7.1. Antivirus and email protection

The IT Manager will ensure all LGSCO computers and laptops have updated antivirus software installed and that incoming email is scanned for threats. Written procedures will be in place for isolating and dealing with computer infection.

Viruses and other potentially harmful software can enter the LGSCO network via email, external devices such as CD and USB memory sticks and can be downloaded unwittingly from websites you visit. 

Staff should not open suspicious email or attachments. They should report potential or suspected viruses, email hoaxes, excessive spam and receipt of inappropriate material to the IT Team via the helpdesk.

If you think that your PC has a virus or you receive a suspect email, stop work immediately and contact the IT Team. In addition, disconnect your PC from the LGSCO network by removing the network cable OR by immediately shutting down. 

Spam emails should be reported to our security partner. See the instructions for dealing with spam for more information.

7.2. Encryption and password protection of IT

All LGSCO computers, portable electronic devices such as laptops and removable media such as USB sticks will have encryption and password protection enabled before issuing to users, with instructions for use. USB sticks are not used for transporting casework or other personal data. Access to LGSCO data outside the office is via the VPN. There are two  exceptions where encrypted USB sticks may be used for personal data:

• Our external legal advisers may need to be provided with data, including casework data this way 
• Responding to a subject access request where we have identified this is the safest means for sharing information or where the requester has specifically requested this method of sharing their personal data.

Encryption systems will follow industry standards and approved protocols for encryption.

Note: Unencrypted USB sticks may be used for PowerPoint presentations used by the training team and others, but care should be taken that the presentations do not inadvertently contain any personal data.

7.3. Software

Software will be purchased through the IT department to ensure it is compatible with existing computer systems, has ongoing support and maintenance in place, and is compliant with copyright and licensing legislation.

Software will always be used in accordance with its licence agreement. The IT department will catalogue and store software assets (software media and licences), and conduct regular software audits to ensure that the LGSCO is not in breach of licensing legislation. 

Information held on network servers will be backed up in accordance with written procedures to provide at least one month of information retention. All backups will be maintained securely and will be destroyed when no longer required.

7.4. Artificial Intelligence

Whilst we do not rule out the use of AI tools in the future, currently we do not integrate any AI tools in to our own systems, other than where intrinsically integrated by third parties as part of their software. 

As with other internet-based resources with similar functionality to AI, e.g. search engines, there are limitations and risks to using AI tools such as ChatGPT. We currently consider it to be inappropriate to use AI to draft any part of our casework decisions.

Further guidance is available for staff on our intranet.

7.5. Administrator accounts

Staff or contractors who have administrator status:

• Must not use administrator accounts for routine tasks such as reading email or printing. 
• Must not create administrative accounts unless authorised by the IT Manager. 
• Must secure their Office 365 accounts using Two-Factor Authentication on a mobile device using Microsoft Authenticator

7.6. Suppliers

All IT suppliers including third party maintenance suppliers will sign confidentiality or non-disclosure agreements. All suppliers that process data on our behalf have a Schedule of Processing.