Information security acceptable usage

Best practice

Please follow these best practice tips to keep our information secure.

Information security incidents

Information security incident includes information or devices lost, stolen or sent to the wrong person.

Remote access

  • to access the network from home or mobile, you must use council provided equipment
  • you will need to use an RSA hardware token available from ISD

Software

  • software must only be installed by ISD
  • if you required additional software you will need to complete a business case

Hardware and removable media (CDs DVD, external drives and USB drives)

  • access to removable media is be disabled unless you produce a valid business case
  • you can obtain encrypted devices from ISD
  • removable media will be permanently disabled for those staff with access to restricted (revenue and benefit) data
  • don't transfer council data onto private equipment or storage media
  • don't transfer private data from other equipment to your council equipment

Information protection

  • all electronic information should be stored on network drives
  • private information should be stored on the I drive
  • all other information should be shared on the G drive
  • shared sensitive information should be labelled Restricted in accordance with the Government Protective Marking Scheme
  • don't remove printed information from premises without the approval of your service manager
  • don't share information with those who are not authorised to receive that information
  • lock away sensitive documents when not in use; don't leave unattended
  • dispose of documents according to the sensitivity of the material
  • use the GCSX network to send restricted or confidential information; see ISD if you require access

Email

  • email facilities are monitored for traffic capacity and for ensuring compliance with council policies and procedures
  • use of email for personal messages is permissible but must be kept to a minimum
  • avoid on the auto previewing setting as this can encourage other members of staff to view your email over your shoulder
  • don't click on links or images from on email from unknown origins
  • use an "out of office" message as required
  • any messages or information sent by an employee are statements that reflect the council: be aware that your views will be construed as representing the counci
  • all emails not marked as ‘personal’ or ‘private’ will be considered to be council business messages/recordings and may be read after the appropriate authorisation has been granted
  • don't auto forward restricted emails to external addresses

Computer and telephone use

  • always lock your computer screen when you are away from your desk; any misuse will be logged in your name so it will be difficult to prove that it wasn’t you
  • always switch your machine off when you leave the office
  • never give another person any password
  • private calls on council phones should normally be made in emergency or in your own time and outside of core hours.
  • private calls and text messages using personal mobile telephones should normally be made in your own time and outside of core hours.

Internet (web) usage

  • web access is provided for work related activities
  • private web use must be in your time 
  • web usage is monitored
  • you are not allowed to download programs or software (including screen savers and wallpaper)

Information security policy

  • all Staff must read and agree to the policy
  • staff awareness training is provided through eLearning

Social media

  • contact Communications if you wish to use social media eg Twitter, Instagram, Facebook for council business

Information security acceptable usage guidelines

Any questions please contact Mark Lansbury x3168.