Storage, Retention and Destruction of Information. Signatories to this agreement confirm that the appropriate storage and protection measures are in place for the information that is shared through this agreement. 2.5.1 If information is backed up and stored electronically via disc, hard drive, USB stick, or any mobile device, then adequate security measures must be in place on electronic systems. This specifically means that areas where shared information is stored can only be accessed via username and password, and appropriate encryption measures are in place. Permission to access the information shared by Signatory Organisations will be granted on a strict 'need to know' basis once it is contained within the electronic system, and an audit trail will capture events which evidence successful and unsuccessful access to the system and individual records. The media being used should then be stored in a physical location that has a level of security appropriate to the level that the information held is graded to. 2.5.2 If information shared under this agreement is printed it must be kept in a locked container within a secure premise with a managed access control. If printed information must be moved from its usual secure location, which is in accordance with the level of security required by this agreement, then any move temporary or permanent, must provide the same level of security in storage as per the original location. When documents are not being used they will be stored securely. 2.5.3 Access to the information in both electronic and paper formats will be limited to relevant staff on a need to know basis. The security and maintenance of security measures and passwords will be the responsibility of the Data Protection Officer/Caldicott Guardian or relevant role within each Signatory Organisation. There will be a clear auditable access control system, detailing successful and unsuccessful attempts. The general public will have no access to either type of record. 2.5.4 All Signatory Organisations will have appropriate policies and procedures governing the retention and destruction of records containing personal information retained within their systems. These policies and procedures must be followed. Once the minimum retention 2.5.5 Electronic information will be disposed of by being weeded according to each agency's standard operating procedure in relation to their IT systems, being overwritten using an approved software utility or through the physical destruction of computer media. 2.5.6 Any paper records will be disposed of through an OFFICIAL SENSITVE waste disposal system, using a cross shredder, or returned to the relevant Signatory Organisation for secure disposal.
Appears in 2 contracts
Samples: Data Sharing Agreement, Data Sharing Agreement
Storage, Retention and Destruction of Information. Signatories to this agreement confirm that the appropriate storage and protection measures are in place for the information that is shared through this agreement.
2.5.1 If information is backed up and stored electronically via disc, hard drive, USB stick, or any mobile device, then adequate security measures must be in place on electronic systems. This specifically means that areas where shared information is stored can only be accessed via username and password, and appropriate encryption measures are in place. Permission to access the information shared by Signatory Organisations will be granted on a strict 'need to know' basis once it is contained within the electronic system, and an audit trail will capture events which evidence successful and unsuccessful access to the system and individual records. The media being used should then be stored in a physical location that has a level of security appropriate to the level that the information held is graded to.
2.5.2 If information shared under this agreement is printed it must be kept in a locked container within a secure premise with a managed access control. If printed information must be moved from its usual secure location, which is in accordance with the level of security required by this agreement, then any move temporary or permanent, must provide the same level of security in storage as per the original location. When documents are not being used used, they will be stored securely.
2.5.3 Access to the information in both electronic and paper formats will be limited to relevant staff on a need to know basis. The security and maintenance of security measures and passwords will be the responsibility of the Data Protection Officer/Caldicott Guardian or relevant role within each Signatory Organisation. There will be a clear auditable access control system, detailing successful and unsuccessful attempts. The general public will have no access to either type of record.
2.5.4 All Signatory Organisations will have appropriate policies and procedures governing the retention and destruction of records containing personal information retained within their systems. These policies and procedures must be followed. Once the minimum retentionretention period has expired, a risk assessment should be undertaken of whether the records should be kept for longer, if necessary. If not, the records should be promptly and securely destroyed.
2.5.5 Electronic information will be disposed of by being weeded according to each agency's standard operating procedure in relation to their IT systems, being overwritten using an approved software utility or through the physical destruction of computer media.
2.5.6 Any paper records will be disposed of through an OFFICIAL SENSITVE waste disposal system, using a cross shredder, or returned to the relevant Signatory Organisation for secure disposal.
Appears in 2 contracts
Samples: Data Sharing Agreement, Data Sharing Agreement
Storage, Retention and Destruction of Information. Signatories to this agreement confirm that the appropriate storage and protection measures are in place for the information that is shared through this agreement.
2.5.1 If information is backed up and stored electronically via disc, hard drive, USB stick, or any mobile device, then adequate security measures must be in place on electronic systems. This specifically means that areas where shared information is stored can only be accessed via username and password, and appropriate encryption measures are in place. Permission to access the information shared by Signatory Organisations will be granted on a strict 'need to know' basis once it is contained within the electronic system, and an audit trail will capture events which evidence successful and unsuccessful access to the system and individual records. The media being used should then be stored in a physical location that has a level of security appropriate to the level that the information held is graded to.
2.5.2 If information shared under this agreement is printed it must be kept in a locked container within a secure premise with a managed access control. If printed information must be moved from its usual secure location, which is in accordance with the level of security required by this agreement, then any move temporary or permanent, must provide the same level of security in storage as per the original location. When documents are not being used used, they will be stored securely.
2.5.3 Access to the information in both electronic and paper formats will be limited to relevant staff on a need to know basis. The security and maintenance of security measures and passwords will be the responsibility of the Data Protection Officer/Caldicott Guardian or [Enter relevant role role] within each Signatory Organisation. There will be a clear auditable access control system, detailing successful and unsuccessful attempts. The general public will have no access to either type of record.
2.5.4 All Signatory Organisations will have appropriate policies and procedures governing the retention and destruction of records containing personal information retained within their systems. These policies and procedures must be followed. Once the minimum retentionretention period has expired, a risk assessment should be undertaken of whether the records should be kept for longer, if necessary. If not the records should be promptly and securely destroyed.
2.5.5 Electronic information will be disposed of by being weeded according to each agency's standard operating procedure in relation to their IT systems, being overwritten using an approved software utility or through the physical destruction of computer media.
2.5.6 Any paper records will be disposed of through an OFFICIAL SENSITVE waste disposal system, using a cross shredder, or returned to the relevant Signatory Organisation for secure disposal.
Appears in 2 contracts
Samples: Data Sharing Agreement, Data Sharing Agreement
Storage, Retention and Destruction of Information. Signatories to this agreement confirm that the appropriate storage and protection measures are in place for the information that is shared through this agreement.
2.5.1 2.7.1 If information is backed up and stored electronically via disc, hard drive, USB stick, or any mobile device, then adequate security measures must be in place on electronic systems. This specifically means that areas where shared information is stored can only be accessed via username and password, and appropriate encryption measures are in place. Permission to access the information shared by Signatory Organisations partners will be granted on a strict 'need to know' basis once it is contained within the electronic system, and an audit trail will capture events which evidence successful and unsuccessful access to the system and individual records. The media being used should then be stored in a physical location that has a level of security appropriate to the level that the information held is graded to.
2.5.2 2.7.2 If information shared under this agreement is printed it must be kept in a locked container within a secure premise with a managed access control. If printed information must be moved from its usual secure location, which is in accordance with the level of security required by this agreement, then any move temporary or permanent, must provide the same level of security in storage as per the original location. When documents are not being used they will be stored securely.
2.5.3 2.7.3 Access to the information in both electronic and paper formats will be limited to relevant staff on a need to know basis. The security and maintenance of security measures and passwords will be the responsibility of the Data Protection Officer/Caldicott Guardian or [Enter relevant role (e.g. ICT Security Officer)] within each Signatory Organisationagency. There will be a clear auditable access control system, detailing successful and unsuccessful attempts. The general public will have no access to either type of record.
2.5.4 2.7.4 All Signatory Organisations signatories will have appropriate policies and procedures governing the retention and destruction of records containing personal information retained within their systems. These policies and procedures must be followed. Once the minimum retention.
2.5.5 2.7.5 Electronic information will be disposed of by being weeded according to each agency's standard operating procedure in relation to their IT systems, being overwritten using an approved software utility or through the physical destruction of computer media.
2.5.6 2.7.6 Any paper records will be disposed of through an OFFICIAL SENSITVE a Restricted or Official Sensitive waste disposal system, using a cross shredder, or returned to the relevant Signatory Organisation Partner for secure disposal.
Appears in 1 contract
Samples: Information Sharing Agreement
Storage, Retention and Destruction of Information. Signatories to this agreement confirm that the appropriate storage and protection measures are in place for the information that is shared through this agreement.
2.5.1 If information is backed up and stored electronically via disc, hard drive, USB stick, or any mobile device, then adequate security measures must be in place on electronic systems. This specifically means that areas where shared information is stored can only be accessed via username and password, and appropriate encryption measures are in place. Permission to access the information shared by Signatory Organisations will be granted on a strict 'need to know' basis once it is contained within the electronic system, and an audit trail will capture events which evidence successful and unsuccessful access to the system and individual records. The media being used should then be stored in a physical location that has a level of security appropriate to the level that the information held is graded to.
2.5.2 If information shared under this agreement is printed it must be kept in a locked container within a secure premise with a managed access control. If printed information must be moved from its usual secure location, which is in accordance with the level of security required by this agreement, then any move temporary or permanent, must provide the same level of security in storage as per the original location. When documents are not being used used, they will be stored securely.
2.5.3 Access to the information in both electronic and paper formats will be limited to relevant staff on a need to know basis. The security and maintenance of security measures and passwords will be the responsibility of the Data Protection Officer/Caldicott Guardian or other relevant role staff within each Signatory Organisation. There will be a clear auditable access control system, detailing successful and unsuccessful attempts. The general public will have no access to either type of record.
2.5.4 All Signatory Organisations will have appropriate policies and procedures governing the retention and destruction of records containing personal information retained within their systems. These policies and procedures must be followed. Once the minimum retentionretention period has expired, a risk assessment should be undertaken of whether the records should be kept for longer, if necessary. If not, the records should be promptly and securely destroyed.
2.5.5 Electronic information will be disposed of by being weeded according to each agency's standard operating procedure in relation to their IT systems, being overwritten using an approved software utility or through the physical destruction of computer media.
2.5.6 Any paper records will be disposed of through an OFFICIAL SENSITVE waste disposal system, using a cross shredder, or returned to the relevant Signatory Organisation for secure disposal.
Appears in 1 contract
Samples: Data Sharing Agreement