Key assets for an organisation are not only physical but increasingly in the form of information. We expect this trend to increase. As with all assets, there is a need to identify them and protect them from damage, theft or loss. (Under the Data Protection Act, for personal data, this is a legal obligation.) We believe this is a shared responsibility and ISD will be active in encouraging best practice by all asset holders.
Information security and compliance
- We see information security as a whole community responsibility, and so will provide advice, guidance and training to ensure that the community has an appropriate understanding of their role in ensuring the information / digital security of our environment.
- We will provide systems that will help to protect the security of information and networks.
- We will develop and disseminate policy that will meet the obligations placed upon the institution by regulations and legislation, while accommodating any flexibility inherent in them.
Security by design
- We will design security and compliance into the services we deliver.
- Where we require users to contribute to system security, we will provide advice and guidance.
- We will actively test the security of our services (especially new or significantly developed services) to ensure we maintain a high level of security. Where we discover vulnerabilities, these will be fixed where possible, or processes changed to avoid the problem. Where necessary, we will request our community of users to change their behaviours to maintain security.