Security and Data Management. (List any additional security requirements, this may include but not be limited to: Database security, Backups, Retention Periods, any other elements effecting either the confidentiality, Integrity or Availability of the data)
Security and Data Management. 16
4.1 Secure information exchange methods 16 4.2 Email 16 4.3 Fax 16
Security and Data Management. 8.1 Signatories to this protocol must ensure they have adequate security arrangements in place to protect the integrity and confidentiality of the information held.
8.2 Signatory agencies agree that personal information disclosed must:
(a) not be emailed over internet links without appropriate protection, where this is practical.
(b) be protected by back-up rules.
(c) when stored on a computer system, it must be password protected with provisions to ensure system security.
(d) paper copies must be stored securely.
(e) be located in a geographically secure environment.
(f) not be inputted/accessed without industry standard security devices as defined by BS7666.
8.3 Each partner agrees that where practicable information shared under this Protocol will be processed using the Empowering-Communities Inclusion & Neighbourhood management System (“E-CINS”).
8.4 Each partner will be responsible for agreeing and implementing their own organisation’s retention policy to ensure the secure disposal of information in accordance with best practice and statutory obligations as referred to in paragraph 7.6 above.
8.5 Signatory agencies understand that all these measures need to be taken to ensure the security of our partners and to protect the general public.
8.6 The parties undertake to regularly, but at least annually, audit their processes under this Protocol to ensure that its requirements are being met.
Security and Data Management a) At DT Attendance Consultancy Ltd., data is stored in secure databases within the DT Attendance Consultancy Ltd.’s managed server framework. User access is managed by named user identification authorised by the relevant manager or nominated officer and on receipt of an emailed security and data protection agreement. It is backed up on a daily basis and the system is fully recoverable.
b) At The School, data is stored in its own secure database and server. It is backed up on a daily basis and the system is fully recoverable. Access to the data is password protected with access privileges extended to the senior team and to those operational staff whose role is to keep the system up to date or manage the ICT aspect of the system. Access to particular sets of data is restricted on a need to know basis. Although all passwords are maintained by the ICT manager they are confidential to the user, with separate unique passwords being required for access to confidential systems.
c) Where applicable, data will be transferred as a secure, encrypted password protected file via the Internet where appropriate. There will be no paper or email transfer of data.
d) Data at individual level will be deleted according to record management protocols following use. Aggregated data will be held as long as they are of use to the respective parties. At the school data, which is not retained for legal reasons, is destroyed using file-shredding software when no longer required.
Security and Data Management. 4.1 Secure information exchange methods
Security and Data Management. Access to personal data will be controlled through formal protocols and agreements, and will be based on the principle of sharing only the minimum necessary for the purpose. It will be a condition of these agreements that the confidentiality of the data is safeguarded; the information is used only for the stated purpose and is retained only for an agreed period which in most cases is the duration of the contract.
Security and Data Management. Signatories to this agreement must ensure they have adequate security arrangements in place to protect the integrity and confidentiality of the information held. Signatory agencies agree that personal information disclosed must not be emailed over internet links unless the disclosing and receiving agency use one of the six recognised secure sites:- • xxx.xxxxxx.xx • xxx.xxx.xx • xxxx.xxx.xx • xxx.xxx.xx • xxxx.xxx • xxx.xxx When SSCP information is stored on a computer system, electronic files must be password protected with provisions to ensure system security. Paper copies must be stored securely within a secure environment. Any computer system holding personal information must be auditable. The audit trail must contain, as a minimum, who accessed the data, the information viewed and the time and date.
Security and Data Management a) At KCC, data is stored in secure databases within the KCC’s managed server framework. User access is managed by named user identification authorised by the relevant manager or nominated officer and on receipt of an emailed security and data protection agreement. It is backed up on a daily basis and the system is fully recoverable.
b) At the Educational Establishment, data is stored in a SQL database. It is backed up on a daily basis and the system is fully recoverable. Access to the data is password protected with access privileges extended to the senior team and to those operational staff whose role is to keep the system up to date or manage the ICT aspect of the system. Access to particular sets of data is restricted on a need to know basis. Although all passwords are maintained by the ICT manager they are confidential to the user, with separate unique passwords being required for access to confidential systems.
c) Data will be transferred as a secure, encrypted file via the internet either using the secure file transfer system Perspective Lite or the DfE national S2S site where appropriate. There will be no paper or email transfer of data.
d) Data at individual level will be deleted or deactivated according to KCC and The Educational Establishment’s respective record management protocols. Aggregated data will be held as long as they are of use to the respective parties. At the Educational establishment data which is not retained for legal reasons is destroyed using file shredding software when no longer required.
e) Data provided by KCC is maintained on a scheduled basis (if the Educational establishment is part of the Orchestra process) and is based on a data file sourced from schools. All conflicts are resolved by KCC Management Information staff and changes are accepted before the data is imported and made available for transfer.
f) Data provided by the Educational establishment is maintained on a regular basis and is based on data provided by parents and pupils.
g) The Educational Establishment must comply with GDPR and must be registered with the Information Commissioners Office.
h) Where the death of a young person becomes known either to KCC or the Educational establishment then that information is shared between the parties as soon as practicable and that record hidden from the databases according to local procedures.
i) Where a child is adopted information is shared between the parties as soon as practicable and that record hidden from the d...
Security and Data Management. 10.2.1 Electronic information Electronic exchange can be the most secure and auditable means of exchanging information provided this is done using suitably secure technology. Standard e-mail, even with encryption, is not generally sufficiently secure to protect personal information. Personal information should only be exchanged electronically using a secure messaging system and it is recommended that only those partners identified as Level A partners (see section 5.2), do so. Personal information disclosed must not be emailed over internet links unless the disclosing and receiving agency use one of the six recognised secure sites:- ⮚ xxx.xxxxxx.xx ⮚ xxx.xxx.xx ⮚ xxx.xxx.xx ⮚ xxx.xxx.xx ⮚ xxxx.xxx ⮚ xxx.xxx A key issue for electronic documentation is the consistent use of encryption and secure information exchange. Unguarded exchange of personal information may;- ⮚ place lives at risk ⮚ infringe the rights of the individual subject or others that may be identifiable from the information ⮚ compromise the organisations sharing data ⮚ jeopardise any proceedings or legal measures based upon that information. With remote working there is an issue about storing personalised data on flash drives/memory stocks and of encryption. Some agencies have Home Office approved data secure memory sticks and encrypted laptops, others do not. Recent Home Office guidance with respect to third party suppliers recommends that:
a) No unencrypted laptops or drives or removable electronic media containing personal data should be taken outside secure office premises.
b) No transferring of any protected personal data from Home Office approved systems to third party suppliers owned laptops, PCs, USB keys, external drives and any other electronic media is permitted. Level A partners sharing personalised data are responsible for ensuring that laptops, drives or removable electronic media containing personal data used for remote working are encrypted and have Home Office approved levels of security. To comply with national guidance encryption should be at least 256 bit. When stored on a computer system, information must be password protected with provisions to ensure system security. Any computer system holding personal information must be auditable. The audit trail must contain as a minimum who, what & when:- • which individual has accessed the data, • the information accessed, • time and date.
Security and Data Management. At KCC, data is stored in secure databases within the KCC’s managed server framework. User access is managed by named user identification authorised by the relevant manager or nominated officer and on receipt of an emailed security and data protection agreement. It is backed up on a daily basis and the system is fully recoverable. At The Academy/Free School, data is stored in a SQL database. It is backed up on a daily basis and the system is fully recoverable. Access to the data is password protected with access privileges extended to the senior team and to those operational staff whose role is to keep the system up to date or manage the ICT aspect of the system. Access to particular sets of data is restricted on a need to know basis. Although all passwords are maintained by the ICT manager they are confidential to the user, with separate unique passwords being required for access to confidential systems. Data will be transferred as a secure, encrypted file via the internet either using the secure file transfer system Perspective Lite or the DfE national S2S site where appropriate. There will be no paper or email transfer of data. Data at individual level will be deleted or deactivated according to KCC and The Academy/Free Schools respective record management protocols. Aggregated data will be held as long as they are of use to the respective parties. At the Academy/Free School data which is not retained for legal reasons is destroyed using file shredding software when no longer required. Data provided by KCC is maintained on a weekly basis (if the Academy/Free School is part of the B2B process) and is based on a data file sourced from schools. All conflicts are resolved by MI staff and changes accepted before the data is imported and made available for transfer. Data provided by The Academy/Free School is maintained on a regular basis and is based on data provided by parents and pupils. Where the death of a young person becomes known either to KCC or The Academy/Free School then that information is shared between the parties as soon as practicable and that record removed from the databases according to local procedures. Where a child is adopted information is shared between the parties as soon as practicable and that record removed from the databases according to local procedures.
