10. Protect Your Information
A security breach or loss of data can significantly impact on your organisation and cause serious harm across every level, from loss of capital and reputation to a loss of staff confidence and well-being.
Advances in technology means more and more information is managed and stored digitally, and it is critical that your protective measures are reviewed and updated in line with these changes. You need to know:
- Where does responsibility for information assurance/data protection lie within your organisation? Are there effective lines of communication between security managers, information security leads and senior management?
- Does your organisation have clear policies on managing information/information assurance? Does the policy identify the information risks across your organisation and applied appropriate controls?
- Are your information assurance/data protection policies widely communicated with staff across the organisation?
- How regularly is your data security policy reviewed and updated?
- Is there adequate education, awareness and training to help staff understand data protection policies and issues?
- How are data/ information breaches managed?
Information and guidance on protecting your information is available via the links below:
- Password guidance: simplifying your approach - how to improve system security with a strong password policy
- Secure destruction of sensitive items – information on the secure destruction of sensitive items.