Add to collection(s) Add to saved
  1. History
  2. European History
  3. Renaissance (1330-1550)
  4. Feudalism

Policy for the Secure Use of USB Memory Sticks

advertisement 
Policy for the Secure Use of
USB Memory Sticks
Choice, Responsiveness, Integration & Shared Care
Worcestershire Mental Health Partnership NHS Trust Information Reader Box
Document Type:
Corporate Policy
Document Purpose:
To provide guidance on the secure use of USB memory sticks.
Unique identifier:
TC0097
Title:
Policy for the Secure Use of USB Memory Sticks
Target Audience:
All Staff
The policy provides guidance to staff on the secure use of USB
Description:
memory sticks for carrying confidential, sensitive and Person
Identifiable Data (PID) (service users & staff).
Superseded Documents:
None
Ratified by:
Governance Committee
Ratification date:
23rd March 2009
Implementation date:
23rd March 2009
Review period:
3 years
Version update date:
December 2010
Review date:
March 2012
Owner:
Director of Resources
Responsible group:
Information Governance Strategy Group
Director of Resources
Worcestershire Mental Health Partnership NHS Trust
Contact Details:
Isaac Maddox House
Shrub Hill Road
Worcester
WR4 9RW
The electronic copy of this document is the only version that is maintained.
Printed copies may not be relied upon to contain the latest updates and amendments.
Worcestershire Mental Health Partnership NHS Trust
Policy for the Secure Use of USB Memory Sticks
1. Introduction
The policy provides guidance to staff on the secure use of USB memory
sticks for carrying confidential, sensitive and Person Identifiable Data (PID)
(service users & staff).
USB memory sticks have become increasingly popular because of their
small physical size and large storage capacity. This has made them very
convenient devices for carrying files from one place to another. However,
these very features have introduced new information security risks:
•
Loss of information – a memory stick, like a computer, is susceptible to
data loss or failure.
•
Potential breach of confidentiality – if the memory stick is lost or stolen.
•
Physical loss – being so physically small the memory stick can be
easily lost.
•
Corruption of data - if the memory stick is not removed from a computer
properly.
•
Virus transmission – memory sticks can introduce viruses onto a
computer network.
2. Reducing the risk of losing information
There are two main ways of preventing the loss of information:
•
Avoid physically carrying such information
&
•
Encrypting confidential, sensitive & Person Identifiable Data
Avoidance
Confidential, Sensitive and Person Identifiable Data must not be
stored or carried on non encrypted memory sticks. Staff should use
other secure methods for carrying such information:
•
Storing information in relevant secure departmental folders on the
shared ‘M’ drive. Your departments ‘M’ drive folder can be access on
any WHICTS networked computer.
•
Using the secure e-mail system either within the WHICTS network or
the use of NHS mail to NHS mail.
•
Encrypted WHICTS issued laptop computers.
•
Using a VPN token to dial in securely to the WHICTS network from
home.
Encryption
Where a need has been identified and agreed with a team leader that an
encrypted memory stick is required to carry confidential, sensitive or PID, a
requested must be made via the ICT helpdesk for a Worcestershire Health
ICT Service approved encrypted device.
An encrypted memory stick allows information to be stored but renders the
information undecipherable unless the correct password is entered.
Encrypted memory sticks will be issued to specifically named members of
staff for their professional use. They must not share the device with other
persons. They must not share or disclose the password to other persons.
NB
Confidential, sensitive or PID carried on encrypted memory sticks
must not under any circumstance be placed on non WHICTS issued
computers.
Such information must always remain on the encrypted device and
be immediately transferred onto users departmental ‘M’ or ‘H’ drive
files and deleted from the encrypted memory stick once no longer
required to be on the device.
3. Asset register
An asset register will be maintained of all encrypted memory sticks issued.
All issued encrypted memory sticks remain the property of WMHPT and
must be returned when staff leave employment with WMHPT or no longer
need to use such a device.
4. Responsibility
All staff have a duty of care to ensure all confidential, sensitive and PID is
held securely at all times. The loss of confidential, sensitive and PID
information is extremely serious and if a member of staff is found to be
using a non-encrypted memory stick for carrying confidential, sensitive and
PID information they may be subject to disciplinary procedures.
Staff are currently permitted to use non-encrypted USB memory sticks for
carrying non confidential and sensitive information although this position
will be regularly reviewed.
All losses of confidential, sensitive and PID must be reported on the
Trust’s Sentinel incident reporting system. See incident reporting policy
guidance.
Further advice on this policy and definitions of confidential, sensitive and
PID please refer to the Trust’s information governance web page and
policies, or contact Richard Thomas, Information Governance Lead via
Richard.Thomas@worcsmhp.nhs.uk or Ruth King, WHICTS Security
Information Officer via Ruth.King@worcsacute.nhs.uk.
Related documents
Instructions:
Instructions:
April 4, 2016 Mrs. Anderson’s Class First Grade Week 30 Newsletter
April 4, 2016 Mrs. Anderson’s Class First Grade Week 30 Newsletter
Opt Out - Coastal Medical Group
Opt Out - Coastal Medical Group
Fish Sticks
Fish Sticks
Download
advertisement