Information security
Records are held in accordance with information security compliance requirements.
Introduction
There must be evidence of robust policies and procedures in place in order to protect our information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction.
Compliance
Our Information Security Policy and Acceptable Use Policy have been approved by the Corporate Management team. All staff are required to comply with these polices which are supported by a framework of comprehensive policies, codes of practice and guidance documents.
Improvement actions and review
We're currently introducing a new Information Asset Register system, which will enable the linking of security classifications with its business classification scheme. Policy and related document reviews and assessments are instigated by the Information Security and Digital Risk Officer.
Responsible officer
Information Security and Digital Risk Officer
Documents
- View our information security policy (PDF, 178 KB)(opens new window)
- View our acceptable use policy (PDF, 138 KB)(opens new window)
- View our supplier information and cyber security policy (PDF, 262 KB)(opens new window)
- View our information management and handling policy (PDF, 140 KB)(opens new window)
- View our information classification procedure (PDF, 406 KB)(opens new window)
- View our handling Information in line with classification procedure (PDF, 220 KB)(opens new window)
- View our incident and lost or stolen equipment reporting (PDF, 358 KB)(opens new window)
- View our information security forum terms of reference (PDF, 126 KB)(opens new window)
- View our passphrase guidance (PDF, 334 KB)(opens new window)
- View our information security training (PDF, 541 KB)(opens new window)
- View our redaction guidance (PDF, 820 KB)(opens new window)