Oiii
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Oiii

on

  • 389 views

 

Statistics

Views

Total Views
389
Views on SlideShare
389
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft Word

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Oiii Document Transcript

  • 1. Information Security Internet Usage Policy IT-0006 Version: Draft Version 1 Job Title of Responsible Manager: Information Governance Manager Job Title of Executive Sponsor: Medical Director (Caldicott Guardian) Ward / Department: All areas Replacing Document: IMT Security Policy, Internet Usage Section Approving Committee / Group: Governance Committee Date Approved: 18th March 2008 Date for Review: March 2011 Relevant Standard(s): SfBH C13c -1-
  • 2. IT-0006 Internet Usage Policy Table of Contents 1.INTRODUCTION.................................................................................................................4 2.PURPOSE...........................................................................................................................4 3.AUDIENCE.........................................................................................................................4 4.RESPONSIBILITIES / DUTIES..........................................................................................4 4.1 Director of Finance.......................................................................................................................................................4 4.2 Associate Director of Performance & Information...................................................................................................4 4.3 Associate Director of IT – IT Shared Service............................................................................................................4 4.4 Assistant Director of IT, Operations – IT Shared Service.......................................................................................4 4.5 Information Governance Manager............................................................................................................................4 4.6 Line Managers.............................................................................................................................................................4 4.7 All staff .........................................................................................................................................................................5 5.INFORMATION SECURITY...............................................................................................6 5.1 Policy..............................................................................................................................................................................6 5.2 Inappropriate Material................................................................................................................................................7 5.2 Supporting Guidelines..................................................................................................................................................7 5.3 Further Information.....................................................................................................................................................7 6.MONITORING COMPLIANCE AND EFFECTIVENESS....................................................7 7.AUTHOR(S)........................................................................................................................8 8.CONTRIBUTORS...............................................................................................................8 9.EQUALITY IMPACT ASSESSMENT TOOL......................................................................8 10.REFERENCES..................................................................................................................8 11.APPENDICES...................................................................................................................8 MONITORING COMPLIANCE WITH AND EFFECTIVENESS OF PROCEDURAL DOCUMENTS FORM............................................................................................................9 Page 2 of 13
  • 3. IT-0006 Internet Usage Policy DISSEMINATING PROCEDURAL DOCUMENT FORM....................................................11 APPROVING PROCEDURAL DOCUMENTS CHECKLIST...............................................13 Page 3 of 13
  • 4. IT-0006 Internet Usage Policy 1. Introduction This internet policy sets out the Trust’s position on the approved use of the internet and is to be read in conjunction with the Information Security Policy. 2. Purpose This policy has the following objectives: • To provide clear information on what constitutes unacceptable practice 3. Audience This policy applies to all internet users. 4. Responsibilities / Duties 4.1 Director of Finance The Director of Finance is the Director at board level, with whom oversight of arrangements for internet usage lies. 4.2 Associate Director of Performance & Information The Associate Director of Performance & Information is the IM&T lead for the Trust. 4.3 Associate Director of IT – IT Shared Service The Associate Director of IT is the lead Director for the IT Shared Service (ITSS) with whom the Trust is a stakeholder organisation. The ITSS is responsible for providing the following: • network infrastructure, hardware and software required to access the internet • firewall solutions to prevent unauthorised access to the Trust systems • internet filtering software to prevent inappropriate material being accessed • monitoring software to enable continuous review of internet usage within the Trust 4.4 Assistant Director of IT, Operations – IT Shared Service The Assistant Director of IT, Operations is responsible for advising on technical matters in relation to internet usage and for implementing the technical infrastructure to provide secure internet access. 4.5 Information Governance Manager The Trust's Information Governance Manager is responsible for documenting and communicating information on safe use of the internet. 4.6 Line Managers On a day-to-day basis line managers are responsible for enforcing the application of the internet usage policy amongst their subordinates. Page 4 of 13
  • 5. IT-0006 Internet Usage Policy 4.7 All staff All staff have a duty to comply with this policy. Failure to do so may result in disciplinary action. Page 5 of 13
  • 6. IT-0006 Internet Usage Policy 5. Information Security 5.1 Policy The following must be observed when using internet facilities within the Trust: • Internet access is provided primarily to support Trust operations. However, the Trust recognises that staff may need to or wish to have personal access to the Internet from their workplace. Personal access should be restricted to PCs which are in non public areas and should take place in the employee's personal time, i.e. during an authorised break. Internet resources must not be used for personal gain or to support the operation of your own business. • Internet access will only be provided within the Trust through the managed link available using the Trust’s computer network. Where this is not possible due to the limitations of the Trust’s computer network, an Internet link must still be approved by the user’s Executive or Clinical Director. • Any PC or computer terminal that can be linked either directly or via a dial up facility to a non Trust computer system or computer network cannot under any situation be connected to the Trust’s computer network. • Before Internet access via the Trust network is granted, this must be authorised by the user’s Executive or Clinical Director. Each Internet user will have their own user identifier and password. • The Trust reserves the right to inspect any and all files stored in any location linked to the Trust’s network in order to assure compliance with this policy. • Details of Internet use via the Trust’s network, will be monitored by the IM&T Department. This will include a computerised log of all web sites visited by each user and production of Internet usage reports. • Inappropriate material must not be displayed, archived, stored, distributed, edited or recorded using the Trust’s network or computing resources. Such an act will be treated as gross misconduct. (the term “Inappropriate Material” is defined in section 5.2) • Use of the Trust’s resources for illegal activity will be grounds for immediate dismissal, and the Trust will co-operate with any legitimate law enforcement activity. Examples of such activity could include use of pornographic material, fraudulent financial actions, theft, sabotage and the inappropriate damaging disclosure of personal information. • No member of staff will use Trust facilities knowingly to download or distribute pirated software or other copyrighted material. • Members of staff with Internet access may download only software with direct business use, and must arrange to have such software properly licensed and registered. Such software must be used only under the terms of its licence. • Members of staff with Internet access may not use Trust facilities to download entertainment software or games, or to play games against opponents over the Internet. Page 6 of 13
  • 7. IT-0006 Internet Usage Policy • No member of staff may use the Trust’s Internet facilities to disable or overload any computer system or network, or to circumvent any system intended to protect the privacy or security of another user. • No member of staff will use Trust facilities knowingly to propagate any virus, worm, “Trojan horse”, or “trap-door” program code. • Any suspected abuse of the Internet facility will be reported to the users authorising Executive or Clinical Director and to the Caldicott Guardian and Director of IT. • Depending on the exact nature of the breach, disciplinary action may be taken against the individual, according to the Trust’s Disciplinary Policy. 5.2 Inappropriate Material Inappropriate material is defined as: • Images or text of a pornographic nature, containing pornographic content • Images or text of a racist nature, containing racist content • Images or text of a sexist nature, containing sexist content • Images or text depicting physical or mental abuse • Images or text supporting or intended to provoke civil conflict • Images or text supporting or intended to provoke terrorism 5.2 Supporting Guidelines A separate document containing guidelines around Internet Usage supporting this policy has been produced. It has Governance Document Reference IT-0007. 5.3 Further Information Further information and advice on this policy can be obtained from: Information Governance Manager South Warwickshire General Hospitals NHS Trust Lakin Road Warwick CV34 5BW 6. Monitoring Compliance and Effectiveness Please see the Monitoring Compliance with and Effectiveness of Procedural Documents Form. Page 7 of 13
  • 8. IT-0006 Internet Usage Policy 7. Author(s) Duncan Robinson Associate Director of IT ITSS 8. Contributors Marie Matthews Information Governance Manager Phil Johns Assistant Director of IT Tom Sneddon Programme Manager 9. Equality Impact Assessment Tool Please see Procedural Document (including Policies) Policy on how to complete this table. Is an Equality Impact assessment required? NO Preliminary Stage 1 Equality Impact Assessment (must be completed if required*) What date was Stage 1 completed and published? N/A Has a Full Assessment Stage 2 Equality Impact N/A Assessment Tool been undertaken*? If yes, what was the date of assessment and publication N/A of Stage 2 and action plan? * See guidance notes on intranet 10. References Other Trust policies which may overlap with Security Policy • Information Security Policy (IT-0003) • Email Usage Policy (IT-0004) • Code of Conduct and Expectations (HR/001) 11. Appendices There are no appendices to this policy. Page 8 of 13
  • 9. IT-0006 Internet Usage Policy Monitoring Compliance with and Effectiveness of Procedural Documents Form Complete this form and attach it to the procedural document for ratified by the appropriate committee / group. Title of Procedural Document Internet Usage Policy Date 07/03/2008 Standards for Better Health (SfBH) SfBH C13c relating to this document (if any) NHSLA Standard related to this document (if any) Does the document fulfil the YES NO criterion of NHSLA and SfBH (please circle as appropriate) If not, why not: 1. How will the document Other, please be monitored? Audit Revie specify; (please circle as appropriate) KPI _______________ Methodology: • Internal auditors CW Audit undertake an annual IT Audit against controls including IT and Information Security • Review of related technology advances/amendments against this policy • Introduction of new technology/information systems will require policy review • Internal IT Shared Service (ITSS) controls 2. What is the process for reviewing results of Via the Governance Lead reporting into the Corporate monitoring? Affairs Committee 3. Who is responsible for conducting the Individual Group / monitoring? Name / Title (also include position of individuals): (please circle as appropriate) CW Audit reporting to the Trust Audit Committee Trust IT Programme Board Internal ITSS Policy Group Page 9 of 13
  • 10. Yearly IT-0006 Internet Usage Policy 4. How often will the Other, please document be Monthly 6 Monthly specify; monitored? _______________ (please circle as appropriate) Comments: Page 10 of 13
  • 11. IT-0006 Internet Usage Policy Disseminating Procedural Document Form Plan for Dissemination of Procedural Documents Complete this section of the form and attach it to the procedural document before submitting to the appropriate committee for consideration and approval. Use one form for each procedural document. Title of Document Internet Usage Policy Date finalised 07/03/08 Review Committee Governance Committee Dissemination lead Duncan Robinson, Associate Director of IT, ITSS (Print name and contact details) Duncan.Robinson@swh.nhs.uk or 01926-495321 x8058 Previous Document Yes already being used? If, yes in what format Internet Usage section of existing IM&T Security Policy electronic document (PDF) on the IT Department site within the Intranet Portal (available to both Acute Trust and where? and PCT) What action will be used Communication to all staff following the ratification and publication of the to retrieve out-of-date new policy, instructing them to destroy any previous copies. copies of the document: Dissemination Process Receiver (area / Format Process Responsible Timeline (paper or electronic) ward / unit) Trust Publication on Intranet Associate Director of 31/03/08 Electronic IT, ITSS Head of Governance ________________________________________________________________________________________________ Record of Dissemination of Procedural Documents Complete this section of the form once the procedural document has been approved by the appropriate committee. Date of approval of the document Date of review of the document Receiver Contact Number of Date (area / ward / (area / ward / Comments copies sent complete unit) unit) Page 11 of 13
  • 12. IT-0006 Internet Usage Policy Page 12 of 13
  • 13. IT-0006 Internet Usage Policy Approving Procedural Documents Checklist Complete this checklist and attach it to the procedural document for ratified by the appropriate committee / group. Title of Procedural Document Internet Usage Policy Author Duncan Robinson Ratifying Committee / Group Trust Board Date of Submission 07/03/08 Item Complete (YES / NO) 1 Has the Procedural Documents Policy and its associated documents YES been consulted during the development of this document? 2 Has the appropriate template been used? YES Has the South Warwickshire General Hospital NHS Trust Style Guide YES been used to develop this document? 3 Have the appropriate committees / groups / individuals been consulted YES as to the appropriateness of the content of this document? 3a Please list these committees / groups / individuals: • IT Shared Service • Governance Team 4 Has the Plan for Dissemination of a Procedural Documents form been YES completed and attached? 5 Has a Equality Impact Assessment been undertaken? NO 6 Has the procedural document been attached? YES 7 Has the Monitoring Compliance with and Effectiveness of Procedural YES Documents Form been attached? Author (sign off) I declare that the information above is a true and accurate record Name Position Signature Duncan Robinson Associate Director of IT IT Shared Service Appropriate Manager for Subject (sign off) I declare that I have overseen that development of this procedural document and believe all appropriate matters have been addressed Name Position Signature Duncan Robinson Associate Director of IT IT Shared Service Page 13 of 13