Information Security Policy
Part 1
1. Introduction
1. Introduction
We hold and manage large quantities of information and data (the term information is used for both in this policy, unless specified), concerning the investigation of complaints and the operation of the service. Much is of a sensitive personal nature and some is commercially sensitive to us and/or other bodies.
This information must be properly managed, protected and used to meet our legal obligations and to safeguard our reputation, while maintaining the effective operation of the service.
The LGSCO is committed to information security and ensuring that the UK General Data Protection Regulation’s (“UK GDPR”) and Data Protection Act 2018 (DPA18) six data protection principles are followed when handling personal data.
This policy sets out our approach to information security, ensuring we follow the six data protection principles. It is designed to manage risk and respect the fundamental rights and freedoms of data subjects and to recognise the general need for transparency in our operations. It covers all information received, produced, stored or transmitted on behalf of the service, and equipment, systems and software owned or used on behalf of the service.
The objective of our information security policy is to maintain the principles of:
- Confidentiality: the restriction of information to authorised individuals; confidential information is protected from unauthorised disclosure.
- Integrity: the maintenance of information in its complete and proper form; records are protected from corruption and unauthorised change.
- Availability: the continuous or timely access to information by authorised individuals; data is available to authorised people when needed.
All staff (including contractors and others with a contractual arrangement to work for or on behalf of the service), who may have access to information are required to understand and work within the provisions of this policy and its objectives.