Technical and physical security measures
The council protects the privacy and security of the data that we control and use. This protection includes:
- baseline security recruitment checks;
- controlled access to buildings;
- restricted and controlled access to the council’s ICT network;
- automatic locking of PCs when not in use;
- virus protection and firewalls;
- secure email;
- patching and updating of systems to maintain the security and integrity of the council network.
Organisational measures
To support the physical and technical measures we have a range of controls that helps us secure your personal data, including:
- A Data and Intelligence Strategy, available on the Data protection policies page;
- A suite of data protection, information security and management policies;
- An Information Board that oversees information management activity;
- A Senior Information Risk Owner (SIRO); a Director with accountability for information security;
- Caldicott Guardians;
- Online training for staff where completion is monitored and recorded electronically;
- A clear procedure for reporting and dealing with suspected breaches of data protection;
- An approach that is accredited by the NHS Data Security and Protection Toolkit;
- Internal Audit; and
- Robust procurement security assessments and contractual clauses.
