#
This section covers who the policy applies too, in this case it is all staff and selected college partners that have access to College information.
It also covers the sources of which this policy covers, which are Electronic and Physical sources. Electronic covers; e-mail, Word documents, audio recording, student record information, financial information, etc.
Physical covers; physical printed letters, handwritten notes, learning agreement forms etc.
#
This section states the objectives of the security policy. These are the main goals of this policy, stating what the security policy includes and is planned to achieve.
#
This …show more content…
#
This explains how the different types and volume of information relate to how staff are expected to handle the information. And that all staff who have access to use the information should be shared.
It also states the two types of information which define a risk; Personal information, and Business sensitive information.
#
This states that the college recognises several information assets categories of the college which are important to the running of the business.
#
This section states how all information captured must be securely stored and protected. It details how the data must be protected in a layered approach.
#
This states that there is an Asset register, of which each information asset has its own Information Asset Owner assigned.
The Records of the asset include any associated risks to its integrity or security, including the current risk rating and control measure in place to keep the asset …show more content…
It details how all staff have a responsibility to keep the information secure. Including how they must share information physically, electronically and during third party access.
#
This states how long information is held by the college for, and how it is disposed of. The Information Asset owners define these factors.
#
This section of the policy shows how a professional culture and a positive attitude toward managing the information assets is critical to the policy.
It includes which staff are required to undertake information Governance training. And which staff will receive additional training.
Also the policy states that breaches of information security could result in disciplinary action. Of which will depend on the nature of the breach.
#
This section details how incident reporting and recovery should be dealt, including the procedure for several scenarios.
#
This sections states how the college should review how the college is performing, including the procedure for this. It also states which staff should report to which staff, and what information should be