The purpose of the IT and Data Protection Policy is to ensure the effective protection and proper usage of the computer systems and software. The IT and Data Protection Policy will assist in maintaining systems at operational level. Contraventions of the IT and Data Protection Policy could seriously disrupt the operation of Standing Start Solutions and any breaches will be treated accordingly.
Network
Network management, administration and maintenance within Standing Start Solutions is the responsibility of the director.
Hardware (PCs, Laptops, Notebooks, Printers,)
The security and safekeeping of portable and other equipment used out of the office is the responsibility of the personnel using it. All portable computer equipment for use outside of the office is to be password protected in order to protect files and data.
Software & Software Applications
The purchase, installation, configuration and support of all software and software applications used within Standing Start Solutions is the responsibility of the director.
Data/ Electronic Information
The director is responsible for ensuring compliance with Data Protection legislation regarding data processed, including implementing procedures for subject access requests.
Anti-Virus Protection
The director is responsible for the implementation of an effective anti-virus system and its maintenance.
Passwords
The director is to ensure pass wording is part of the security strategy of Standing Start Solutions IT system.
Internet
Access to the Internet is provided for business purposes only. Personnel
should not make inappropriate use of their access to the Internet. They must
not use Standing Start Solutions systems to access pornographic, illegal or
other improper material. Personnel
should not log in to social media accounts Internet sites unless for the
exclusive purpose of work duties.
Contravention of the IT Policy
Personnel should be aware of their responsibilities under the Data Protection Act, the General Data Protection Regulation, Computer Misuse Act1 and the Copyright Design and Patents Act. The director will provide guidance where required.
Contravention of the Standing Start Solutions IT Policy or any act of deliberate sabotage to computer systems may lead to the termination of the agreement between Standing Start Solutions and personnel.
1 Computer Users shall not, by any wilful or deliberate act, jeopardize the integrity of the computing equipment, its systems programs or any other stored information to which they have access. Under the Terms of the Computer Misuse Act (1990), unauthorized access to a computer (sometimes called “hacking”) or other unauthorized modification to the contents of a computer (such as the deliberate introduction of viruses) are criminal offences punishable by unlimited fines and up to 5 years imprisonment
Data Protection
See larger policy procedure.
The company needs to gather and use certain information about individuals. This can include participants, personnel, suppliers, business contacts, and other people the company has a relationship with or may need to contact. To ensure that the company remains in compliance of the Data Protection Act 2018, and the General Data Protection Regulation 2018, it will ensure that it adheres to the following data protection principles;
All gathered and stored data will be;
- used fairly and lawfully – data is only to be collected and processed if there is a lawful basis to do so (defined by the ICO GDPR)
- used for limited, specifically stated purposes
- used in a way that is adequate, relevant and not excessive
- accurate
- kept for no longer than is necessary
- handled according to people’s data protection rights
- kept safe and secure
- not transferred outside the European Economic Area without adequate protection
Standing Start Solutions keeps a procedure in place to deal with personal Data requests.
