All information assets are documented and have assigned owners who are responsible for both determining risk and maintaining an inventory.
Where possible, all production technology assets are recorded and maintained within our device management service.
- Asset owners and managers as detailed in the Information Asset and Risk Database.
We ensure protection of all information and records in our custody. While we do not maintain hard copies of documents, the handling, labelling, storage, transmission and disposal of assets and all media are covered in the Information Classification and Handling Policy which is available upon request by contacting firstname.lastname@example.org.
We use the following levels of classification:
- Confidential: Available only to specified and relevant members, with appropriate authorisation. A breach of confidentiality could result in unacceptable damage with serious and lasting consequences threatening the company or one of its activities.
- Restricted: Available only to specified and/or relevant members, with appropriate authorisation. A breach of confidentiality could cause serious damage resulting in the compromise of activity within the company in the short to medium term.
- Internal: Available to any authenticated member of the company. Typically, if this level of information was leaked outside of the company, it could be inappropriate or ill‐timed.
- Public: Available to any member of the public without restriction. This information however should not be placed into the public domain without reason, such as a request or publishing as part of data management policy.
We do not maintain hard copy documents. Where necessary, they are scanned into our document system and destroyed using cross-shredding.
Acceptable use of assets
The Acceptable Use Policy is a summary of controls that pulls together many of the key requirements included in other policies, but which we feel are mandatory to avoid staff having to read every policy item that may or may not affect them.
The policy covers:
- Data privacy
- File sharing and cloud storage
- Remote working requirements
- Computers and mobile devices
- Portable media
- Supplied media
- Password security
- Access controls
- Network and cyber
- Incident reporting
- Business continuity process
- Physical security
- Clear desk and screen
- Providing remote support
- Offboarding and what is expected
Need further support?
If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.