Goodenough College Logo

Goodenough College Information Security Policy


Goodenough College (“College”) has adopted the following Information Security Policy (“Policy”) as a measure to protect the security, integrity and availability of the College’s data as well as any Information Systems, computers, tablets, servers or network equipment that stores, processes or transmits that data.

Scope

This Policy applies to all Staff, Members and authorised third-paries associated with of the College as well as any other individuals who are authorized to access College Data.

Responsibilities

The IT Department staff shall be responsible for the development, updating and enforcement of the Goodenough College Information Security Policy, along with the procedures for the protection of College data.

Lifecycle

This Policy will be reviewed Annually by the College’s IT Department Staff, or more often if deemed appropriate based on improvements in technology, changes to existing laws or the addition of new relevant laws.

Enforcement

Violations of this Policy may result in loss of access to the data in question. Additional sanctions may apply up to and including termination of employment or contractor status with the College for Staff and expulsion from the College for Members. Criminal charges may also apply.

Exceptions

This Policy is compliant with the Data Protection Act and General Data Protection Regulation Laws. As exceptions to this policy are extremely likely to allow illegal behaviour, no exceptions to this policy are permitted.

Policies

Any Information System that stores, processes or transmits data belonging to either the Staff or Members of Goodenough College or to the College itself shall utilise sufficient data security and integrity measures. What constitutes sufficient date security and integrity measures is defined by the IT Department Staff and is redefined as an when appropriate.

Staff that are authorised to access College data shall provide adequate data security and integrity measures when accessing College data externally. The IT Department provides secure remote access facilities but responsibility for the device that is being used to connect to the College remains with the User.

All College data shall be protected in a manner that is reasonable and appropriate for that data. All servers containing College data are backed up each evening on working days and any College data stored on servers that are on located within the College is backed up by the organisations that provide the service.

College data must not be transferred onto insecure (and easy to lose) USB memory sticks. If data needs to be transported to another location and a USB memory stick appears to be the only viable method, the user shall contact the IT Department in order to either find an alternative method or to encrypt the data on the USB memory stick.

Updates

This policy may be updated at any time. The latest version is always available on The Square. It is advisable to check it regularly.