Subject: Data Security and Protection
- Does the organisation have training that covers:
- Recognising and reporting Phishing emails
- Recognising Tailgating and how to respond (challenging strangers, checking for ID etc.)
- Disposal of confidential information
- Dangers of using USB sticks being given away or finding one that looks like it has been dropped
- Does the organisation allow the use of USB sticks?
- Does the organisation deliver specialised training to key staff (those staff that could be targeted as part of a phishing email campaign, i.e. finance, execs etc.)?
- Does the organisation perform confidentiality audits as per the Data Security & Protection Toolkit? Can you also answer relating to the audits:
- Where the audits are undertaken would these be organised with the local team manager or the head of department i.e. the director etc.?
- Would an audit ever be carried out unannounced?
- Do you have a policy / procedure of how to conduct the audit? – if so can you supply a copy.
- Do you record the results on a checklist / report and return the key contact? – if so can you supply a blank copy.
- Does the organisation have confidential waste receptacles placed through the entire organisation and are they regularly emptied?
- Does the organisations Exec board receive board level training relating to Cyber Awareness?
- How does the organisation provide Data Security & Protection Training to staff, does the organisation use (please select all the options that are applicable):
|a. Third party application package||
|b. Third party Trainer / class room||
|c. eLearning for Health Data Security Awareness||
|d. In house developed package||
|e. Combination of any of the above||
|Please find information attached.
2019-13 – FOI Request – Data Security and Protection [129 kb] PDF
Audit Template [360 kb] PDF