ISfL Protective Marking methodology July 2010. Local Government Data Handling Guidelines Ensure all staff are trained, updated and aware of their responsibilities.

Slides:

Advertisements

Similar presentations

The organisation of labour inspection in France. Labour inspection within the Ministry of Labour Centre C Competition Consumer spending Fraud prevention.

Advertisements

Managing the Health and Safety of Contractors

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

Battalion Level Staff PERSONAL STAFF GROUP COORDINATING STAFF GROUP

2 3 There are two basic areas where there is a need to have resources available. Internal:  Financial  Personnel  Assets  Time External  Consultants.

Health & Safety upon recruitment change of job or responsibility new equipment or technology changes in systems of work Why Do It? s2. HASAW Act 1974 The.

STRATEGIC PLANNING FOR Post-Clearance Audit (PCA)

Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.

Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/

Cathy Magowan Carer Support Developments Western Health and Social Care Trust (MARCH 2014)

Risk and Resilience Delivered by Alba

Revision from last week  Assumptions are potential failure points in a project. They need to be monitored and managed. At the start of the project they.

Revised Caldicott Manual- Practice Managers Groups Revised Caldicott Manual – November 2008.

Securing Corporate & Documents Richard Elphick Titus Labs.

BRC Storage & Distribution Safety and Quality Management System Training Guide

1 Question 5 : Are they well led? Supporting staff Temporary Staffing MAST Staff Appraisals.

- 1 - Review of the Code of Practice for the Investigation of Family Violence Dr Kristin Diemer Professor Cathy Humphreys, Dr Lucy.

First Practice - Information Security Management System Implementation and ISO Certification.

Pamela Simpson MCSP Moving And Handling Consultant.

SHE Code 6: Risk Management Safety, Health and Environment (SHE) Group.

1.  Consider: What are my Hazard Risks & consequences?  Awareness to storm and flood risks ◦ Winds ◦ Floods ◦ Nor’easter ◦ Snow/Ice Storms ◦ Hurricane.

University of Pittsburgh Study Abroad Programs Guidelines and Checklist.

Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Chapter 2 Modern Private Security

SHE Code 33: Safety of Pressure and Vacuum Systems Safety, Health and Environment (SHE) Group.

Business Continuity and You! The Ohio State University Business & Finance Enterprise Continuity Program Quarterly Update October 2008Business and Finance.

My Role as an Employer 5 th May My role as an employer Managing your own service gives you the flexibility, choice and control to live your life.

1 CHCOHS312A Follow safety procedures for direct care work.

© Ecclesiastical Insurance Office plc 2013 Insurance and Night Shelters October 2013 Marcus Booth & Paul Franklin Ecclesiastical Insurance.

Information Asset Classification

Safe Working Practices - Contents

Topic 4 How organisations promote quality care Codes of Practice

MANAGING THE RISK OF FRAUD ‘A Standard Approach’ Presented by: Joe Laidler & Tracy Barnett ALARM Conference November 2007.

Representatives Conference June Today’s briefing should provide… Understanding of government's direction of travel/future of community services.

Recordkeeping for Councillors

Best Practices: Financial Resource Management February 2011.

Cyber Security & Fraud – The impact on small businesses.

By: Amorntip Im-Um ID: C Introduction: an new employee manual or staff handbook, is a book given to employees by AOI Institute. The employee handbook.

Key principles applied by Witzenberg Municipality to Manage of Fraud Presented by: Gerhard Louw Internal Audit PEC Engagement 25 July 2013 IIA Guideline.

Workshop 1 IABA Club Development Ulster Workshop 1 Funding – Getting your club ready.

UNIT 15 WEEK 9 CLASS 1 LESSON OVERVIEW Pete Lawrence BTEC National Diploma Organisational System Security.

Information Asset Classification Community of Practicerev. 10/24/2007 Information Asset Classification What it means to employees.

Presentation on Governance Duties for Community Radio Boards Stephanie Comey Senior Manager BAI.

Sample only Order at Security Awareness Training A threat awareness briefing. A defensive security briefing. An overview of the.

NAFN Data and Intelligence Services. Introduction Established in 1996 One stop for all data and intelligence services Around 90% of local authorities.

ISO/IEC 27001:2013 Annex A.8 Asset management

 Ensure appropriate policies and procedures are in place to protect staff and that they are regularly reviewed and updated.  Carry out comprehensive.

Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.

LATVENERGO GROUP COMPLIANCE AND FRAUD RISK MANAGEMENT Kristine Arensone Compliance officer

Presentation 6: Sharing your knowledge and experience.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

Qantas/IBM – Transition phase of the outsourcing lifecycle Presented by Goh Kok Min Kelvin Tan Yuean Soo Ho Wee Ming Tan Wei Liang Wang Geng.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

Toward a Comprehensive Approach Challenges, Common Ground, Distinctions.

Strictly Education Services. About us  Work exclusively in the Education Sector  Provide services to over 700 schools  Deal with over 70 Local Authorities.

Am a Health Care Assistant and I am accountable for my practice I am a Health Care Support Worker and I am accountable for my practice Amanda Palmer Health.

BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 7 EMPLOYMENT CONTRACTS & CODES OF CONDUCT.

TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,

INTANGIBLE TECHNOLOGY TRANSFERS IN EXPORT CONTROLS

Chapter 2 Modern Private Security

Documenting Life in the UK

Unit 7 – Organisational Systems Security

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

Information management and communication

Cyber security Policy development and implementation

Neopay Practical Guides #2 PSD2 (Should I be worried?)

IT OPERATIONS Session 7.

Presentation transcript:

ISfL Protective Marking methodology July 2010

Local Government Data Handling Guidelines Ensure all staff are trained, updated and aware of their responsibilities Undertake regular risk reviews of all processes and procedures Ensure all key information assets are classified and are resilient

Code of Connection 3.2: Employees of the organisation who handle information carrying a protective marking of RESTRICTED MUST be made of aware of the impact of loss of such material and the actions to take in the event of any loss. 4.1: The mail client or user adds security labels to each that carries a protective marking of PROTECT or higher

The problem Requires specialist knowledge Tendency to over classify Perceived as an onerous task by the business Divorced from handling Impact assessment – scale too large

HMG Infosec Standard No. 1 - Business Impact Table Impact on life and safety Impact on political stability Impact on military operations Impact on foreign relations Impact on intelligence operations

ISfL methodology Based on content Platinum, Gold and Silver Threshold scores Allows scaling in PROTECT [P1, P2] Flexibility to review Does not require specialist knowledge

ISfL methodology – Gold = 3 points Name Address DOB National identifier e.g. NI number, NHS number, Passport number, Driving licence Individual bank or financial details Police record or Community Safety client Record of benefits [DWP or LA] Case event e.g. referral, assessment, investigation, planning or review of services Corporate financial details that will not form part of public documents or records

ISfL methodology – Silver = 2 points S1 Photograph of person S2 Employment details S3 In receipt of specific personal council services e.g. home care S4 Legal documents including tenancy agreements, commercial contract or property details S5 Trading standards investigations and reports S6 Telephone number and/or address S7 Corporate financial details prior to them forming part of public documents or records S8 Marital status or sexual orientation if not recorded in G8

Current status Discussions with CESG Internal ISfL discussions Bromley undertaking PoC with version 2 Data handling guide being produced

Issues One system as long as it is mine Threshold score All starting from a different point What is the difference in handling? Purist v Pragmatist