Information Security Policy
INFORMATION SECURITY POLICY (GDPR) - IT
This policy is intended to define a framework by which Audas Property Management Ltd.’s computer and data processing systems will be protected from threats whether internal, external, deliberate or accidental.
- All Audas computer systems, environments and information contained within them will be protected against unauthorised access.
- All use of Audas IT facilities will comply with the following policies as detailed in the Audas Company Handbook:
Internet and Email Policy
Social Media Policy
GDPR/Data Protection Policy
- Information kept within these systems will be managed securely, in accordance with relevant data protection laws and to satisfy Audas Property Management Ltd’s expectations that such assets will be managed in a professional manner.
- All staff of Audas Property Management Ltd are required to familiarise themselves with this policy, and those detailed in the Audas Company Handbook. All staff will comply with all policy requirements.
- The Directors and the IT department have the responsibility for ensuring the frequent review and implementation of this policy.
- All legislative and regulatory requirements regarding computer security and IT based information confidentiality and integrity will be addressed by the IT department and the Directors as appropriate.
- All breaches of security will be reported to and initially investigated by the IT department. The IT department will investigate and the report any such breaches to the DPO so that he can determine if the ICO and/or individuals need to be notified.
- All Audas IT Systems are administered by the IT department. Only Audas equipment and users are authorised to use Audas Systems. All requirements not covered by standard Audas provisioning mechanisms need to be reviewed by the IT department.
- The IT department reserves the right to monitor, log and collect data regarding the use of the Audas systems to ensure acceptable use.
- Audas Systems are primarily Cloud or Hosted Services that meet all Audas IT department requirements and security criteria. Further information can be provided on request.
- All Audas user systems are portable devices and therefore are password protected as standard. Users have been trained to lock the devices and screensaver passwords are in use. The devices are required to be taken with the users and kept out of sight if transported in a vehicle. Staff should avoid storing sensitive data on portable equipment.
- Audas Property Management regards the secure management of the data it holds as being very important. Staff will be held accountable for any inappropriate use or mismanagement of this data.
- Audas Property Management provides practical and secure remote access to information held on its IT Systems. Any and all access to the Audas IT Systems is governed by individual roles within the business and the access rights to data that the role requires. Control of access is managed by the IT department.
- Any data that is not stored on the Audas Property Management Systems (such as stored on CDs, DVDs, USB Sticks for example), carries additional responsibilities for the individual undertaking such responsibilities. Such responsibilities include assessing the risk of such an undertaking. Such risks can be discussed with the IT department as required.
- All incidents of loss or theft of confidential information should be reported to the IT department. The IT department will then investigate and then report to the DPO. A data or security incident relating to breaches in security and/or confidentiality could range from passwords being shared to the loss of data or equipment containing data. Further information can be found in the Audas Handbook and from the IT department.
- Computer and network systems access is only via individual user accounts.
- Email is not a completely secure medium. You should be conscious of this and consider how emails might be used by others. Please refer the Audas Handbook for further details in the Internet and Email Policy.
- All users with access to the centrally managed file storage system need to be aware that for the vast majority of situations the security of the system is appropriate. The central file storage system is backed up. If additional security is required please contact the IT department.
- The use of the internet is a recognised part of the work carried out by Audas Property Management Ltd. Internet usage is covered by the Internet and Email Policy that can be found in the Audas Company Handbook.
- The IT department will ensure that all devices are provided with a centrally managed Internet Security suite. Any issues that are detected will be investigated by the IT department.
Signed: Robin Lewis – Director
Date: 14th April 2021
This policy will be reviewed at least annually to ensure that it remains up to date in respect of the legal requirements and good practice.