Information Management Strategy.pdf - Lincolnshire Police

More documents

Recommendations

Info

NOT PROTECTIVELY MARKEDrisks that are incurred outside the scope of their particular programme or project. WithinLincolnshire this would normally be the project manager for that specific project.6.7 Accreditora) The role of the Accreditor is to act as an impartial assessor of the risks that an informationsystem may be exposed to in the course of meeting the business requirement and toformally accredit that system on behalf of the SIRO. The Accreditor is also responsible forthe following:i) The Accreditor will need to advise and guide the project or programme team and will playa central role in any committees, panels and groups that are set up to support theaccreditation process.ii)An understanding of ICT related technology is useful but the role should not require adeep technical knowledge, more important is an ability to consider information riskmanagement in the round to ensure the physical, personal, procedural and technicalcontrols are balanced. It is important therefore, that the accreditor has access to peoplewho have a professional technical understanding of the technologies involved, to supportthe accreditation process.iii)To support this requirement, funding should be identified at the outset for any specialisttechnical advice and services such as Technical and IA Consultants, IT Health Checksand assurance services.iv) Accreditors are accountable for their decisions and actions in their role as IA riskassessors and risk managers. They can be called to account for their business actions ina legal proceeding but are not liable in law. This standard supports the need foraccountability in the business process and the traceability of risk management decisions.6.8 Information Technology Security Officer (ITSO)a) The Information Technology Security Officer (ITSO) is responsible for the security ofinformation in electronic form, including:NOT PROTECTIVELY MARKED 40
NOT PROTECTIVELY MARKEDi) Developing, implementing and maintaining IT security policy and procedures inaccordance with HMG policy and standard;ii) Developing and promulgating IT security awareness within the organisation;iii) Representing IT security on internal and interdepartmental security committees;iv) Providing advice and information on IT security matters to the ISO and SIRO and otherstakeholders;v)Supporting and advising on the accreditation process;vi) In conjunction with our strategic partner (G4S) ensure that suitable IT securityobligations and onward management is reflected in IT service contracts;vii) Providing a central point of contact on all IT security related issues, both internally andintra-departmentally;viii) Managing IT security investigations and reporting of IT security incidents toGovCERTUK, Cabinet Office and/or Information Commissioner;ix)Advising Accreditors, our strategic partner (G4S) and other appropriate stakeholders onany perceived changes in threat, security loopholes, infringements and vulnerabilities thatmay come to light;x) Preparing security reports and conducting security surveys required by the Accreditor orSIRO;xi) Approving any third party connections.6.9 Communications Security Officer (ComSO)a) If a Department handles cryptographic material, it must have a designatedCommunications Security Officer (ComSO). The ComSO is responsible for:i)Ensuring the Department‟s compliance with HMG minimum Comsec and Cryptographyrequirements (including this Standard), including ensuring the Department‟s compliance isaudited annually to support the production of the annual report to the Head ofDepartment/Management board on compliance with security policy;ii)Developing, implementing and maintaining organisational communications andcryptographic security policy and procedures in accordance with HMG policy andstandards;NOT PROTECTIVELY MARKED 41
Page 1 and 2: NOT PROTECTIVELY MARKEDLincolnshire
Page 3 and 4: NOT PROTECTIVELY MARKED2. Informati
Page 7 and 8: NOT PROTECTIVELY MARKEDPreventing t
Page 9 and 10: NOT PROTECTIVELY MARKED3. Strategic
Page 11 and 12: NOT PROTECTIVELY MARKED Review, ret
Page 13 and 14: NOT PROTECTIVELY MARKED6.2 This str
Page 15 and 16: NOT PROTECTIVELY MARKED7.4.3 Full d
Page 17 and 18: NOT PROTECTIVELY MARKED8. Responsib
Page 21 and 22: NOT PROTECTIVELY MARKEDHead Crime-
Page 23 and 24: NOT PROTECTIVELY MARKEDG4S Customer
Page 25 and 26: NOT PROTECTIVELY MARKED5.1.1 Lincol
Page 27 and 28: NOT PROTECTIVELY MARKEDDecision as
Page 29 and 30: NOT PROTECTIVELY MARKED5.3.5 The fo
Page 31 and 32: NOT PROTECTIVELY MARKEDdepartment t
Page 33 and 34: NOT PROTECTIVELY MARKED6.1.1 The fo
Page 35 and 36: NOT PROTECTIVELY MARKEDi) Informati
Page 37 and 38: NOT PROTECTIVELY MARKEDviii) Compli
Page 39: NOT PROTECTIVELY MARKEDiv)Understan
Page 43 and 44: NOT PROTECTIVELY MARKEDData Protect
Page 45 and 46: NOT PROTECTIVELY MARKEDii)iii)Docum
Page 47 and 48: NOT PROTECTIVELY MARKEDix) Maintain
Page 49 and 50: NOT PROTECTIVELY MARKEDix) Co-ordin
Page 51 and 52: NOT PROTECTIVELY MARKEDii) To provi
Page 53 and 54: NOT PROTECTIVELY MARKEDvi) Liaising
Page 55 and 56: NOT PROTECTIVELY MARKEDAppendix ABU
Page 57 and 58: NOT PROTECTIVELY MARKED ACPO Guidan
Page 59 and 60: NOT PROTECTIVELY MARKEDInformation
Page 61 and 62: NOT PROTECTIVELY MARKEDOwner of pol
Page 63 and 64: NOT PROTECTIVELY MARKEDPolicy numbe
Page 65 and 66: NOT PROTECTIVELY MARKED13. Privacy
Page 67 and 68: NOT PROTECTIVELY MARKEDLinkage with

Information Management Strategy.pdf - Lincolnshire Police

Create successful ePaper yourself

Delete template?

Save as template?