Appendix 2: Security procedures for Laptops
Introduction- These Trust Security Operating Procedures contain some of the more important Do’s and Don’ts whilst using Trust and/or privately procured Portable Computing Devices for storing, processing and transferring Trust information. It is your responsibility to acknowledge full compliancy with these procedures by signing the declaration below and agreeing to be bound by them. Failure to comply with any of these procedures may result in a security breach and disciplinary action being taken.
- To read and comply with the ICT Security and Portable Computing & Data Storage Devices Policies
- You must not share or disclose your logon or account details or a logged on session with others.
- You must not transfer ‘ownership’ of the device without informing your line manager and ICT and ensure that you return the device when no longer required or upon leaving employment with the Trust.
- You must not connect any personal or privately procured hardware peripherals to this device without prior approval from the IT Department. Printers may be connected as a local device, such as a USB or LPT port device, but you are advised to seek further advice from the IT Department.
- You must take all reasonable care to prevent the theft or loss of this device. Any Portable Computing Device is an attractive item and must not be left unattended in a public place or left in vehicles. When transporting it, ensure that it is safely stowed out of sight. Use of any device during journeys on public transport requires extra vigilance to avoid the risk of theft of the device or unauthorised disclosure of Trust stored information by “overlooking”.
- If you leave the device unattended for any reason, you must “lock” the “session” and make sure it is in a safe place, not left in an unattended room for example. To lock the “session” use the Ctrl>Alt>Del keys and select “Lock Computer” alternatively, Log Out or shutdown the device, if you anticipate leaving the device unattended for 30 minutes or more you must Log Out or Shutdown.
- Offensive material of a profane or indecent nature is not to be stored on your device. Access to pornographic websites is strictly forbidden and viewing of child pornography is against the law. If illegal material is stored/viewed using this device, or sent and/or received by E-Mail, the Trust is obliged to inform the police and prosecution may follow.
- Privately procured software is not to be installed on this device.
- You must keep the pre-installed Anti Virus, Encryption Software, Operating Systems and security patches up-to-date (this requires connection to the Trust network ideally at least every 14 days but no more than every 90 days. Failure to do so will lock encrypted devices and make them inoperable until they are unlocked.
- Where users wish to a non-Trust WiFi network they are to ensure that it utilises WiFi Protected Access (WPA) as a minimum and preferable WPA2 before processing Trust data
I hereby declare that I have read and understood the above Security Operating Procedures (SyOPs) and agree to comply with all of the schedules contained herein.
Signature…………………………………………….Date…………………..
Name (in print…………………………………………….Dept…………………..
Job Title…………………………………………………………………….
Line Manager/IT Department
I have issued this Device to the temporary owner (above) and I am satisfied that these Security Operating Procedures (SyOPs) have been read and clearly understood by the User.
Signature…………………………………………….Date…………………..
Name (in print…………………………………………….Asset No…………………..
ICT Mobile Working Policy
Author: Edward Purcell, ICT Security Specialist
Version 4
July 2017Page 1 of 2