Information Security Policy

9. Information security around the office

9.1. Building security 

  • Staff should challenge any visitor who is not wearing a visitor badge and report them to Building Security.
  • Access to complaint casework hard copy file stores will be controlled so these are only accessible by users in the performance of their duties. 

9.2. At the desk

Users will maintain a ‘clear desk’, with no confidential information left in view when not in use. 

  • All confidential material will be cleared from desks at the end of the working day.
  • Complaint casework files or confidential documents will be returned to locked cupboards or to designated storage areas at the end of each working day. 
  • Users will remove confidential papers immediately from printers and scanners

Users will maintain a ‘clear screen’ by doing the following.  

  • the auto screensaver will be set by the IT Team to lock after a maximum of 10 minutes in the office, and 30 minutes when working from home.
  • using the keyboard locking mechanism (Ctrl Alt Del and choose the locking option OR use the Windows key and L) when leaving your desk. 
  • logging off when leaving the desk at the end of work. 

See section 11.2 for more details on home working.

9.3. IT Security

  • All servers and computer connectivity equipment will be in a secure location suitable for that equipment, including proximity to effective air conditioning and fire suppression systems. 
  • Environmental controls will protect central/key equipment. File servers will be protected from power surges and failures, interruption to other utility serves, extremes of temperature and humidity, malicious or accidental damage, fire and flood.
  • Secure areas to protect key IT equipment will be secured by additional entry controls including security coded locked doors, and access will be restricted to authorised staff, coordinated by the IT staff and the Operational Support Manager. 
  • Equipment will be sited to minimise the risk of accidental damage. Any suspected damage to computer equipment will be reported to the IT service desk for checking before use.
  • Pool laptops will be signed for before being taken out of the office. Care must be taken to ensure that IT equipment is protected from theft, loss or damage outside the office.
  • Computer equipment is recorded on the asset register. It is the responsibility of IT staff to keep the asset register up to date.

See also Building security procedure. 

LGO logogram

Review your privacy settings

Required cookies

These cookies enable the website to function properly. You can only disable these by changing your browser preferences, but this will affect how the website performs.

View required cookies

Analytical cookies

Google Analytics cookies help us improve the performance of the website by understanding how visitors use the site.
We recommend you set these 'ON'.

View analytical cookies

In using Google Analytics, we do not collect or store personal information that could identify you (for example your name or address). We do not allow Google to use or share our analytics data. Google has developed a tool to help you opt out of Google Analytics cookies.

Privacy settings