INFORMATION SECURITY POLICY
The Information Security Policy applies to all employees and sub-contractors of ‘Tracy Barlow’.
Information is a vital asset to any organisation and this is especially so in a knowledge-driven organisation such as ‘Tracy Barlow’, where information will relate to learning and teaching, administration and management. This policy is concerned with the management and security of ‘Tracy Barlow’ information assets (an information asset is defined to be an item or body of information, an information storage system or an information processing system which is of value to ‘Tracy Barlow’) and the use made of these assets by its clients and others who may legitimately process information on behalf of ‘Tracy Barlow’.
Information Security covers the protection of all forms of information to ensure its confidentiality, integrity and availability (and includes, but is not limited to: information stored on computers, transmitted across networks, printed or written on paper, spoken directly or over a voice network).
This policy applies to all areas of ‘Tracy Barlow’ business and the people and organisations involved in it, whether on ‘Tracy Barlow’ property or not. This policy covers information and systems under central control, and those controlled by individual users.
‘Tracy Barlow’ depends upon the free and open flow of information, which in turn affects its success as a business partner to organisations across the UK. The objective of this policy is to protect ‘Tracy Barlow’ by preventing and limiting the impact of information security problems that might damage ‘Tracy Barlow’ operation, reputation or business.
The policy recognises the concepts of individual freedom, and will aim to ensure that ‘Tracy Barlow’: employs appropriate security measures; adopts a suitable methodology for guiding the approach to managing security; and complies with all legal and contractual requirements.
Tracy Barlow, owner has overall responsibility for all matters of information security. Specific responsibilities will in practice be delegated where appropriate.
All users of information systems, whether central or individual are responsible for their security. All users must comply with statutory regulations and procedures regarding information security.
‘Tracy Barlow’, its information and/or its information systems, may be damaged by deliberate malicious attack (e.g. break-in, hacking etc); random automated attacks (viruses, probes etc); accidental damage (e.g. accidental deletion or disposal of information etc) or the theft of equipment or information. ‘Tracy Barlow’ will ensure that all information systems are adequately protected and that appropriate physical security is in place. All users must be aware of the dangers and follow the published rules and guidelines.
With the exception of access to information intended for the general public (e.g. free online learning), use of information systems will be restricted to registered users.
Security Incident Response
‘Tracy Barlow’ will investigate all security incidents and take action in accordance with this policy; other related documents and possible actions will be published where appropriate.
The policy review date is February 2020.