home » about us » policies » information and communication technology » 

• 
• Contact Us
• FAQ's
• Accessibility
• A-Z
• Links
• Log In 

Start of main content

Information Security & Compliance Policy Responsibilities

Introduction

The objective of this Information Security & Compliance Policy is to protect the information assets processed by HFRS from all appropriate threats, whether internal or external, deliberate or accidental.

In support of this objective, HFRS are fully committed to information security and shall:

• Treat information security as a critical business issue
• Create a security-aware work environment
• Implement controls that are proportionate to risk
• Achieve individual accountability for compliance with information security policies and supporting processes.

This Information Security & Compliance Policy establishes the requirements HFRS have for achieving and maintaining compliance with all information security policies, processes, guidelines, and applicable legislation.

Scope

This Information Security & Compliance Policy shall apply to:

•All employees who use HFRS information assets and information processing facilities regardless of whether they are processed electronically or in paper form.

•All external third parties that provide services to HFRS in respect of information processing facilities.

Policy

This Information Security & Compliance Policy states that HFRS shall ensure that:

• Information assets and information processing facilities shall be protected against unauthorized access
• Information shall be protected from unauthorized disclosure
• Confidentiality of information assets shall be a high priority
• Integrity of information shall be maintained
• Availability requirements for information assets, as identified by information owners, shall be met
• Statutory and legal obligations shall be met
• Business continuity plans shall be produced, maintained and exercised
• Unauthorised use of information assets and information processing facilities shall be prohibited; the use of obscene, racist or otherwise offensive statements shall be dealt with in accordance with other policies published by HFRS
• This Information Security & Compliance Policy shall be communicated to all employees for whom information security training shall be given
• All breaches of information security, actual or suspected, shall be reported and investigated in line with HFRS published policies
• Implemented controls shall be commensurate with the risks faced by HFRS.

In support of this Information Security & Compliance Policy, more detailed security policies and processes shall be developed for employees, information assets and information processing facilities.

Compliance

Activities related to the use of information assets and information processing facilities shall be monitored to ensure that HFRS requirements for confidentiality, integrity, and availability are maintained.  Employees with access to information assets and information processing facilities shall be responsible for reporting any suspicious activity, security breaches or security violations to IT.

Senior Managers shall ensure continuous compliance monitoring within their area of jurisdiction.  Compliance with HFRS security policies shall be a matter for periodic review by IT.  Non-compliance with security policies, standards and processes shall result in corrective action by management.

Responsibilities

The Senior Management Team of HFRS shall be accountable for ensuring that appropriate security and legal controls are identified, implemented and maintained by information owners.  They shall be supported in this task by all employees.

The role and responsibility for managing information security at an operational level shall be performed by the Information Security Officer.

Information owners within HFRS shall be responsible for the identification, implementation and maintenance of controls that are commensurate with the value of the information assets they own and the risks to which they are exposed.

It is the responsibility of all employees to adhere to this Information Security & Compliance Policy.

Non-compliance with this Information Security & Compliance Policy by any employee shall result in disciplinary action.

The Senior Management Team of HFRS has approved this Information Security & Compliance Policy.

• news
• keeping safe
• business fire safety
• kidzone
• careers & training
• about us
• for staff
• Go to Animal Rescue :: Operations Audit Commission and Other External Assessments and Reports - The Service Budget, Accounts and Regulations Business Education Community Response Corporate Planning Current Vacancies :: Careers and Training Environment Equality and Diversity Events Diary Fire Control Fire Safety Regulations Fire Stations Fire and Rescue Authority Freedom Of Information Act 2000 (FOI) Hampshire Fire and Rescue Service Plan History of HFRS Home Safety IPDS Incident Types News Releases Past Members Planning for Emergencies Policies Recent Incidents Service News Service orders Station Admin Manual Top 10 Fire Safety Tips Vehicles and Appliances