Information security policy

Introduction

Information is a major asset that Wycombe DC has a duty and responsibility to protect.

The purpose and objective of this Information Security Policy is to set out a framework for the protection of the authority’s information assets:

  • from all threats, whether internal or external, deliberate or accidental
  • to ensure business continuity and minimise business damage
  • in order to deliver its strategic and operational objectives

The Information Security Policy is a high level document, and adopts:

  • Standards: mandatory activities, actions, rules or regulations designed to provide policies with the support structure and specific direction they require to be meaningful and effective. The standards are derived from the international security standard ISO 27001. The standards are contained within the Information Security Policy Standards document.
  • Guidelines: which define the details of how the policy and standards will be implemented in an operating environment. The guidelines are contained within the Information Security Acceptable Use Guidelines document.

Scope

This Information Security Policy outlines the framework for management of information security within Wycombe DC.

The Information Security Policy, Standards and Guidelines apply to all employees and where relevant contractors and third party users, who have access to the Information Systems or information used for council purposes.

Information takes many forms and includes:

  • hard copy data printed or written on paper
  • data stored electronically
  • communications sent by post, courier or using electronic means
  • stored tape, microfiche or video
  • speech