Data Protection
This policy applies to all information, information systems, networks, applications, locations and users of Satellite and Terrestrial Works Ltd under contract to it.
Dedicated internet providers
Data Protection
This policy applies to all information, information systems, networks, applications, locations and users of Satellite and Terrestrial Works Ltd under contract to it.
1. Responsibilities for Information Security
1.1 Ultimate responsibility for information security rests with the Director.
1.2 All staff shall comply with information security procedures including the maintenance of data confidentiality and data integrity. Failure to do so may result in disciplinary action
1.3 The Information Security Policy shall be maintained, reviewed and updated by the Director. This review shall take place annually.
1.4 Each member of staff shall be responsible for the operational security of the information systems they use.
1.5 Each system user shall comply with the security requirements that are currently in force, and shall also ensure that the confidentiality, integrity and availability of the information they use is maintained to the highest standard.
1.6 Contracts with external sub-contractors that allow access to the organisation’s information systems shall be in operation before access is allowed. These contracts shall ensure that the contractors shall comply with all appropriate security policies.
2. Legislation
2.1 Satellite and Terrestrial Works Ltd is obliged to abide by all relevant UK and European Union legislation. The requirement to comply with this legislation shall be devolved to employees and agents of the company, who may be held personally accountable for any breaches of information security for which they may be held responsible. Satellite and Terrestrial Works Ltd shall comply with the following legislation and other legislation as appropriate:
– The Data Protection Act (1998)
-The Data Protection (Processing of Sensitive Personal Data) Order 2000
– The Copyright, Designs and Patents Act (1988)
– The Computer Misuse Act (1990)
– The Health and Safety at Work Act (1974)
– Human Rights Act (1998)
– Regulation of Investigatory Powers Act 2000
– Freedom of Information Act 2000
– Health & Social Care Act 2001
3. Information Security Awareness Training
– Information security awareness training shall be included in the staff induction process.
– An ongoing awareness programme shall be established and maintained in order to ensure that staff awareness is refreshed and updated as necessary.
4. Access Controls Only authorised personnel who have a justified and approved business need shall be given access to restricted areas containing information systems or stored data.
5. Equipment Security
In order to minimise loss of, or damage to, all assets, equipment shall be physically protected from threats and environmental hazards.
6. Information Risk Assessment
Once identified, information security risks shall be managed on a formal basis. They shall be recorded within a baseline risk
register and action plans shall be put in place to effectively manage those risks. The risk register and all associated actions shall be reviewed at regular intervals. Any implemented information security arrangements shall also be a regularly reviewed feature of the Company’s risk management programme. These reviews shall help identify areas of continuing best practice and possible weakness, as well as potential risks that may have arisen since the last review was completed.
7. Protection from Malicious Software
The Company shall use software countermeasures and management procedures to protect itself against the threat of malicious software. All staff shall be expected to co-operate fully with this policy. Users shall not install software on the organisation’s property without permission from the Director. Users breaching this requirement may be subject to disciplinary action.
8. User media
Removable media of all types that contain software or data from external sources, or that have been used on external equipment, require the approval of the Director before they may be used on the Company’s systems. Such media must also be fully virus checked before being used on the Company’s equipment. Users breaching this requirement may be subject to disciplinary action.
9. Monitoring System Access and Use An audit trail of system access and data use by staff shall be maintained and reviewed on a regular basis.
The Regulation of Investigatory Powers Act (2000) permits monitoring and recording of employees’ electronic
communications (including telephone communications) for the following reasons:
– Establishing the existence of facts
– Investigating or detecting unauthorised use of the system
– Preventing or detecting crime
– Ascertaining or demonstrating standards which are achieved or ought to be achieved by persons using the system (quality control and training)
– In the interest of national security
– Ascertaining compliance with regulatory or self-regulatory practices or procedures
– Ensuring the effective operation of the system
Any monitoring will be undertaken in accordance with the about act and the Human Rights Act.
10. System Change Control
Changes to information systems, applications or networks shall be reviewed and approved by the Director
11. Intellectual Property Rights
The Company shall ensure that all information products are properly licensed and approved by the Director. Users shall not install software on the organisation’s property without permission from the Director. Users breaching this requirement may be subject to disciplinary action.
12. Business Continuity and Disaster Recovery Plans
The Company shall ensure that all business impact assessment, business continuity and disaster recovery plans are produced for all mission critical information, application, systems and networks.
What they say about us
Don’t take our word for it, let our customers and work speak for itself! Feel free to leave a review if we’ve provided you with a solution.