NHS Ayrshire & Arran Organisation & Human Resource Development Policy. Appropriate Use of IT Facilities Policy
|
|
- Caroline Suzan Strickland
- 6 years ago
- Views:
Transcription
1 NHS Ayrshire & Arran Organisation & Human Resource Development Policy Appropriate Use of IT Facilities Policy Version: 1.5 Date Approved: Author: Dept O&HRD, IT Security & Review date: Information Governance Approved by: Information Governance Operational Delivery Group/HR Policy Review/ APF Document uncontrolled when printed
2 DOCUMENT CONTROL SHEET Key Information: Title: Appropriate Use of IT Facilities Policy Document Status: Approved Document Type: Policy Version Number: 01.5 Document location: AthenA Author: Dept O&HRD / IT Security / Information Governance Owner: Dept O&HRD / IT Security / Information Governance Approved By: Information Governance Operational Delivery Group Date Effective From: Updated Approved Review Frequency: 2 years Next Review Date: Contact: Marianne Brown (IT Security) / Liz Bacon (Dept O&HRD) Revision History: Version: Date: Summary of Changes: Responsible Officer: Approvals: this document was formally approved by: Name/Title/Group Date: Version: Information Governance Operational Delivery Group HR Policy Review Group Area Partnership Forum Dissemination Arrangements: Intended audience: Method: Date Version: All NHS Ayrshire & Arran staff AthenA & Stop Press Linked Documentation: Document Title: Document File Path: NB. This document is uncontrolled when printed. The contents of this document are subject to change, any paper copy is only valid on the day of printing. To ensure you have the most up to date version of this document please use the link to access the document directly from AthenA. Document uncontrolled when printed Page: Page 2 of 12
3 Table of Contents 1 Introduction Related Policy, Guidance and Legislation Authorisations of Access Personal Use Specific Obligations Mobile Devices and Removable Media Secure Destruction Network Connection and Remote Access Expectation of Privacy Information Security Breaches...11 Document uncontrolled when printed Page: Page 3 of 12
4 1 Introduction Members of staff are provided, where appropriate, with access to IT facilities including and internet facilities to assist them in carrying out their duties. All IT facilities are the property of NHS Ayrshire and Arran and as such are to be used only for legitimate business purposes and limited personal use, in accordance with section 4 of this policy. NHS Ayrshire & Arran must abide by the policies in relation to connecting to the NHSScotland network. All users must comply with this policy and all of the associated policies listed in section 2. All users must ensure that their actions: - Are consistent with the law - Do not bring NHS Ayrshire & Arran into disrepute or place it in a position of liability - Do not cause damage or destruction to NHS Ayrshire & Arran s systems or business - Do not violate any provision set out in this policy or any other NHS Ayrshire & Arran policy or standard of conduct. Staff should be aware that any material e.g. documents, spreadsheets etc that they create or store on NHS Ayrshire and Arran IT facilities are viewed as corporate records and are the property of NHS Ayrshire & Arran. 2 Related Policy, Guidance and Legislation 2.1 Local NHS Ayrshire & Arran Secure Storage, Communication and Transportation of Personal Information Policy NHS Ayrshire & Arran Management of Employee Conduct Policy Reporting and Managing an Information Security Breach Social Media Policy 2.2 National HDL (2006) 41 NHS Scotland Information Security Policy Document uncontrolled when printed Page: Page 4 of 12
5 CEL 31 (2010) Updated Records Management: NHS Code of Practice (Scotland) CEL 25 (2012) NHS Scotland Mobile Data Protection Standard Data Protection Act 1998 Freedom of Information (Scotland) Act 2002 Caldicott Principles Protecting Patient Confidentiality NHS Scotland Code of Practice Information Commissioners Office Employment Practices Code Computer Misuse Act Authorisations of Access Access to NHS Ayrshire & Arran IT facilities including system access, internet or access will only be granted on receipt of an appropriately completed and authorised System Access Request. All users must use their own unique username and password to access NHS Ayrshire & Arran IT facilities. Gaining access by using another employee s username and password constitutes a breach of organisational policy. Sharing passwords or allowing another member of staff to use your PC or access a system while you are logged on constitutes a breach of organisational policy. For the purposes of shared laptops encryption passwords can be shared with other members of staff where required. This password does not provide access to any sensitive information and is used only to allow the laptop to start up. 4 Personal Use IT Facilities are made available to staff for business purposes to support them in undertaking their role and fulfilling their duties and responsibilities. Staff are permitted to use IT Facilities for non work related matters where it does not intrude with the users work, colleagues, patients or the environment; does not appear to have been sent on behalf of the organisation; does not bring NHS Ayrshire and Arran into disrepute; and does not contravene this policy or any of the policy, Document uncontrolled when printed Page: Page 5 of 12
6 guidance and legislation detailed in Section 2.0. Non work related activity must be limited to non working time. 4.1 The facilities must not be used for personal gain e.g. running a business from work or selling personal items. 4.2 Personal use of mobile devices e.g. laptops, ipads and iphones exposes the device and the organisation to increased risk when the device is in use outwith the security of the NHS Ayrshire & Arran network. Therefore personal use of mobile devices must comply with the same conditions as if the device was used on the NHS Ayrshire & Arran network and adhere to the requirements in Section 5 of this policy. 4.3 Users must not store personal files (not business related, such as photographs, music or documents) on NHS Ayrshire and Arran systems, e.g. within or on H:, C: or shared drives. Personal use of IT facilities during work time is not appropriate, and any such misuse may be considered a disciplinary matter. 5 Specific Obligations All users must ensure that they familiarise themselves with and comply with the related policy, guidance and legislation listed in Section 2.0 to ensure that individual s rights to confidentiality are respected and the integrity and security of information systems and IT facilities are maintained at all times. 5.1 Users must not knowingly - Produce, send, view or access defamatory material - Send, view, access or post communications that knowingly cause distress or offence to another user, or that are intended to annoy, harass or intimidate another person - Send, view, store, access or transmit any files of an illegal, hateful, sexually explicit, obscene, pornographic or otherwise objectionable nature - Attempt to introduce viruses. The transmission or propagation of any virus, worm or malicious code is expressly forbidden - Purchase, install or download any unapproved or unlicensed software or applications. Contact should be made with the ehealth Service Desk for all software installation enquiries - Save, view or access material which breaches copyright such as music or movie files - Attempt to remove or bypass any security systems in place - Connect any non NHS Ayrshire & Arran device to the NHS Ayrshire & Arran network or systems - Send persistent unwanted communications to an individual Document uncontrolled when printed Page: Page 6 of 12
7 - Register their NHS address for non work related communication/websites 5.2 Users must not: - waste resources by sending or inviting large amounts of unnecessary e.g. you must not register your nhs provided address on non work related sites - forward chain mail, joke s or other frivolous - use the system for excessive personal use - use any IT facility for personal gain e.g. running a business External business s MUST include the following statement: The information contained in this is confidential and is intended only for the named recipient(s). If you are not the intended recipient you must not copy, distribute or take any action on or place any reliance on it. If you have received this in error, please notify the sender. Any unauthorised disclosure of the information contained in this is strictly prohibited. Staff should be aware that s generated within the NHS Ayrshire & Arran system are viewed as corporate records and may legitimately be requested under the Freedom of Information (Scotland) Act s which contain personal information can also be requested by the subject of the information under the Data Protection Act 1998, for example if a patient is discussed by , that patient has a right to get access to personal information relating to them contained within the , unless any exemptions apply. All s entering the organisation or originating from the organisation are automatically filtered to ensure that the system is secure and used appropriately. s containing the following content are automatically blocked by the system as they present an increased risk to the Information Systems within the organisation: Files: -.exe files - spam attachments Keywords which fall within the following categories: - offensive language - spam - chainmail Subject lines as appropriate From senders as appropriate Document uncontrolled when printed Page: Page 7 of 12
8 Virus or malware infected IT Security continually reviews and amends the categories of content blocked within s to ensure the integrity and security of the system. s which include blocked content will then be viewed by the IT Security Team to ensure that the has been appropriately blocked. IT Security will also highlight possible defamatory material. An incident report will be raised when individuals have been identified as sending s containing the content from the above categories. This will initially be brought to the attention of an HR Manager who will contact the employee s line manager thereafter and if required managed in accordance with the procedures detailed in Reporting and Managing an Information Security Breach. 5.3 Internet Users must not: - Knowingly visit internet websites which contain illegal, sexually explicit, pornographic, obscene, hateful or otherwise objectionable material - Publish or post comments or material that knowingly cause distress or offence to another user, or that is intended to annoy, harass or intimidate another person - Publish or post comments which breach the Social Media Policy - Download software unless instructed to do so by ehealth & Infrastructure Services - Download or access material such as video, music, games, screensavers for non-work related purposes - Use web proxies to gain access to blocked websites, or try to bypass internet filters in any other way. NHS Ayrshire & Arran denies access to the following categories of websites: adverts gambling hate and discrimination offensive & tasteless dating gaming hacking Unlawful activity pornography & adult material radio stations proxy avoidance Non approved weblog & social interaction SMS mobile & telephony services Non authorised instant messaging streaming media & media downloads violence weapons Document uncontrolled when printed Page: Page 8 of 12
9 Accessing internet sites containing the content noted under Section 5 constitutes a breach of this policy and will be managed in accordance with the procedures detailed in Reporting and Managing an Information Security Breach document. Users should be aware that NHS Ayrshire & Arran has software capable of recording the internet history of all users. 6 Mobile Devices and Removable Media All users must adhere to the NHS Scotland ehealth Mobile Data Protection Standard. This standard applies to all mobile devices such as laptops, PDAs, ipads, iphones, Blackberrys etc and removable media such as usb memory sticks, cds/dvds, floppy disks, backup tapes, external hard drives etc All mobile devices must: - have appropriate security controls regardless of the sensitivity of the information stored - be kept physically secure and locked away when not in use - be registered and allocated to an owner, the device must be returned when an owner leaves post - Only have approved software or apps installed. You must not purchase, install or download any unapproved or unlicensed software or applications. Contact should be made with the ehealth Service Desk for all software installation or upgrade enquiries. 6.1 Mobile Devices NHS Ayrshire & Arran mobile devices must have full disk encryption applied. This software will be installed by IT Security. Where devices cannot be fully encrypted a risk assessment must be carried out by the department requesting the mobile device for approval by IT Security and Information Governance. NHS Ayrshire & Arran equipment must only be used by anyone other than the employee of NHS Ayrshire & Arran. 6.2 Removable media - NHS Ayrshire & Arran approved media must be used - Port blocking software is installed on all devices to ensure that only approved removable media can be used - All removable media must be encrypted. IT Security can advise on this - A risk assessment must be carried out by the requestor of any device that is required to store any Personal/Patient Identifiable Information or sensitive Business Information Document uncontrolled when printed Page: Page 9 of 12
10 - Where removable media cannot be encrypted, a risk assessment must be carried out by the department requesting the device for approval by IT Security and Information Governance - Approved removable media are provided for work purposes only. The use of removable media is logged centrally and is regularly audited. Inappropriate use will be reported to the relevant Director. 6.3 Use of mobile devices on Non NHS Premises NHS Ayrshire & Arran devices can be connected to non NHS networks including home networks providing the following is adhered to: - Access has been agreed with your line manager and ehealth & Infrastructure Services have been notified - Antivirus software is up to date prior to connection - All security patches are up to date (e.g. windows updates) - Mobile devices are returned to NHS Ayrshire & Arran workplace at least once per month and connected to the network to allow all patches/updates to be applied. - Devices must be appropriately secured at all times in line with the NHS Ayrshire & Arran Secure Storage Communication & Transportation of Personal Information Policy 7 Secure Destruction All IT related hardware such as PCs, laptops, pdas, Blackberrys, iphones and all removable media such as CDs, disks, memory sticks or backup tapes must be disposed of by ehealth & Infrastructure Services. The ehealth Service Desk will uplift and arrange for secure destruction of all media and devices. Contact the ehealth Service Desk to arrange for secure destruction. 8 Network Connection and Remote Access To ensure that the information, systems and network within NHS Ayrshire & Arran remains safe and secure the following rules are essential: Do not connect any device (computer, laptop, printer, PDA, router, modem, wireless network, etc) to the NHS Ayrshire and Arran network unless the device is owned by NHS Ayrshire & Arran. Personally owned equipment must not be connected to the NHS Ayrshire & Arran s network for any purpose. Document uncontrolled when printed Page: Page 10 of 12
11 All systems and devices provided by the Organisation are subject to the same conditions of use whether they are used remotely (at home) or on an NHS Ayrshire and Arran site. NHS Ayrshire & Arran may disable or remove without warning any device detected on the network that has not been authorised and securely installed by ehealth & Infrastructure Services. 9 Expectation of Privacy NHS Ayrshire & Arran has software and systems in place capable of recording activity for all users, transactions and messages using the NHS Ayrshire & Arran network. NHS Ayrshire & Arran IT facilities are provided for business purposes although limited personal use is permissible. No user of NHS Ayrshire & Arran IT facilities should have any expectation of privacy as to his or her use of the IT facilities. NHS Ayrshire & Arran may review any activity and analyse employee usage patterns, it may choose to publicise those data in an anonymous format to ensure that IT resources are devoted to maintaining the highest levels of business productivity. NHS Ayrshire & Arran is bound by the terms of the: - Data Protection Act Human Rights Act 1998 Any investigation into an employee s use of IT Facilities will be conducted in compliance with the above Acts, and the Information Commissioner s Office Employment Practices Code. 10 Information Security Breaches Information Security Breach refers to an incident or situation where personal identifiable information entrusted to the organisation is made substantially susceptible to or is: Unlawfully processed Unlawfully disclosed Accidentally lost, destroyed or damaged, or Where the NHS Ayrshire & Arran Appropriate Use of IT Facilities (this policy) or NHS Scotland Information Security Policy has been breached Document uncontrolled when printed Page: Page 11 of 12
12 All information security breaches must be reported to the IT Security Team or the Information Governance Team via Datix Incident Reporting System. Managers should refer to Reporting and Managing an Information Security Breach Procedure Document uncontrolled when printed Page: Page 12 of 12
Communication and Usage of Internet and Policy
Communication and Usage of Internet and Email Policy Policy Category Administration Policy Code ADM HE 27 Policy owner Chief Executive Officer Responsible Officer Chief Executive Officer Approving authority
More informationPUPIL ICT ACCEPTABLE USE POLICY
PUPIL ICT ACCEPTABLE USE POLICY Document control This document has been approved for operation within: All Trust Schools Date of last review August 2018 Date of next review August 2020 Review period Status
More informationViolations of any portion of this policy may be subject to disciplinary action up to and including termination of employment.
Page 1 of 6 Policy: All computer resources are the property of Lee County and are intended to be used for approved County business purposes. Users are permitted access to the computer system to assist
More informationACCEPTABLE USE ISO INFORMATION SECURITY POLICY. Author: Owner: Organisation: Document No: Version No: 1.0 Date: 10 th January 2010
INFORMATION SECURITY POLICY EMAIL ACCEPTABLE USE ISO 27002 7.1.3 Author: Owner: Organisation: Document No: Chris Stone Ruskwig TruePersona Ltd SP-7.1.3 No: 1.0 Date: 10 th January 2010 Copyright Ruskwig
More informationICT Portable Devices and Portable Media Security
ICT Portable Devices and Portable Media Security Who Should Read This Policy Target Audience All Trust Staff, contractors, and other agents, who utilise trust equipment and access the organisation s data
More informationSTUDENT ICT ACCEPTABLE USE POLICY
The Olive School, Blackburn This policy is in line with the Mission Statement of the School To promote a culture of educational excellence, from within a caring and secure Islamic environment enriched
More informationEA-ISP-009 Use of Computers Policy
Technology & Information Services EA-ISP-009 Use of Computers Policy Owner: Nick Sharratt Author: Paul Ferrier Date: 28/03/2018 Document Security Level: PUBLIC Document Version: 1.05 Document Ref: EA-ISP-009
More informationEnviro Technology Services Ltd Data Protection Policy
Enviro Technology Services Ltd Data Protection Policy 1. CONTEXT AND OVERVIEW 1.1 Key details Rev 1.0 Policy prepared by: Duncan Mounsor. Approved by board on: 23/03/2016 Policy became operational on:
More informationGrand Avenue Primary and Nursery School ICT Data management. Contents
Grand Avenue Primary and Nursery School ICT Data management Contents 1. Acceptable Use Statement 2. Transfer and Offsite Use of Sensitive Data 3. E-safety 4. Declaration Introduction These three policy
More informationSTUDENT ACCEPTABLE USE OF IT SYSTEMS POLICY
STUDENT ACCEPTABLE USE OF IT SYSTEMS POLICY Introduction The college offer an extensive range of IT systems across campuses and online for course related activities and drop-in purposes. This policy applies
More informationElement Finance Solutions Ltd Data Protection Policy
Element Finance Solutions Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationElectronic Network Acceptable Use Policy
Electronic Network Acceptable Use Policy 2016-2017 www.timothychristian.com ELECTRONIC NETWORK ACCEPTABLE USE POLICY Electronic Network This Policy is intended to serve as a guide to the scope of TCS s
More informationName of Policy: Computer Use Policy
Page: Page 1 of 5 Director Approved By: Approval Date: Reason(s) for Change Responsible: Corporate Services Leadership April 22, Reflect current technology and practice Corporate Services Leadership Leadership
More informationREPORTING INFORMATION SECURITY INCIDENTS
INFORMATION SECURITY POLICY REPORTING INFORMATION SECURITY INCIDENTS ISO 27002 13.1.1 Author: Owner: Organisation: Document No: Chris Stone Ruskwig TruePersona Ltd SP-13.1.1 Version No: 1.0 Date: 1 st
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationTERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE
TERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE 1. General The term PPS refers to: Professional Provident Society Holdings Trust, (The Holding Trust); Professional
More informationService Specific Terms & Conditions
These Service Specific Terms and Conditions together with the General Terms and Conditions apply when We provide Service to You. You are deemed to have accepted these Service Specific Terms and Conditions
More informationPTLGateway Acceptable Use Policy
1 PTLGateway Acceptable Use Policy Last Updated Date: 02 March 2018 Acceptable Use Policy Your use of our Services must fall within our Acceptable Usage Policy. Contents Key details... 1 COVERAGE OF THIS
More informationELECTRONIC MAIL POLICY
m acta I. PURPOSE The Information Systems (IS) Department is responsible for development and maintenance of this policy. The Finance and Administration Division is responsible for publishing and distributing
More informationPolicy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.
London School of Economics & Political Science IT Services Policy Remote Access Policy Jethro Perkins Information Security Manager Summary This document outlines the controls from ISO27002 that relate
More informationCreative Funding Solutions Limited Data Protection Policy
Creative Funding Solutions Limited Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationUCL Policy on Electronic Mail ( )
LONDON S GLOBAL UNIVERSITY UCL Policy on Electronic Mail (EMAIL) Information Security Policy University College London Document Summary Document ID Status Information Classification Document Version TBD
More informationData protection policy
Data protection policy Context and overview Introduction The ASHA Centre needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees
More informationStaff Information System Acceptable Use Policy
Staff Information System Acceptable Use Policy Hing Shung Chan Vice President of Information Technology Information Security Officer Table of Contents I. Definitions II. Rights and Responsibilities III.
More informationSubject: Kier Group plc Data Protection Policy
Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective
More informationPS 176 Removable Media Policy
PS 176 Removable Media Policy December 2013 Version 2.0 Statement of legislative compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data
More informationICT User Policy. for use in Essa Academy Essa Primary Academy Essa Nursery and Support Services
ICT User Policy for use in Essa Academy Essa Primary Academy Essa Nursery and Support Services For approval and adoption by the Board of Directors- 7 July 2017 For adoption by Essa Academy LGB- 19 September
More informationAccess Control Policy
Access Control Policy Version Control Version Date Draft 0.1 25/09/2017 1.0 01/11/2017 Related Polices Information Services Acceptable Use Policy Associate Accounts Policy IT Security for 3 rd Parties,
More informationPCA Staff guide: Information Security Code of Practice (ISCoP)
PCA Staff guide: Information Security Code of Practice (ISCoP) PCA Information Risk and Privacy Version 2015.1.0 December 2014 PCA Information Risk and Privacy Page 1 Introduction Prudential Corporation
More informationData protection. 3 April 2018
Data protection 3 April 2018 Policy prepared by: Ltd Approved by the Directors on: 3rd April 2018 Next review date: 31st March 2019 Data Protection Registration Number (ico.): Z2184271 Introduction Ltd
More informationThis Policy applies to all staff and other authorised users in St Therese School.
St. Therese School Computer and Internet Policy STAFF Policy Statement All staff and other authorised users of St Therese information and communications technology are to use the technology only in a way
More informationTELEPHONE AND MOBILE USE POLICY
TELEPHONE AND MOBILE USE POLICY Date first approved: 9 December 2016 Date of effect: 9 December Date last amended: (refer Version Control Table) Date of Next Review: December 2021 First Approved by: University
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationINFORMATION TECHNOLOGY SECURITY POLICY
INFORMATION TECHNOLOGY SECURITY POLICY Author Responsible Director Approved By Data Approved September 15 Date for Review November 17 Version 2.3 Replaces version 2.2 Mike Dench, IT Security Manager Robin
More informationSynchrotron Light Source Australia Pty Ltd
Document no: 22670 Revision no: 2.0 Date: 11 August 2014 Synchrotron Light Source Australia Pty Ltd ABN 18 159 468 256 ACN 159 468 256 www.synchrotron.org.au 800 Blackburn Road, CLAYTON, VIC, 3168 p +613
More informationUWTSD Group Data Protection Policy
UWTSD Group Data Protection Policy Contents Clause Page 1. Policy statement... 1 2. About this policy... 1 3. Definition of data protection terms... 1 4. Data protection principles..3 5. Fair and lawful
More informationCorporate Policy. Revision Change Date Originator Description Rev Erick Edstrom Initial
Corporate Policy Information Systems Acceptable Use Document No: ISY-090-10 Effective Date: 2014-06-10 Page 1 of 5 Rev. No: 0 Issuing Policy: Information Systems Department Policy Originator: Erick Edstrom
More informationThe purpose of this guidance is: To provide a comprehensive understanding to complying with the universities Acceptable Use Policy.
Policy Acceptable Use Guidance 1 Introduction This guidance compliments the University of East London s Acceptable Use Policy. It puts into perspective specific situations that will help you provide a
More informationInformation Security Policy for Associates and Contractors
Information Security Policy for Associates and Contractors Version: 1.13 Date: 11 October 2016 Reference: 67972761 Location: Livelink Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...
More informationUKIP needs to gather and use certain information about individuals.
UKIP Data Protection Policy Context and overview Key details Policy Update Prepared by: D. Dennemarck / S. Turner Update approved by Management on: November 6, 2015 Policy update became operational on:
More informationDCSZ Student AUP Policy
Dulwich College Suzhou DCSZ Student AUP Policy This Policy is underpinned by our School Guiding Statement (No.2) The College provides a safe, secure and stimulating environment Policy Code G1.1.2 Effective
More informationComputer and Internet Use Policy
Computer and Internet Use Policy Author Simon Allan Date Written Autumn 2015 Review Date Autumn 2018 Date Ratified by the Governing Body Autumn 2015 Computer and Internet Use Policy Outline/Overview This
More informationAcceptable Use Policy
Acceptable Use Policy 1. Overview ONS IT s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to ONS established culture of openness, trust and integrity.
More informationAcceptable Usage Policy (Student)
Acceptable Usage Policy (Student) Author Arthur Bogacki Date 18/10/2017 Version 1.1 (content sourced and consolidated from existing Email and Electronic Communication, and User Code of Practice policies.)
More informationPolicy General Policy GP20
Email Policy General Policy GP20 Applies to All employees Committee for Approval Quality and Governance Committee Date of Approval September 2012 Review Date June 2014 Name of Lead Manager Head of Technology
More informationREGULATION BOARD OF EDUCATION FRANKLIN BOROUGH
R 3321/Page 1 of 6 The school district provides computer equipment, computer services, and Internet access to its pupils and staff for educational purposes only. The purpose of providing technology resources
More informationThe John Fisher School ICT Policy
The John Fisher School ICT Policy Responsible: Governors Resources Committee Review Date: May 2018 The need for a policy All The John Fisher School s information communication technology (ICT) facilities
More informationInternet, , Social Networking, Mobile Device, and Electronic Communication Policy
TABLE OF CONTENTS Internet, Email, Social Networking, Mobile Device, and... 2 Risks and Costs Associated with Email, Social Networking, Electronic Communication, and Mobile Devices... 2 Appropriate use
More informationFERPA & Student Data Communication Systems
FERPA & Student Data Ellevation is subject to the Family Educational Rights and Privacy Act (FERPA) as operating under the "school official" exception, wherein student directory and PII (Personal Identifying
More informationAcceptable Use Policy
Acceptable Use Policy. August 2016 1. Overview Kalamazoo College provides and maintains information technology resources to support its academic programs and administrative operations. This Acceptable
More informationIT Appropriate Use - Best Practice for Guidelines. Section 1 - Purpose / Objectives. Section 2 - Scope / Application. Section 3 - Definitions
IT Appropriate Use - Best Practice for Email Guidelines Section 1 - Purpose / Objectives (1) Email is used at Victoria University as a business communication tool and users are obliged to use this tool
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Colin Sloey Implementation Date: September 2010 Version Number:
More informationINFORMATION ASSET MANAGEMENT POLICY
INFORMATION ASSET MANAGEMENT POLICY Approved by Board of Directors Date: To be reviewed by Board of Directors March 2021 CONTENT PAGE 1. Introduction 3 2. Policy Statement 3 3. Purpose 4 4. Scope 4 5 Objectives
More informationICT Acceptable Use Policy for Students
ICT Acceptable Use Policy for Students a 52 Eurobin Avenue, Manly NSW 2095 t +61 2 9977 5144 f +61 2 9976 2753 cricos 03290E e administration@stellamaris.nsw.edu.au w www.stellamaris.nsw.edu.au abn 88
More informationAcceptable Use Policy
Acceptable Use Policy 1. Purpose The purpose of this policy is to outline the acceptable use of computer equipment at Robotech CAD Solutions. These rules are in place to protect the employee and Robotech
More informationAcceptable Use Policy
Acceptable Use Policy 1. Overview The Information Technology (IT) department s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Quincy College s established
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationAcceptable Use of Policy
Acceptable Use of email Policy Printed copies must not be considered the definitive version DOCUMENT CONTROL POLICY NO. 82 Policy Group: Author: Reviewer: Information Assurance and Security Andrew Turner
More informationCODE OF CONDUCT FOR INFORMATION TECHNOLOGY, COMPUTER, TELEPHONE AND EQUIPMENT USE
CODE OF CONDUCT FOR INFORMATION TECHNOLOGY, COMPUTER, TELEPHONE AND EQUIPMENT USE INTENDED USE This Code is intended for the school s staff to provide directions in their work as to the standards for use
More informationNetwork Security Policy
Network Security Policy Date: January 2016 Policy Title Network Security Policy Policy Number: POL 030 Version 3.0 Policy Sponsor Policy Owner Committee Director of Business Support Head of ICU / ICT Business
More informationDONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY
DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY Published By: Fusion Factor Corporation 2647 Gateway Road Ste 105-303 Carlsbad, CA 92009 USA 1.0 Overview Fusion Factor s intentions for publishing an
More informationICT Acceptable Use Policy (AUP)
ICT Acceptable Use Policy (AUP) ICT AUP v 5.1 DRAFT Page 1 of 14 Version Control Version Revision Date Author (s) Distributed Notes 1.2 Issued 02/02/2000 1.3 Issued 05/02/2010 Judy Wyld/Jon Shepherd/Vicki
More information<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy
Policy Title: Effective Date: Revision Date: Approval(s): LASO: CSO: Agency Head: Allowed Personally Owned Device Policy Every 2 years or as needed Purpose: A personally owned information system or device
More informationBring Your Own Device Policy
Bring Your Own Device Policy 2015 City of Glasgow College Charity Number: SCO 36198 Page 1 of 9 Table of Contents 1. Introduction... 3 2. Purpose and Aims... 4 3. Scope... 4 4. Policy Statement... 5 4.1
More informationAcceptable Use Policy
Acceptable Use Policy This Acceptable Use Policy is in addition to South Central Communication s Terms of Service and together the documents constitute the Agreement between South Central Communications
More informationE RADAR. All Rights Reserved. Acceptable Use Policy
Email Acceptable Use Policy For further help, please contact support@eradar.eu Item Number LD 0002 Author E RADAR LIMITED Disclaimer This template is provided with the understanding that the publisher
More informationINFORMATION SECURITY POLICY
Open Open INFORMATION SECURITY POLICY OF THE UNIVERSITY OF BIRMINGHAM DOCUMENT CONTROL Date Description Authors 18/09/17 Approved by UEB D.Deighton 29/06/17 Approved by ISMG with minor changes D.Deighton
More information13. Acceptable Use Policy
13. Acceptable Use Policy Purpose Indian River State College s intention for publishing an Acceptable Use Policy is to outline the acceptable use of computer equipment and services at Indian River State
More informationAcceptable Use and Publishing Policy
1. Purpose This Policy outlines the principles, guidelines and requirements of acceptable use of and publishing to ecreators Pty Ltd (ecreators) hosting products and services. The purpose of this Policy
More informationSHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT
SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place
More informationISC10D026. Report Control Information
ISC10D026 Report Control Information Title: General Information Security Date: 28 January 2011 Version: v3.08 Reference: ICT/GISP/DRAFT/3.08 Authors: Steve Mosley Quality Assurance: ISSC Revision Date
More informationWriter Corporation. Data Protection Policy
Writer Corporation Data Protection Policy 1. Introduction The Data Protection Policy (DPP) lays a solid foundation for the development and implementation of secure practices within Writer Corporation (the
More informationComputer Use and File Sharing Policy
Computer Use and File Sharing Policy Williamson College recognizes the value of computer and other electronic resources to improve student learning and enhance the administration and operation of its school.
More informationAcceptable Use Policy
Acceptable Use Policy Effective: September 2, 2016 Purpose Montreat College is committed to protecting its employees, partners, and itself from illegal or damaging actions by individuals, either knowingly
More informationStaff AUP (Acceptable Use Policy)
Guidance review Date April 2014 Date of next Review April 2016 Who reviewed this Guidance? Deputy Headteacher Guidance: Staff AUP (Acceptable Use Policy) Rights Responsibilities How does the school protect
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationInformation Technology Access Control Policy & Procedure
Information Technology Access Control Policy & Procedure Version 1.0 Important: This document can only be considered valid when viewed on the PCT s intranet/u: Drive. If this document has been printed
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationMotorola Mobility Binding Corporate Rules (BCRs)
Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,
More informationJacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope
Jacksonville State University Acceptable Use Policy 1. Overview Information Technology s (IT) intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to Jacksonville
More informationHPE DATA PRIVACY AND SECURITY
ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationData Protection Policy
Introduction In order to; provide education, training, assessment and qualifications to its customers and clients, promote its services, maintain its own accounts and records and support and manage its
More informationInformation Security Management System ISO/IEC 27001:2013
Information Security Management System ISO/IEC 27001:2013 OF ICT FACILITIES PENGGUNAAN KEMUDAHAN ICT For PTM Use Only Date: 7 th June Written By: Junnaini Ismun Pengerusi Jawatankuasa ISMS Verified By:
More informationInternet, , and Computer Usage Policy
Important disclaimer: The policy available on this page is only an example and is furnished merely as an illustration of its category. It is not meant to be taken and used without consultation with a licensed
More informationStudent ICT Policy. May Matt Larkin
Student ICT Policy May 2016 Matt Larkin Contents 1. Introduction... 2 2. Usage of the College Network... 2 2.1. General... 2 2.2. Data security / allocation / retention... 3 2.3. Your account... 3 2.4.
More informationStudent Network, Computing & Software Usage Regulations Version th July 2006
Student Network, Computing & Software Usage Regulations Version 1.0 6 th July 2006 Copyright 2006 Institute of Technology, Sligo, Ireland. 1 1.1 General Computing Facilities Computing facilities provided
More informationPolicy Use of Information and Communications Technology (ICT) Resources
Policy Use of Information and Communications Technology (ICT) Resources Background This policy is necessary in order to: Provide all Hereworth members (Board, staff, boys and volunteers) with clear parameters
More informationMobile Computing Policy
Mobile Computing Policy Issue sheet Document reference NHSBSAIS004 Document location Title NHS Business Services Authority Mobile computing policy Author Head of Security and Information Assurance Issued
More informationData Protection Policy
Data Protection Policy Status: Released Page 2 of 7 Introduction Our Data Protection policy indicates that we are dedicated to and responsible of processing the information of our employees, customers,
More informationMARSTON S PLC EMPLOYEE POLICIES & PROCEDURES GROUP I.T. TELEPHONE AND SOCIAL MEDIA POLICY
LAST REVISION: November 2016 MARSTON S PLC EMPLOYEE POLICIES & PROCEDURES GROUP I.T. TELEPHONE AND SOCIAL MEDIA POLICY Policy Statement The computer systems, network, internet, intranet, communications
More informationData Handling Security Policy
Data Handling Security Policy May 2018 Newark Orchard School Data Handling Security Policy May 2018 Page 1 Responsibilities for managing IT equipment, removable storage devices and papers, in the office,
More informationBusiness Lite powered by Microsoft Office 365
Business Email Lite powered by Microsoft Office 365 Schedule to the General Terms Contents A note on you... 2 1. Service Summary... 2 2. Standard Service Components... 2 3. Service Management Boundary...
More informationINFORMATION CODE OF CONDUCT
Title & Version Contact Point Information Compliance, DoI 2(3), (020) 7091 5084 (Internal Network 78-5084) Location Summary Room 1 East, Edinburgh House The Information Code of Conduct sets out the policy
More informationBrazosport Independent School District Employee/Agent Acceptable Use Agreement For Internet/Network Access and Use
Brazosport Independent School District Employee/Agent Acceptable Use Agreement For Internet/Network Access and Email Use Please read this agreement carefully. Sign and date the last page and return to
More informationRemote Working & Mobile Devices Security Standard
TRUST-WIDE NON-CLINICAL DOCUMENT Remote Working & Mobile Devices Security Standard Standard Number: Scope of this Document: Recommending Committee: Approving Committee: SS02 All Staff Joint Information
More informationUWC International Data Protection Policy
UWC International Data Protection Policy 1. Introduction This policy sets out UWC International s organisational approach to data protection. UWC International is committed to protecting the privacy of
More informationData Protection Policy
Page 1 of 6 General Statement The Local Governing Bodies of the academies have overall responsibility for ensuring that records are maintained, including security and access arrangements, in accordance
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationAcceptable Use Policy
IT and Operations Section 100 Policy # Organizational Functional Area: Policy For: Date Originated: Date Revised: Date Board Approved: Department/Individual Responsible for Maintaining Policy: IT and Operations
More information