General principles
You must respect the confidentiality, integrity and availability of information at all times. All information required to deliver services and conduct business has inherent value. It requires an appropriate degree of protection.
When processing information you must ensure it is subject to proportionate and reasonable controls:
- relative to the sensitivity of the information
- in a manner which reduces the risk of compromise or loss
You must process information in a manner which meets legal and regulatory requirements. This includes information received from, or exchanged with, external partners.
You must not access or attempt to access information unless you have a clear and authorised business need.
You must process personal data in accordance with our Data protection policy. This supports our obligations under current data protection legislation.
All staff must be subject to appropriate employment checks prior to handling information. This includes verification of identity.
All staff processing information must undertake annual information assurance training. They must be aware of their individual responsibilities.
You must not use private or personal devices to process our information unless you are using an authorised corporate solution, for example accessing Microsoft 365 web applications.