IT and Information Acceptable Use Policy

Similar documents
Keep Fit Equipment Usage Policy and Procedure

NO SMOKING POLICY. Organisational

Acutely Painful testes

Home Sleep Test (HST) Instructions

Alcohol & Drug Practice

Acceptable Use Policy - Phone

Translation and Interpretation Policy

Smoke Free Policy. Printed copies must not be considered the definitive version. Policy Group. Author Version no 3.0

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Pre-filled Patient Controlled Analgesia (PCA) syringes

Darwin Marine Supply Base HSEQ Quality Management Plan

CHILD AND ADULT CARE FOOD PROGRAM ADMINISTRATIVE REVIEW PROCEDURES

No Smoking Policy and Procedure

Health and Safety Policy Arrangements: Radiation Protection Guidelines

HRS Group UK Drug and Alcohol Policy

SMOKING POLICY. Version Control Version No: 3 Implementation Date March 2006 Last Review Date March 2006 Next Formal Review Date May 2010

Medical gap arrangements - practitioner application

No Smoking Policy. No Smoking Policy Page: Page 1 of 13. Author: Strategic HR Manager Version: 1.3. Date of Approval: 7 October 2015 Status: Final

Human Resources SHELL IN CANADA ALCOHOL AND DRUG POLICY

Smoke Free Policy. Version 2.0

NO SMOKING POLICY POLICY IMPLEMENTATION CHECKLIST

Smoking at Work (Police Officers and Authority/Police Staff) Standard Operating Procedure

Supplier Code of Business Conduct

Trust Policy 218 Ionising Radiation Safety Policy

Women s Reproductive Health Services: Sample Policy and Procedure

No Smoking Policy. No Smoking Policy

SOS: Sheltered Outreach Service. Helping older people stay independent and at home

Policy ALCOHOL AND DRUG POLICY DOCUMENT NUMBER: PCC-CM-PI-00005

Appendix C. Aneurin Bevan Health Board. Smoke Free Environment Policy

MRC S RECOVERY COACH ACADEMY APPLICATION

416 DRUG AND ALCOHOL TESTING I. PURPOSE

Ionising Radiation Policy

CURRENT ISSUES WITH STUDENT BEHAVIOR

XOSERVE LIMITED SERVICES SCHEDULE FOR THE PROVISION OF NON-CODE USER PAYS SERVICES (REFERENCE NUMBER XNCUP(SS)06) DATED 20 INTRODUCTION

(City, State, Zip Code)

Smokefree Policy. January 2017

Guideline for the Management of patients with Regular Narrow-Complex Tachyarrhythmia

MICHIGAN OFFICE OF SERVICES TO THE AGING. Operating Standards For Service Programs

Template Standard Operating Procedure For: Handling of Midazolam and other controlled drugs in Dental Practices

MIAMI CHILDREN S HOSPITAL POLICY AND PROCEDURE

Code of Practice on HIV/AIDS and Other Life Threatening Illnesses for the Public Sector. Ministry of Labour

School Hearing Screening Policy

MS Society Safeguarding Adults Policy and Procedure (Scotland)

Standards of Conduct for Transmission Providers

Next Generation Systems: Impact on the Deaf Community. Focus Group with NTID Community

Workplace Alcohol and Drugs Policy. (Example Use Only)

MOREHOUSE SCHOOL OF MEDICINE HUMAN RESOURCES POLICY AND PROCEDURE MANUAL

JOB DESCRIPTION. Youth & Community Development Officer (Lothian) Supporting our Transgender Work. April 2018

Section 32: BIMM Institute Student Disciplinary Procedure

DRUG FREE WORKPLACE POLICY

This license is required for any businesses offering tobacco products for sale.

Workplace Drug and Alcohol Policy

Alcohol, Tobacco and Other Drugs Minimum Standard. April 2015

British American Tobacco Snus Marketing Standards

Mounds View Public Schools Ends and Goals Regulation

AUXILIARY AIDS PLAN FOR PERSONS WITH DISABILITIES AND LIMITED ENGLISH PROFICIENCY

Vermont Recovery Network

THE INSTITUTE OF INTERNAL AUDITORS INSTRUCTOR CODE OF CONDUCT & ETHICS

These Rules of Membership apply in respect of all Products purchased by a Member from Sigma (and any Program Partner) on or after 1 February 2017.

Procedure on How to Access Translation and Interpretation Services and Good Practice Guidelines. April 2015

2018/19 The Rock Youth Center Registration Packet. Instructions

CARIBX (UK) LIMITED. Environmental, Health and Safety Management System. Revision: 00 APRIL 2011

HUMA RESOURCES POLICY

Alcohol and Substance Policy

DELTA DENTAL PREMIER

PREJUDICE AWARENESS SUMMIT COMMUNITY FACILITATOR APPLICATION

28 th September Author Jeremy Gilbert Bariatric Nurse Specialist

POLICY ON SEXUAL HARASSMENT FOR STUDENTS CHARLESTON SOUTHERN UNIVERSITY

SOUTH WEST LONDON & ST GEORGE S MENTAL HEATH NHS TRUST SMOKE FREE POLICY

Volunteers Code Of Conduct

USE OF ALCOHOLIC BEVERAGES ON CAMPUS GUIDELINES

Control of Substances Hazardous to Health (COSHH) Regulations 2002

CDL Drivers Controlled Substance and Alcohol Policy

Dementia Care Pathway

AQ Group UN Global Compact Communication on Progress AQ Group AB

Patient Group Directions Policy

Human Research Participant Protection Program

Drugs & Alcohol Misuse Guidelines 2017

Day care and childminding: Guidance to the National Standards

Junior Volunteer Application

Trust Policy. Control of Smoking Policy (Patients and Visitors)

VACCINE REMINDER SERVICE A GUIDE FOR SURGERIES

INITIAL PRACTICE PERIOD FORMS

MC IRB Protocol No.:

DRUG TESTING FOR DISTRICT PERSONNEL REQUIRED TO HOLD A COMMERCIAL DRIVER S LICENSE

GDC Disclosure and Publication Policy

University of Ghana. Research Ethics Policy

Testing Railway Safety Critical Workers for Drugs and Alcohol

Privacy Notice Sign Language Interpreting Service

Drug and Alcohol Policy

COMPLETE DRUG AND ALCOHOL POLICY & Testing Policy

DISCLOSURE OF ALCOHOL AND SUBSTANCE/DRUG ABUSE RECORDS. This Policy describes permissible disclosures of Alcohol and Substance/Drug Abuse Records.

11. NATIONAL DAFNE CLINICAL AND RESEARCH DATABASE

Ethical Issues Surrounding Electronic Communications

Name of Event: Date of Event: Details of Event Organiser: [Name, Address, Contact number, ]

LOCAL EQUALITY ADVISORY FORUM (LEAF) A Staffordshire CCGs Equality & Inclusion Group. Terms of Reference

Procedure for the Investigation of Misconduct (Staff) Approved: Version 1.1 (February 2016) Summary

NATIONAL DENTAL INSPECTION PROGRAMME

Working well with Deaf people in Social Care

SPECIAL DISCLAIMER FOR INTERPRETING SERVICES INVOLVING CALLS TO EMERGENCY SERVICE PROVIDERS (911/E911), OR LEGAL, MEDICAL OR MENTAL HEALTH ISSUES

Transcription:

BMI IMpol04 Information Management IT and Information Acceptable Use Policy This is a controlled document and whilst this document may be printed, the electronic version posted on the intranet/shared drive is the controlled copy. BMI Restricted Page 1 of 10

Any printed copies of this document are not controlled and may therefore not be the most up to date. Document Control Index ref no BMI IMpol04 Type of document Policy Title This version 2.2 Standard Operating Procedure IT and Information Acceptable Use Policy Replaces 2.1 (BMI ISMSpol02 Part 1) Consultation Applies to Information Management Committee members All BMI Staff Guideline Approved by Information Management Committee Feb 2016 Issue date April 2016 Review date April 2019 Custodian Equality Impact Assessment Access Protective Classification Information Security Director Completed BMI Intranet Document Library BMI Restricted Version no Type of change Date Description 2.0 Scheduled review April 2013 Document review and updated for applicability re personal use and BMI branding applied. 2.1 Amendments April 2014 Updated Acceptable Use Policy references 2.2 Scheduled review Feb 2016 Document review. Clear desk reference included. Index changed to IMpol04 BMI Restricted Page 2 of 10

Equality Impact Assessment IT AND INFORMATION ACCEPTABLE USE POLICY IMPOL04 1. Does the policy/guidance affect one group less or more favourably than another on the basis of: Yes/ Comments Race Ethnic origins (including gypsies and travellers) Nationality Gender Culture Religion or belief Sexual orientation including lesbian, gay and bisexual people Age Disability-learning disabilities, physical disability, sensory impairment and mental health problems 2. Is there any evidence that some groups are affected differently? a If you have identified potential discrimination, are any exceptions valid, legal and/or justifiable? 3. Is the impact of the policy/guidance likely to be negative? a b c If yes can the impact be avoided? What alternatives are there to achieving the policy/guidance without the impact? Can we reduce the impact by taking different action? If you identify a potential discriminatory impact of this procedural document, please refer it to the Information Security Director, together with any suggestions as to the action required to avoid/reduce this impact. BMI Restricted Page 3 of 10

IT and Information Acceptable Use Policy Contents Page number Equality Impact Assessment 4 1.0 Introduction 5 2.0 Purpose 5 3.0 4.0 Scope Roles and responsibilities 5.0 Use of patient identifiable and personal information 6 6.0 Use of IT equipment and services 6 7.0 Use of BMI email services 7 8.0 Use of BMI internet services 7 9.0 Use of BMI fax machines 8 10.0 Use of BMI premises / Clear desk approach 8 11.0 Use of BMI stationery 8 12.0 Use of BMI telephony 8 13.0 14.0 15.0 16.0 Incident reporting Monitoring and compliance Violations Associated documentation 5 5 9 9 9 10 BMI Restricted Page 4 of 10

IT and Information Acceptable Use Policy 1.0 INTRODUCTION BMI recognises that information and the associated processes, systems and networks are valuable assets and that the management of data has important implications for individuals and the organisation. Through its Group Information Security Policy and its associated Security Standards, Processes and Guidelines, BMI seeks to facilitate the secure flow of information both within and outside of the organisation. 2.0 PURPOSE 3.0 SCOPE The purpose of this Policy, and supporting documents which form a document Series, is to identify the approved and appropriate use of BMI information and communication (IT) systems, business and patient information and of BMI premises. This Policy forms part of the overall framework for Information Security Management and supports the Group Information Security Policy. It permits appropriately authorised people to monitor the use of BMI IT assets and Communication services and describes the measures required to prevent the abuse of employee and patient privacy and provides guidance to staff who use this valuable information every day. Whilst the guidance given cover most common circumstances, BMI recognises the changing nature of technology and reserves the right to implement local or interim policy governing the appropriate use of its equipment, facilities and services. 4.0 ROLES AND RESPONSIBILITIES This policy applies to all staff, contractors, temporary employees, agents, business partners, consultants and suppliers granted permanent, occasional or temporary access to BMI Information systems and assets. The CIO and Information Security Director are responsible for providing guidance on specific procedures and rules relating to acceptable use of BMI IT systems and BMI information and on the need for specific equipment, software or other products and solutions to ensure an adequate level of protection is applied to all information assets. All BMI managers have a day-to-day responsibility to ensure their staff understand and comply with BMI Information Security Policies and associated procedures and guidelines. All individuals are charged with responsibility for complying with BMI Information Security Policies and for maintaining the security of their own logon/passwords and any BMI devices issued to them. Any data security compromise must be reported immediately to line management, local Information Security Coordinator (ISC) or the IT Service Desk - or if sensitive in nature directly to the Security Incident mailbox: securityincident@generalhealthcare.co.uk for attention by the Information Security Team. BMI Restricted Page 5 of 10

5.0 USE OF PATIENT IDENTIFIABLE AND PERSONAL INFORMATION BMI requires that in order to maintain a high degree of public confidence in the services provided to patients and to protect the rights and interests of both patients and employees regarding their personal data, proper safeguards must be put in place to govern the information sharing process. Guidance for information sharing and on complying with Data Protection and Caldicott requirements are available on the BMI Intranet in the BMI Data Protection Policy and should be read and adhered to by all staff - or from the Group Data Protection Officer and/or Group Caldicott Guardian. 6.0 USE OF IT EQUIPMENT AND SERVICES 6.1 Computer Hardware BMI provided IT hardware, including network infrastructure devices, Desktop PCs, Laptop Computers and mobile devices are supplied for the use of BMI employees, to be used for BMI business. Unauthorised modification to BMI hardware, including the removal or addition of hardware components is prohibited. Under no circumstances should non BMI computer equipment be plugged / patched into the BMI corporate network. The BMI IT Department must be fully involved throughout the procurement, installation, repair, relocation and disposal of BMI computers and software media. This is to ensure appropriate levels of support, standardisation, security and strategic fit are applied and all software license conditions and copyrights are observed. Further guidance on the secure placement and disposal of BMI Computer hardware is available in the BMI Computer Security Policy. 6.1.1 Mobile computing Staff provided with a BMI Laptop computer must read and adhere to the BMI Mobile Computing Policy - available on the BMI Intranet. 6.2 Cameras Images obtained using BMI supplied camera equipment (including still photography, video and CCTV) must only be used for BMI business operations. Any images taken for BMI purposes using cameras owned by staff should similarly be regarded as BMI information such images will be transferred to BMI storage equipment at the earliest opportunity and then deleted from non-bmi equipment. The use of video filming equipment within BMI premises is subject to prior approval by a Business Manager to ensure that any subsequent release of recorded images into the Public domain do not compromise internal physical security measures deployed to protect BMI facilities or infringe the privacy rights of individuals. 6.3 Software BMI provided software is installed on BMI hardware for the use of employees in the provision of BMI services. BMI Restricted Page 6 of 10

Staff are not permitted to download personally sourced software programs on BMI hardware. software downloads/installations (including shareware or free software) must be carried out by staff without the authorisation of the IT Department - and only then when a valid licence is procured. 6.3.1 Copying of Software Unauthorised copies of BMI owned software are not to be made, nor are licensed copies to be passed to unauthorised persons 6.3.2 Licensing BMI keep a record of all licensed software in use and undertake checks to ensure that the issue and use of licensed software is in accordance with the agreements entered into with the various software providers. 6.3.3 Personal use The personal use of BMI software or its installation on non-bmi equipment is not permitted unless specifically authorised by the IT Department. Any authorisation should be obtained in writing and the parameters of its use, including the period of authorised use, are to be documented and agreed. 6.4 Access Permissions and Restrictions In order to protect the security of both hardware and software installed on BMI equipment, all users must be registered by the IT Service Desk following receipt of a written request from the individual s line manager. The IT Service Desk will apply appropriate security restrictions to the user and will grant the user access to only those facilities that are requested by the individual s manager required to perform the role. Users must not attempt to either circumvent the security restrictions applied, nor must they attempt to gain access to data or application programs to which they have not been given access. Staff are required to read and adhere to the BMI IT User Access Control and Password Policy - available on the BMI Intranet. 7.0 USE OF BMI EMAIL SERVICES 7.1 All staff with BMI provided email accounts must read and adhere to the BMI Email Acceptable Use Policy and associated Guidelines - available on the BMI Intranet. 7.2 The BMI approved e-mail system (including BMI SecureIT for secure file transfers) is the only e-mail system permitted for use in conducting BMI business with the exception of NHS.net email system which can be used when there is a legitimate need to exchange NHS Patient identifiable data with other NHS.net users. 7.3 All email sent and received via the BMI email system remains the property of BMI. However, as a privilege and not a right, occasional and reasonable personal use is permitted providing this does not interfere with the performance of normal duties. 8.0 USE OF BMI INTERNET SERVICES 8.1 All staff with BMI provided internet connectivity must read and adhere to the BMI Internet Acceptable Use Policy and associated Guidelines - available on the BMI Intranet. BMI Restricted Page 7 of 10

8.2 Internet access facilities are primarily provided to BMI employees for work related activities. Employees may use BMI Internet facilities for non-bmi research or browsing provided that personal use does not impact work performance or impact the performance of others, and provided all other policies relating to usage and conduct are adhered to. The Internet Service can be monitored by BMI for inappropriate and excessive periods of usage. 9.0 USE OF BMI FAX MACHINES Fax machines should always be placed in secure locations, preferably within the boundaries of any area where information can be received and stored in a safe and secure manner. Employees are reminded of the need to carefully check the fax number being dialled and its correct entry prior to sending faxes. For guidance on the sending/receiving of secure fax communications refer to the BMI Secure Fax Guidelines - available on the BMI Intranet. 10.0 USE OF BMI PREMISES / CLEAR DESK APPROACH 10.1 BMI Premises are provided by the company for the housing of BMI equipment and for the provision of BMI services to its customers. Private use of BMI premises is not permitted without the express permission from BMI Senior Management. 10.2 Clear desks should be maintained to protect any BMI information collected or stored. BMI Confidential, Personal or Patient identifiable information must not be left unattended or in a position where it may be overlooked by unauthorised personnel. 10.3 If the work area is left unattended for any length of time, sensitive paperwork or storage media containing sensitive information must be put away to prevent others from reading, copying or removing it. 11.0 USE OF BMI STATIONERY BMI Stationery is not to be removed from its premises without express permission. Headed paper and official BMI stamps, markings or brandings are not to be used except for official correspondence and business communications. 12.0 USE OF BMI TELEPHONY The BMI Telephone system and company mobile phones are primarily provided for the support of BMI activities. Limited private use for accepting incoming calls and making limited private calls of an emergency nature are acceptable. Employees are advised to seek approval from their managers before making lengthy calls of a non-business nature. 12.1 Mobile Phones BMI mobile phones must not be used to call premium rate information services and competition lines. These numbers are extensively linked with fraudulent activity and extensive call charges. Employees must be aware that company mobile phone billing is subject to periodic auditing and analysis of usage, including premium rate numbers. BMI Restricted Page 8 of 10

BMI Mobile communication devices must not be used to defame, harass, intimidate, or threaten any other person(s), or to send unnecessarily repetitive messages whether via voicemail, SMS text or the forwarding of images. 12.2 Voice Mail Use BMI voice mail systems are provided as a business communication aid and should only be used for recording essential communications. These services must not be used to leave excessive personal information - refer to the BMI Communicating with Patients SOP available on the BMI intranet. 13.0 INCIDENT REPORTING Incidents should be reported either to line management, the Site Information Security Coordinator or in confidence to the BMI Information Security Team. All security incidents reported will be recorded within the BMI incident reporting system for trend analysis purposes and responded to in a suitable manner according to their severity and scope. 14.0 MONITORING and COMPLIANCE Local internal Information Security audit schedules are a continual monitoring process and reports are circulated to Heads of Department and agreed action plans implemented. The BMI Internal Audit function reports to the Audit Committee on BMI Group-wide Information Security status. Individual site reports are circulated to Executive Directors and agreed action plans implemented. BMI is ISO27001:2013 certified and independent external surveillance audits are scheduled every 6 months across the Group to ensure ongoing compliance. 15.0 VIOLATIONS Any and all breaches of this Information Security Policy may be subject to formal security investigation. Failure to comply with this Policy may result in disciplinary action being taken against individuals under the BMI Disciplinary Process, including termination of employment, legal action and referral to law enforcement authorities if warranted. BMI Restricted Page 9 of 10

16.0 ASSOCIATED DOCUMENTATION Policy Name & Ref Content Applicable to Group Information Security Policy BMI IT and Information Acceptable Use Policy BMI E-mail Acceptable Use Policy BMI Internet Acceptable Use Policy BMI User IT Access Control and Password Policy BMI Secure Fax Guidelines Security Direction, expectations, objectives, compliance and responsibilities BMI equipment and services acceptable use policy E-mail acceptable use policy and supporting guidelines Internet Acceptable Use Policy and supporting guidelines Acceptable use of access rights and password rules Guidelines on the safe use of fax and safe haven location of fax machines All Staff All Staff All IT Users All IT Users All IT Users All Staff BMI Computer Security Policy BMI Mobile Computing Policy BMI Information Classification and Protective Marking Policy BMI Information Security Awareness Guide BMI Removable Electronic Media Policy BMI Data Protection Policy (incorporating Caldicott Principles) Safe placement, use, movement and disposal of PC Equipment Policy relating to secure use of mobile computing equipment and devices (incorporating Mobile Phone and Laptop User Guide) Classification, protective marking, proper handling and protection of information guidelines General awareness of BMI Information Security Policy Controls and restrictions for use of removable media BMI Data Protection requirements (and Caldicott Principles) All IT Users All laptop users and staff working away from BMI premises All staff All Staff All IT Users All Staff BMI Restricted Page 10 of 10

2024 © healthdocbox.com Privacy Policy | Terms of Service | Feedback