, and Ealing Clinical Commissioning Groups premises (including working at home). The policy is aimed at enabling and supporting employees who intend to use and transfer manual and electronic person identifiable records between home, the work place and the community. The security issues in this policy relate to and include physical security of IT equipment, confidentiality of manual and electronic data, and implications for the security of CCG office systems and network. This policy must be used in conjunction with similar policies of the NWL Commissioning Support Unit or any other future provider of IT services for the CCG. 2.0 Definitions 2.1 Data devices This includes any device that can store data, images and other information required for the CCG s operational business. Typically this includes laptops, tablets, personal digital assistants (PDAs), blackberries but also includes digital audio and visual recording/playback devices (such as dictaphones, digital cameras and mobile phones). 2.2 Media This includes any physical item that can store data, images and other information and requires another device to access it. For example: CD, DVD, Floppy disc, tape, digital storage device (flash memory cards, USB disc keys, portable hard drives). 2.3 Person Identifiable Data Person identifiable information can include one or more of the following: Surname Forename Address/Postcode Telephone Number Occupation Gender Date of Birth Ethnic Group NHS Number NI Number Mobile Working Policy Version 2.2 Page 4 of 10
5 Photo 3.0 Scope This policy applies to all employees of the CCG, other workers who may not be directly employed by the CCG (e.g. agency workers, contractors, selfemployed consultants, authorised 3 rd party suppliers and duly authorised visitors), who at any time remove records and other information in any form, from CCG owned premises, where it is usually stored. The authorisation procedure only relates to staff who need to use mobile computing facilities, either on or off-site (including staff homes), or transfer information between computer systems via physical media. Staff should only use storage media provided by the CCG or its IT service providers. These must ensure that the organisation meets all its information governance and information security obligations. The authorisation procedure is not required for the transfer or off-site usage of paper records. Specific procedures around authorising the access, use and tracking of clinical records are detailed within the CCG s Records Management Policy. 4.0 Policy Summary Users of information will: Keep usage to a minimum in public areas Only use information off-site/at home for work related purposes Ensure security of information within the home Not connect any privately owned equipment to the CCG s network or IT hardware unless approved by the CCG s IT service provider. Scan any media used to transfer data for viruses using a fully up to date anti-virus scanning software Not send person identifiable or confidential data to home (internet) addresses. If PID is to be transferred via this can be done via nhs net only and in full compliance of information governance policies. Keep equipment and files locked out of sight during transit and during storage. If leaving equipment on and unattended to ensure that it is locked down with password protection. Ensure equipment/files are adequately packaged in transit to prevent damage or tampering Not dispose of any media (including paper) off-site. Mobile Working Policy Version 2.2 Page 5 of 10
6 5.0 Physical Security/access control 5.1 Usage in any public accessible area The use of information in these areas should be kept to an absolute minimum, due to the threats of overlooking and theft. Any member of staff choosing to use information and/or devices in these areas that results in any related incident will be required to state why the usage was required in that situation and the efforts they made to protect the information and any equipment. Equipment in use will not be left unattended at any time. 5.2 Usage in areas not generally accessible to the public (other organisational premises) Staff are responsible for ensuring that unauthorised individuals are not able to see information or access systems. If equipment is being used outside of its normal location and might be left unattended, the user will secure it by other means. 5.3 Home Usage Only authorised members of staff are allowed access to information being used at home in any form, on any media. No family members are allowed access to the equipment or data. Use of any information at home must be for authorised work purposes only. Staff must ensure the security of information within their home from theft as well as ensuring that unauthorised individuals are not able to see information or access systems. Where possible it should be stored in a locked container (filing cabinet, lockable briefcase). If this is not possible, when not in use it should be neatly filed and stored away. 5.4 Supplied equipment Where the CCG has supplied any form of data device, only the member of staff themselves is authorised to have access to it. Any member of staff allowing access to an unauthorised person, deliberately or inadvertently, may be subject to disciplinary proceedings. The CCG s IT service provider is responsible for ensuring that access to supplied equipment requires a username and password and that anti-virus software and encryption is installed. For supplied equipment that is not classed as portable (i.e. a supplied desktop PC), the IT department are responsible for ensuring anti-virus software is regularly updated. This will require the return of equipment therefore staff must return supplied equipment for updating and checks by the IT Department when requested. Mobile Working Policy Version 2.2 Page 6 of 10
7 If staff have been supplied with IT portable equipment (i.e. a laptop or tablet device), they are responsible for ensuring that it is regularly connected to the CCG s network on-site for upgrade of anti-virus software. All CCG IT portable equipment must be encrypted before any information is stored. Person identifiable data files should have additional protection against unauthorised access (for example an additional password). When equipment is returned or the data is no longer needed the data must be removed. This is the user s responsibility. The CCG is responsible for the safety testing of supplied equipment and annual PAT testing of this equipment. Staff who use the equipment are responsible for ensuring that these checks are undertaken. 5.5 Staff owned equipment The use and storage of person identifiable or confidential data on staff owned equipment is strictly forbidden. Staff may only use a CCG supplied encrypted USB data key for this purpose. Staff must not use their own computer for work related activities, unless as part of an agreed and authorised process. For advice on suitable products, please consult the IT Service Desk. For prevention of viruses and related security risks, staff must not connect any personally owned devices to the CCG network unless otherwise authorised by the IT service desk. 5.6 Teleworking Teleworking is defined as a member of staff whose main office is their home. The decision as to whether a member of staff is a teleworker will be taken by their line manager, based on the frequency of work being done from home and the equipment required to support it. Any teleworker will apply all elements of this policy, but in addition will ensure: Sensitive information (person identifiable or organisationally sensitive) is locked away when not in use and only accessible by the member of staff. Any controlled document (e.g. staff record) they have will be traceable to their location and that any procedure to note the location of a file required by the organisation will be rigidly applied by them. Their house and content insurance covers them for the loss of any equipment provided by the employing organisation. Any staff that are defined as a teleworker are responsible for ensuring that their work conditions at home comply with health and safety regulations and Mobile Working Policy Version 2.2 Page 7 of 10
8 CCG policies and procedures. Staff must undertake a display screen equipment risk assessment as detailed in the Display Screen Equipment Policy (DSE) and a copy of this assessment must be retained on their personnel file. Staff are responsible for ensuring that the assessment is reviewed following any change in their work environment at home. 5.7 Transfer or sharing of equipment Where equipment has been transferred from one staff member to another on a permanent/long term basis then the IT service desk needs to be informed to amend the asset register. Where equipment is issued on loan or a temporary basis, a log book needs to be kept of who currently has the equipment. 6.0 Authorisation to remove data All staff who work with person identifiable or organisationally sensitive data on a PC at home must complete an authorisation form (Appendix A). 7.0 Sending from home This is covered in the CSU s Acceptable Use Policy for IT. following points directly apply to mobile working: However the 7.1 Electronic mail containing person-identifiable and confidential information may not be sent to or from home accounts. Non person-identifiable or information that is deemed not confidential may be sent via Connection to the Network Staff may connect to the network via the secure method following a process of authorisation by the IT Department. 9.0 Transport/storage When staff remove equipment, files and data from CCG premises, they are responsible for ensuring its safe transport and storage. Equipment should be password protected whenever possible and not left unattended e.g. in vehicles. Equipment must be transported in a secure, clean environment. Mobile Working Policy Version 2.2 Page 8 of 10
9 Appropriate packaging should be used to prevent physical damage (sealed envelopes etc.) Where a courier service is used to transport packages containing sensitive information tamper proof packaging will be used 10.0 Disaster recovery/major incidents In the event of a major incident or disaster, the organisation may recall all equipment on loan to provide core services Termination of Employment On leaving the employment of the organisation, all equipment, software and information must be returned. The CCG will take the necessary action to reclaim all equipment, software and information that has not been returned by the member of staff (e.g. by means of final salary payment) Mobile Working Policy Version 2.2 Page 9 of 10
10 Appendix A Mobile Working Authorisation Form Name: Job Title:.. Department/Directorate:.. Contact Number: Please detail the work you are undertaking: I (name)... have read and understood and will abide by the terms of the Mobile Working Policy. I understand that any violation of this policy could result in disciplinary action and possible dismissal or criminal prosecution. Signed: Date: Authorisation: Name: Job Title: Contact Number: Signed:. Date:.. For ICT Services Use Only - Authorised by: Name:.. Signed:.. Date: Mobile Working Policy Version 2.2 Page 10 of 10
Mobile Computing Policy
Mobile Computing Policy Overview and Scope 1. The purpose of this policy is to ensure that effective measures are in place to protect against the risks of using mobile computing and communication facilities..
More informationInformation Handling and Classification Table
Information Handling and Classification Table Title: Information Classification and Handling Table Reference: IS-07a Status: Approved Version: 1.2 Date: March 2018 Classification: Non-Sensitive/Open Author(s)
More informationICT Portable Devices and Portable Media Security
ICT Portable Devices and Portable Media Security Who Should Read This Policy Target Audience All Trust Staff, contractors, and other agents, who utilise trust equipment and access the organisation s data
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationINFORMATION ASSET MANAGEMENT POLICY
INFORMATION ASSET MANAGEMENT POLICY Approved by Board of Directors Date: To be reviewed by Board of Directors March 2021 CONTENT PAGE 1. Introduction 3 2. Policy Statement 3 3. Purpose 4 4. Scope 4 5 Objectives
More informationMobile Computing Policy
Mobile Computing Policy Issue sheet Document reference NHSBSAIS004 Document location Title NHS Business Services Authority Mobile computing policy Author Head of Security and Information Assurance Issued
More informationData protection. 3 April 2018
Data protection 3 April 2018 Policy prepared by: Ltd Approved by the Directors on: 3rd April 2018 Next review date: 31st March 2019 Data Protection Registration Number (ico.): Z2184271 Introduction Ltd
More informationINFORMATION GOVERNANCE. Caldicott Approval Procedure
NHS TAYSIDE INFORMATION GOVERNANCE Caldicott Approval Procedure Author: Peter McKenzie Review Group: Information Governance Group Review Date: September 2010 Last Update: September 2009 Document : NHST-ISC-CAP
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationDate Approved: Board of Directors on 7 July 2016
Policy: Bring Your Own Device Person(s) responsible for updating the policy: Chief Executive Officer Date Approved: Board of Directors on 7 July 2016 Date of Review: Status: Every 3 years Non statutory
More informationCompany Policy Documents. Information Security Incident Management Policy
Information Security Incident Management Policy Information Security Incident Management Policy Propeller Studios Ltd is responsible for the security and integrity of all data it holds. Propeller Studios
More informationBSO CLEAR DESK AND SCREEN POLICY (version 1.0)
BSO CLEAR DESK AND SCREEN POLICY (version 1.0) Approved at BSO Board on 25 th February 2010 CONTENT 1. PURPOSE...3 2. DATA CLASSIFICATION...3 3. THE DESK / OFFICE ENVIRONMENT...3 4. THE PC ENVIRONMENT...4
More information<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy
Policy Title: Effective Date: Revision Date: Approval(s): LASO: CSO: Agency Head: Allowed Personally Owned Device Policy Every 2 years or as needed Purpose: A personally owned information system or device
More informationData protection policy
Data protection policy Context and overview Introduction The ASHA Centre needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees
More informationIdentity Theft Prevention Policy
Identity Theft Prevention Policy Purpose of the Policy To establish an Identity Theft Prevention Program (Program) designed to detect, prevent and mitigate identity theft in connection with the opening
More informationCastle View Primary School Data Protection Policy
Castle View Primary School Data Protection Policy Aims The Headteacher and Governors of the school intend to comply fully with the requirements and principles of the Data Protection Act 1998. All staff
More informationPS 176 Removable Media Policy
PS 176 Removable Media Policy December 2013 Version 2.0 Statement of legislative compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data
More informationInstitute of Technology, Sligo. Information Security Policy. Version 0.2
Institute of Technology, Sligo Information Security Policy Version 0.2 1 Document Location The document is held on the Institute s Staff Portal here. Revision History Date of this revision: 28.03.16 Date
More informationPolicy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.
London School of Economics & Political Science IT Services Policy Remote Access Policy Jethro Perkins Information Security Manager Summary This document outlines the controls from ISO27002 that relate
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Colin Sloey Implementation Date: September 2010 Version Number:
More informationData Sharing Agreement. Between Integral Occupational Health Ltd and the Customer
Data Sharing Agreement Between Integral Occupational Health Ltd and the Customer 1. Definitions a. Customer means any person, organisation, group or entity accepted as a customer of IOH to access OH services
More informationData Handling Security Policy
Data Handling Security Policy May 2018 Newark Orchard School Data Handling Security Policy May 2018 Page 1 Responsibilities for managing IT equipment, removable storage devices and papers, in the office,
More informationInformation Security Policy for Associates and Contractors
Information Security Policy for Associates and Contractors Version: 1.13 Date: 11 October 2016 Reference: 67972761 Location: Livelink Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...
More informationRemote Working & Mobile Devices Security Standard
TRUST-WIDE NON-CLINICAL DOCUMENT Remote Working & Mobile Devices Security Standard Standard Number: Scope of this Document: Recommending Committee: Approving Committee: SS02 All Staff Joint Information
More informationEnviro Technology Services Ltd Data Protection Policy
Enviro Technology Services Ltd Data Protection Policy 1. CONTEXT AND OVERVIEW 1.1 Key details Rev 1.0 Policy prepared by: Duncan Mounsor. Approved by board on: 23/03/2016 Policy became operational on:
More informationData Encryption Policy
Data Encryption Policy Document Control Sheet Q Pulse Reference Number Version Number Document Author Lead Executive Director Sponsor Ratifying Committee POL-F-IMT-2 V02 Information Governance Manager
More informationUWTSD Group Data Protection Policy
UWTSD Group Data Protection Policy Contents Clause Page 1. Policy statement... 1 2. About this policy... 1 3. Definition of data protection terms... 1 4. Data protection principles..3 5. Fair and lawful
More informationINFORMATION SECURITY POLICY
Open Open INFORMATION SECURITY POLICY OF THE UNIVERSITY OF BIRMINGHAM DOCUMENT CONTROL Date Description Authors 18/09/17 Approved by UEB D.Deighton 29/06/17 Approved by ISMG with minor changes D.Deighton
More informationName of Policy: Computer Use Policy
Page: Page 1 of 5 Director Approved By: Approval Date: Reason(s) for Change Responsible: Corporate Services Leadership April 22, Reflect current technology and practice Corporate Services Leadership Leadership
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationCardiff University Security & Portering Services (SECTY) CCTV Code of Practice
Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice Document history Author(s) Date S Gamlin 23/05/2018 Revision / Number Date Amendment Name Approved by BI annual revision Date
More informationBring Your Own Device (BYOD) Policy
SH IG 58 Information Security Suite of Policies Bring Your Own Device (BYOD) Policy Version 1 Summary: Keywords (minimum of 5): (To assist policy search engine) Target Audience: Next Review Date: This
More informationAUTHORITY FOR ELECTRICITY REGULATION
SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationData Protection Policy
Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please
More informationISC10D026. Report Control Information
ISC10D026 Report Control Information Title: General Information Security Date: 28 January 2011 Version: v3.08 Reference: ICT/GISP/DRAFT/3.08 Authors: Steve Mosley Quality Assurance: ISSC Revision Date
More informationGDPR Draft: Data Access Control and Password Policy
wea.org.uk GDPR Draft: Data Access Control and Password Policy Version Number Date of Issue Department Owner 1.2 21/01/2018 ICT Mark Latham-Hall Version 1.2 last updated 27/04/2018 Page 1 Contents GDPR
More information2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY
2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on
More informationPersonal Communication Devices and Voic Procedure
Personal Communication Devices and Voicemail Procedure Reference No. xx Revision No. 1 Relevant ISO Control No. 11.7.1 Issue Date: January 23, 2012 Revision Date: January 23, 2012 Approved by: Title: Ted
More informationEA-ISP-009 Use of Computers Policy
Technology & Information Services EA-ISP-009 Use of Computers Policy Owner: Nick Sharratt Author: Paul Ferrier Date: 28/03/2018 Document Security Level: PUBLIC Document Version: 1.05 Document Ref: EA-ISP-009
More informationData Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory
Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable
More informationACCEPTABLE USE ISO INFORMATION SECURITY POLICY. Author: Owner: Organisation: Document No: Version No: 1.0 Date: 10 th January 2010
INFORMATION SECURITY POLICY EMAIL ACCEPTABLE USE ISO 27002 7.1.3 Author: Owner: Organisation: Document No: Chris Stone Ruskwig TruePersona Ltd SP-7.1.3 No: 1.0 Date: 10 th January 2010 Copyright Ruskwig
More informationINTERNATIONAL SOS. Information Security Policy. Version 2.00
INTERNATIONAL SOS Information Security Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: August 2009 Updated: April 2018 2018 All copyright in these materials are
More informationUlster University Policy Cover Sheet
Ulster University Policy Cover Sheet Document Title DATA CENTRE ACCESS POLICY 3.2 Custodian Approving Committee Data Centre & Operations Manager ISD Committee Policy approved date 2017 09 08 Policy effective
More informationINFORMATION TECHNOLOGY SECURITY POLICY
INFORMATION TECHNOLOGY SECURITY POLICY Author Responsible Director Approved By Data Approved September 15 Date for Review November 17 Version 2.3 Replaces version 2.2 Mike Dench, IT Security Manager Robin
More informationInformation Security Management Criteria for Our Business Partners
Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents
More informationSafe Haven and Information Sharing Policy
Safe Haven and Information Sharing Policy Reference No: Version: 3 Ratified by: P_IG_17 LCHS Trust Board Date ratified: 9 th January 2018 Name of originator/author: Name of approving committee/responsible
More informationORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers
All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationNHS South Commissioning Support Unit
NHS South Commissioning Support Unit ICT Anti-virus Policy This document can be made available in a range of languages and formats on request to the policy author. Version: Ratified by: V.2.1 Alliance
More informationUKIP needs to gather and use certain information about individuals.
UKIP Data Protection Policy Context and overview Key details Policy Update Prepared by: D. Dennemarck / S. Turner Update approved by Management on: November 6, 2015 Policy update became operational on:
More informationSAFE USE OF MOBILE PHONES AT WORK POLICY
SAFE USE OF MOBILE PHONES AT WORK POLICY Links to Lone Working Policy, Personal Safety Guidance, Lone Working Guidance, Information Governance Policy Document Type General Policy Unique Identifier GP31
More informationIT ANTI-VIRUS POLICY Version 2.5
IT ANTI-VIRUS POLICY Version 2.5 IT Anti-Virus Policy COR/053/V2.05 December 2016 updated January 2018 Version 2.5 1 Subject and version number of document: Serial number: IT Anti-Virus Policy Version
More information3 rd Party Certification of Compliance with MA: 201 CMR 17.00
3 rd Party Certification of Compliance with MA: 201 CMR 17.00 The purpose of this document is to certify the compliance of Strategic Information Resources with 201 CMR 17.00. This law protects the sensitive
More informationREPORTING INFORMATION SECURITY INCIDENTS
INFORMATION SECURITY POLICY REPORTING INFORMATION SECURITY INCIDENTS ISO 27002 13.1.1 Author: Owner: Organisation: Document No: Chris Stone Ruskwig TruePersona Ltd SP-13.1.1 Version No: 1.0 Date: 1 st
More informationDATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:
DATA PROTECTION SELF-ASSESSMENT TOOL Protecture: 0203 691 5731 Instructions for use touches many varied aspects of an organisation. Across six key areas, the self-assessment notes where a decision should
More informationNetwork Security Policy
Network Security Policy Date: January 2016 Policy Title Network Security Policy Policy Number: POL 030 Version 3.0 Policy Sponsor Policy Owner Committee Director of Business Support Head of ICU / ICT Business
More informationInformation Technology Standards
Information Technology Standards IT Standard Issued: 9/16/2009 Supersedes: New Standard Mobile Device Security Responsible Executive: HSC CIO Responsible Office: HSC IT Contact: For questions about this
More informationData Protection Policy
Page 1 of 6 General Statement The Local Governing Bodies of the academies have overall responsibility for ensuring that records are maintained, including security and access arrangements, in accordance
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Removable Storage Media Security Standard This standard is applicable to all VCU School of Medicine personnel.
More informationInformation Governance Incident Reporting Policy
Information Governance Incident Reporting Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 29 th November 2017 Name of originator
More informationPCA Staff guide: Information Security Code of Practice (ISCoP)
PCA Staff guide: Information Security Code of Practice (ISCoP) PCA Information Risk and Privacy Version 2015.1.0 December 2014 PCA Information Risk and Privacy Page 1 Introduction Prudential Corporation
More informationMobile Working Policy. Item 15.3
Mobile Working Policy Item 15.3 Authorship: Committee Approved: Chris Wallace, Information Governance Manager, North Yorkshire & Humber Commissioning Support Unit Management Team Approved date: Review
More informationInformation Governance Policy
2015 Information Governance Policy University of Wolverhampton Version 1.0 28 th October 2015 Policy Approval Procedure Information Governance Policy Policy Author: Stephen Hill Dept.: DAS Information
More informationPolicies, Procedures, Guidelines and Protocols. John Snell - Head of Workforce Planning, Systems and Contributors
Policies, Procedures, Guidelines and Protocols Document Details Title Staff Mobile Phone Policy Trust Ref No 2036-39774 Local Ref (optional) N/A Main points the document Procurement, allocation and use
More informationSection 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016
Section 3.9 PCI DSS Information Security Policy Issued: vember 2017 Replaces: June 2016 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationSubject: Kier Group plc Data Protection Policy
Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective
More informationSt Bernard s Primary School Data Protection Policy
St Bernard s Primary School Data Protection Policy St Bernard s RC Primary School, A Voluntary Academy Approved by Governors: 11.11.2015 Review date: Autumn 2016 St Bernard s Data Protection Policy General
More informationHIPAA Privacy & Security Training. HIPAA The Health Insurance Portability and Accountability Act of 1996
HIPAA Privacy & Security Training HIPAA The Health Insurance Portability and Accountability Act of 1996 AMTA confidentiality requirements AMTA Professional Competencies 20. Documentation 20.7 Demonstrate
More informationPolicy General Policy GP20
Email Policy General Policy GP20 Applies to All employees Committee for Approval Quality and Governance Committee Date of Approval September 2012 Review Date June 2014 Name of Lead Manager Head of Technology
More informationAcceptable Usage Policy (Student)
Acceptable Usage Policy (Student) Author Arthur Bogacki Date 18/10/2017 Version 1.1 (content sourced and consolidated from existing Email and Electronic Communication, and User Code of Practice policies.)
More informationGM Information Security Controls
: Table of Contents 2... 2-1 2.1 Responsibility to Maintain... 2-2 2.2 GM s Right to Monitor... 2-2 2.3 Personal Privacy... 2-3 2.4 Comply with Applicable Laws and Site Specific Restrictions... 2-3 2.5
More informationData Protection Policy
Data Protection Policy Status: Released Page 2 of 7 Introduction Our Data Protection policy indicates that we are dedicated to and responsible of processing the information of our employees, customers,
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationMedia Protection Program
Media Protection Program Version 1.0 November 2017 TABLE OF CONTENTS 1.1 SCOPE 2 1.2 PRINCIPLES 2 1.3 REVISIONS 3 2.1 OBJECTIVE 4 3.1 PROGRAM DETAILS 4 3.2 MEDIA STORAGE AND ACCESS 4 3.3 MEDIA TRANSPORT
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationInformation Security Strategy
Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone
More informationInformation Security BYOD Procedure
Information Security BYOD Procedure A. Procedure 1. Audience 1.1 This document sets out the terms of use for BYOD within the University of Newcastle. The procedure applies to all employees of the University,
More informationApril Appendix 3. IA System Security. Sida 1 (8)
IA System Security Sida 1 (8) Table of Contents 1 Introduction... 3 2 Regulatory documents... 3 3 Organisation... 3 4 Personnel security... 3 5 Asset management... 4 6 Access control... 4 6.1 Within AFA
More informationFrequently Asked Question Regarding 201 CMR 17.00
Frequently Asked Question Regarding 201 CMR 17.00 What are the differences between this version of 201 CMR 17.00 and the version issued in February of 2009? There are some important differences in the
More informationDepartment of Public Health O F S A N F R A N C I S C O
PAGE 1 of 9 Category: Information Technology Security and HIPAA DPH Unit of Origin: Department of Public Health Policy Owner: Phillip McDown, CISSP Phone: 255-3577 CISSPCISSP/C Distribution: DPH-wide Other:
More informationCredentials Policy. Document Summary
Credentials Policy Document Summary Document ID Credentials Policy Status Approved Information Classification Public Document Version 1.0 May 2017 1. Purpose and Scope The Royal Holloway Credentials Policy
More informationAccess Control Policy
Access Control Policy Version Control Version Date Draft 0.1 25/09/2017 1.0 01/11/2017 Related Polices Information Services Acceptable Use Policy Associate Accounts Policy IT Security for 3 rd Parties,
More informationControls Electronic messaging Information involved in electronic messaging shall be appropriately protected.
I Use of computers This document is part of the UCISA Information Security Toolkit providing guidance on the policies and processes needed to implement an organisational information security policy. To
More informationPhysical and Environmental Security Standards
Physical and Environmental Security Standards Table of Contents 1. SECURE AREAS... 2 1.1 PHYSICAL SECURITY PERIMETER... 2 1.2 PHYSICAL ENTRY CONTROLS... 3 1.3 SECURING OFFICES, ROOMS AND FACILITIES...
More informationRemote Working Policy
[Type text] [Type text] [Type text] Information Management & Policy Services (IMPS) Remote Working Policy 1 Scope and definitions 1.1 This policy applies to all staff who use or access University systems
More informationPROCEDURE Cryptographic Security. Number: G 0806 Date Published: 6 July 2010
1.0 About this procedure This procedure explains the specific requirements that staff handling cryptographic material must follow. Cryptographic material is the medium by which we will configure any computer
More informationData Protection Privacy Notice
PETA Limited Page 1 of 7 Data Protection Privacy Notice PETA Limited provides a range of services to both members of the public and to those employed within business. To enable us to provide a service,
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationServer Security Policy
Server Security Policy Date: Januray 2016 Policy Title Server Security Policy Policy Number: POL 029 Version 3.0 Policy Sponsor Policy Owner Committee Director of Business Support Head of ICU / ICT Business
More informationMade In Hackney Data Protection Policy Last Updated:
Made In Hackney Data Protection Policy Last Updated: 16.05.2018 Definitions Charity GDPR Responsible Person Register of Systems Made In Hackney (MIH), a registered charity. means the General Data Protection
More informationPrivacy Policy Wealth Elements Pty Ltd
Page 1 of 6 Privacy Policy Wealth Elements Pty Ltd Our Commitment to you Wealth Elements Pty Ltd is committed to providing you with the highest levels of client service. We recognise that your privacy
More information2017 HSC Information and Digital Technology Networking and Hardware Marking Guidelines
2017 HSC Information and Digital Technology Networking and Hardware Marking Guidelines Section I Multiple-choice Answer Key Question Answer 1 B 2 A 3 B 4 D 5 C 6 B 7 D 8 D 9 C 10 A 11 A 12 D 13 B 14 C
More informationSTATE OF NEW JERSEY. ASSEMBLY, No th LEGISLATURE. Sponsored by: Assemblywoman ANNETTE QUIJANO District 20 (Union)
ASSEMBLY, No. 0 STATE OF NEW JERSEY th LEGISLATURE INTRODUCED NOVEMBER 0, 0 Sponsored by: Assemblywoman ANNETTE QUIJANO District 0 (Union) SYNOPSIS Requires certain persons and business entities to maintain
More informationINFORMATION SYSTEMS SECURITY POLICY (ISSP)
INFORMATION SYSTEMS SECURITY POLICY (ISSP) Policy Number & Category IG 02 Information Governance Version Number & Date Version 3.7 February 2009 Ratifying Committee Date Approved March 2009 Next Review
More informationWriter Corporation. Data Protection Policy
Writer Corporation Data Protection Policy 1. Introduction The Data Protection Policy (DPP) lays a solid foundation for the development and implementation of secure practices within Writer Corporation (the
More informationUlster University Standard Cover Sheet
Ulster University Standard Cover Sheet Document Title Portable Devices Security Standard 1.5 Custodian Approving Committee Deputy Director of Finance and Information Services (Information Services) Information
More informationSDHS Security Policy v5.3, revised March 2015
SDHS Security Policy v5.3, revised March 2015 The SDHS Security Policy is reviewed annually by the Council of the School - the policy presented here was approved in March 2015. Interim revisions may be
More information