Modernising Trust Ports 2nd Edition.pdf - SailingNetworks
12.07.2015 Views
Share Embed Flag

Modernising Trust Ports 2nd Edition.pdf - SailingNetworks

Modernising Trust Ports 2nd Edition.pdf - SailingNetworks

Modernising Trust Ports 2nd Edition.pdf - SailingNetworks

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
sailingnetworks.com

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

2. REPORTING AND COMPLIANCE.5 Data Handling.5.1 Recent high profile data losses within Government have led to a review ofdata handling activities and recommendations on data handling procedures.<strong>Trust</strong> port boards are strongly encouraged to review their own procedures andshould aim at achieving the following four measures:• Achieving better data handling through core measures to protect informationand making that transparent to others;• Fostering a culture that values personal and other data;• Strengthening accountability by addressing risks to your information, includingpersonal data and keeping the issue high on the agenda for seniormanagement• Strengthening scrutiny of performance and ensuring any lessons are learnedand shared..5.2 Actions that can be considered in implementing these measures could include:• Appointing Information Asset Owners for those data assets under the board’scontrol and setting them clear objectives;• Identifying what information is held and what falls into the personal category;• Implementing measures to prevent unauthorised access to informationincluding holding it in secure systems or premises, or, where that isimpossible, providing secure remote access or encryption;• Wherever possible avoiding the use of removable media and where this isimpossible use should be strictly controlled and additional protectionmeasures used, such as encryption;• Implementing systems to ensure the disposal of information and storagemedia in a secure and controlled manner;• Setting out and recording all arrangements and decisions regarding datahandling in writing, including an information risk assessment.• Completing the roll-out of protective measures through the trust port’s deliverychains (suppliers, contractors, data sharing partners) where a port canmandate the use of particular measures, and putting plans in place toencourage the use of protective measures where a port cannot mandate theiruse• Completing initial changes to your HR policies to put in place procedures toreward good practice and penalise poor performance in data handling andhave in place and commence cultural change plans.• Considering the need to formalise your information risk policy and publish aninformation charter.• Obtaining accreditation for new systems containing protected personal data.• Inserting standard Office of Government Commerce framework contractclauses in new contracts.22

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!