Information management and security policies

Some of the links below and links within the policies go to information on Staffnet. If you cannot access StaffnetOpens new window you will need to request a copy of the document from Information Management.

Key policies

• Data Protection Policy
• Freedom of Information Policy
• Information Security Policy
• Information & Data Management Strategy: 2019-2024
• Information Management Principles
• Criminal Convictions Data Policy
• Special Category Data Policy
• Information Governance Framework

Acceptable Use policies

• Blackberry Work (Formerly Good Work) Acceptable Use Policies (Staffnet - ICT)
• ICT Equipment Policy
• Internet and Digital Communications Policy
• Cisco Jabber Acceptable Use Policy
• Procedure for Securing and Investigating the Content of ICT Equipment
• Microsoft Teams Acceptable Use Policy

Information Rights

• Information Rights Policy

Access to personal information

• Access to Deceased Person's Records Policy
  
• Disclosure of Service User Personal Information to Third Parties
• What's in my social care records?
• Adults Social Care information leaflet
• Childrens and Families Social Care information leaflet

Breach Reporting

•  The Information Security Management Policy

Complaints

• Information Compliance Complaints procedure
• Vexatious Requests Policy

Information Sharing

• Information sharing

Managing your records 

• Digital continuity policy
• Information and records management policy
• Scanning policy 
• Warning Flags Policy
• Records Retention and Disposal Schedule
• Data Quality Standards

Online communications

• Social media policy for business and personal use

Secure Working

• Software Management Policy V1 4 December 2016
• Information IT Access Policy
• CCTV Policy
• Information Protection and Handling Standards
• Clear Office Policy
• ID Card and Building Security Policy
• GCC Password Policy
• Cyber and Information Management (Procurement) Policy
• Information Security and Handling Standards for Contractors Policy, formerly Information Security and Handling (Supplier Requirements) Policy
• Communicating via non-GCC methods in an emergency
• Remote Working Policy (Information Management and Security)
• Testing with Personal Data Standards