Return to the Client Area
Terminology
- The Business: The Agency, or any of its other brand names.
- Employee or member of staff: someone employed to work for the Business, whether as a fully employed person or as a contractor.
1. Introduction
InfoSec is necessary to protect sensitive information and sensitive information systems from unauthorised access. Such as sensitive information use, disclosure, disruption, modification, or destruction.
The InfoSec function is also to provide confidentiality, integrity, and availability of sensitive information to those with authorised access.
2. Purpose
The process of protecting sensitive information assets of any format. It also applies to data in transit, processing or at rest in storage. This policy outlines the Business’ processes.
3. Audience
All The Agency employees and clients that connect to any of our server systems. For example to use their email accounts.
4. Data Classification
See ‘Data Classification & Access Policy’.
5. Access Control
See ‘Data Classification & Access Policy’.
6. Other Security, Access and Backup Measures
- See ‘Information Security Policy’.
- See ‘Operating System & Browser Policy’.
- See ‘Secure Password Policy’.
- See ‘Service Level Agreement (SLA)’.
- See ‘Mandatory Secure Erasure and Destruction Controls Policy’.
- See ‘Change Management Policy’.
- See ‘Employment Policies‘.
If you are unable to access any of the above policies owing to password protected pages, please open a support request to gain access.
7. Training
All Agency employees will take the online training course available here https://www.ncsc.gov.uk/blog-post/ncsc-cyber-security-training-for-staff-now-available
The training must take place both during their induction, and every 12 months thereafter. Training scores will be recorded in their file.
8. Documents
This document must be read in conjunction with, and forms part of the complete The Agency’s policies and agreements:
- Your Project Proposal
- Your Client Agreement
- Our Terms & Conditions
- Our Operating System & Browser Policy
- This Secure Password Policy
- Our Information Security Policy
- Our Service Level Agreement
- Our UK GDPR Policy
This document was last updated in May 2022