0 Jobs

Job Shortlist

Apply to these jobs

Close

Security

1. Introduction

1.1 City Calling Ltd recognises that information and the associated processes, systems and

networks are valuable assets and that the management of personal data has important implications

for individuals. Through its security policies, procedures and structures, City Calling will

facilitate the secure and uninterrupted flow of information, both within the company and in external

communications. City Calling believes that security is an integral part of the information

sharing which is essential to academic and corporate endeavour and the policies outlined below are

intended to support information security measures in the company.

 

1.2 This policy is based on recommendations contained in British Standard 7799 - A Code of Practice

for Information Security Management.

2. Definition

2.1 For the purposes of this document, information security is defined as the preservation of:

confidentiality: protecting information from unauthorised access and disclosure; integrity:

safeguarding the accuracy and completeness of information and processing methods; and

availability: ensuring that information and associated services are available to authorised users when

required.

 

2.2 Information exists in many forms. It may be printed or written on paper, stored electronically,

transmitted by post or using electronic means, shown on films, or spoken in conversation.

Appropriate protection is required for all forms of information to ensure business continuity and to

avoid breaches of the law and statutory, regulatory or contractual obligations

3. Protection of Personal Data

City Calling holds and processes information about users. When handling such information,

City Calling, and all staff or others who process or use any personal information, must comply

with the Data Protection Principles which are set out in the Data Protection Act 1998 (the 1998 Act).

4. Information Security Responsibilities

4.1 City Calling believes that information security is the responsibility of all members of the

City Calling team. Every person handling information or using company information systems is

expected to observe the information security policies and procedures, both during and, where

appropriate, after his or her time at the company.

 

4.2 This Policy is the responsibility of the Senior Management Teamat City Calling. This policy

may be supplemented by more detailed interpretation for specific sites, systems and services.

Implementation of information security policy is managed through the Information Compliance

Officer at City Calling.

5. Information Security Education and Training

City Calling recognises the need for all staffmembers to be aware of information security

threats and concerns, and to be equipped to support the Company’ssecurity policy in the course of

their normal work. The Information Security Officer shall implement a training programme for each

member of staff, at the behest of the company’s directors, and shall provide information and further

training in information security matters to answer particular requirements.

6. Compliance with Legal and Contractual Requirements

6.1 Authorised Use Company IT facilities must only be used for authorised purposes. Chris Curd

Design may from time to time monitor or investigate usage of IT facilities and any person found

using IT facilities or systems for unauthorised purposes, or without authorised access, may be

subject to disciplinary, and where appropriate, legal proceedings.

 

6.2 Monitoring of Operational Logs

 

City Calling shall only permit the inspection and monitoring of operational logs by computer

operations personnel and system administrators. Disclosure of information from such logs, to officers of the law or to support disciplinary proceedings, shall only occur (i) when required by and

consistent with law; (ii) when there is reason to believe that a violation of law or of a Company

policy has taken place; or (iii) when there are compelling circumstances.

 

6.3 Access to Company Records In general, the privacy of users' files will be respected but Chris Curd

Design reserves the right to examine systems, directories, files and their contents, to ensure

compliance with the law and with Company policies and regulations, and to determine which

records are essential for the Company to function administratively or to meet its professional

obligations.

 

6.4 Protection of Software

 

To ensure that all software and licensed products used within City Calling comply with the

Copyright, Designs and Patents Act 1988 and subsequent Acts (see appendix), City Calling will

carry out checks from time to time to ensure that only authorised products are being used, and will

keep a record of the results of those audits. Unauthorised copying of software or use of

unauthorised products by staff or students may be grounds for disciplinary, and where appropriate,

legal proceedings.

 

6.5 Virus Control

 

City Calling will maintain detection and prevention controls to protect against malicious

software and unauthorised external access to networks and systems. All users of City Calling

computers, including laptops, shall comply with best practice in order to ensure that up-to-date virus

protection is maintained on their machines

7. Retention and Disposal of Information

7.1 All staff have a responsibility to consider security when disposing of information in the course of

their work.

8. Reporting

8.1 All clients, staff members and other users should report immediately by email to

chris@chriscurddesign.co.uk, if any observed or suspected security incidents where a breach of the

City Calling security policies has occurred, any security weaknesses in, or threats to, systems

or services.

 

8.2. Software malfunctions should be reported to the City Calling team at

chris@chriscurddesign.co.uk

9. Business Continuity

City Calling will implement, and regularly update, a business continuity management process

to counteract interruptions to normal Company activity and to protect critical processes from the

effects of failures or damage to vital services or facilities.

Approved by the Academic Board

May 2001

Bishopsgate Payroll Solutions
Get jobs by email

Not registered? Sign up here

 

Already registered?

 

Congratulations! Your email alert has been set up.
 
 

Please enter your details here

 

Already have a Client Area login?