Records are held in accordance with information security compliance requirements.
There must be evidence of robust policies and procedures in place in order to protect our information and information systems from unauthorised access, use, disclosure, disruption, modification or destruction.
Our Information Security Policy and Acceptable Use Policy have been approved by the Corporate Management team. All staff are required to comply with these polices which are supported by a framework of comprehensive policies, codes of practice and guidance documents.
Improvement actions and review
We're currently introducing a new Information Asset Register system, which will enable the linking of security classifications with its business classification scheme. Policy and related document reviews and assessments are instigated by the Information Security and Digital Risk Officer.
Information Security and Digital Risk Officer