Information security
Records are held in accordance with information security compliance requirements.
Introduction
There must be evidence of robust policies and procedures in place in order to protect our information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction.
Compliance
Our Information Security Policy and Acceptable Use Policy have been approved by the Corporate Management team. All staff are required to comply with these polices which are supported by a framework of comprehensive policies, codes of practice and guidance documents.
Improvement actions and review
We're currently introducing a new Information Asset Register system, which will enable the linking of security classifications with its business classification scheme. Policy and related document reviews and assessments are instigated by the Information Security and Digital Risk Officer.
Responsible officer
Information Security and Digital Risk Officer
Documents
- View our information security policy (PDF) [178KB] (opens new window)
- View our acceptable use policy (PDF) [138KB] (opens new window)
- View our supplier information and cyber security policy (PDF) [262KB] (opens new window)
- View our information management and handling policy (PDF) [140KB] (opens new window)
- View our information classification procedure (PDF) [97KB] (opens new window)
- View our handling information dos and don'ts (PDF) [70KB] (opens new window)
- View our incident and lost or stolen equipment reporting (PDF) [358KB] (opens new window)
- View our information security forum terms of reference (PDF) [126KB] (opens new window)
- View our passphrase guidance (PDF) [334KB] (opens new window)
- View our information security training (PDF) [541KB] (opens new window)
- View our redaction guidance (PDF) [820KB] (opens new window)
