NEWS Information Security Policy

Title: Information Security Policy

Reference: ISP1

Status: Final

Version: 1.0

Date: May 2018

 

Contents

  • Introduction
  • Definitions
  • Purpose
  • Scope
  • Structure
  • Information security principles
  • Governance
  • Sub-policy document list

Introduction

This policy is concerned with the management and security of NEWS information assets (an information asset is defined to be an item or body of information, an information storage system or an information processing system which is of value to NEWS) and the use made of these assets by its personnel who may legitimately process information on behalf of NEWS.

This overarching policy document provides an overview of information security and lists a hierarchical set of policy documents (sub-policies) which taken together constitute the Information Security Policy of NEWS.

Definitions

For the purposes of this document, the term “personnel” will include staff, contractors and agents of NEWS together with any others who may have been granted permission to use NEWS information and communication technology facilities.

 

Purpose

An effective Information Security Policy provides a sound basis for defining and regulating the management of information systems and other information assets. This is necessary to ensure that information is appropriately secured against the adverse effects of failures in confidentiality, integrity, availability and compliance which would otherwise occur.

 

Scope

The documents in the Information Security Policy set apply to all information assets which are owned by NEWS, used by NEWS for business purposes or which are connected to any networks managed by NEWS.

The documents in the Information Security Policy set apply to all information which NEWS processes, irrespective of ownership or form and are applicable to all NEWS personnel.

 

Structure

This top-level document lists a set of other sub-policy documents which together constitute the Information Security Policy of NEWS.  All of these documents are of equal standing.  Although this policy set should be internally consistent, for the removal of any doubt, if any inconsistency is found between this overarching policy and any of the sub-policies, this overarching policy will take precedence.

Each of the sub-policy documents only contains high-level descriptions of requirements and principles.  They do not, and are not intended to include detailed descriptions of policy implementation.  Such details will, where necessary, be supplied in the form of separate procedural documents which will be referenced from the relevant, individual sub-policy documents.

 

Information Security Principles

NEWS has adopted the following principles, which continue to underpin this policy:

  1. Information will be protected in line with all relevant NEWS policies and legislation.
  2. Each information asset will have a nominated owner who will be assigned responsibility for defining the appropriate uses of the asset and ensuring that appropriate security measures are in place to protect the asset.
  3. Information will be made available solely to those who have a legitimate need for access.
  4. All information will be classified according to an appropriate level of security.
  5. The integrity of information will be maintained.
  6. It is the responsibility of all individuals who have been granted access to information to handle it appropriately in accordance with its classification.
  7. Information will be protected against unauthorised access.
  8. Compliance with the Information Security policy will be enforced.

Governance

Responsibility for the production, maintenance and communication of this top-level policy document and all sub-policy documents lies with the Managing Director.

This top-level policy document has been approved by NEWS’s Management Team. Substantive changes may only be made with the further approval of the Management Team.  Responsibilities for the approval of all sub-policy documents is delegated to NEWS’s Office Manager.

Each of the documents constituting the Information Security Policy will be reviewed annually. It is the responsibility of the Managing Director to ensure that these reviews take place. It is also the responsibility of the Managing Director to ensure that the policy set is and remains internally consistent.

Changes or additions to the Information Security Policy may be proposed by personnel, via their departmental manager, or the Managing Director.  Any substantive changes made to any of the documents in the set will be communicated to all relevant personnel.

 

Sub-Policy Document List

note from the webmaster: NEWS Ltd. have provided the privacy documents deemed relevant for web use. These include this document (ISP 1), ISP 1.1 & ISP 1.4. Please contact NEWS directly for information on other documents at info@nationwidewitness.com

Name ID
Compliance Policy ISP1.1
Outsourcing and Third Party Compliance Policy ISP1.2
Human Resources Policy ISP1.3
Information Handling Policy ISP1.4
User Management Policy ISP1.5
Acceptable Use Policy ISP1.6
System Management Policy ISP1.7
Network Management Policy ISP1.8
Software Management Policy ISP1.9
Mobile and Remote Working Policy ISP1.10
Investigation of Computer Use Policy ISP1.11