Scribd
Upload
55 views2 pages

Information Security Two

The document outlines an induction plan for a new staff member at Heriot-Watt University. It details tasks to be completed before and during the induction related to information governance and security. Items to be addressed in the week before the start date include setting up access permissions, arranging keys and access to confidential information. The induction program will cover information security policies, handling personal data, physical security procedures, records management responsibilities and freedom of information compliance. The plan lists who is responsible for completing each item and includes columns to check off tasks once complete.

Uploaded by

Jennifer Shelton
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
55 views2 pages

Information Security Two

The document outlines an induction plan for a new staff member at Heriot-Watt University. It details tasks to be completed before and during the induction related to information governance and security. Items to be addressed in the week before the start date include setting up access permissions, arranging keys and access to confidential information. The induction program will cover information security policies, handling personal data, physical security procedures, records management responsibilities and freedom of information compliance. The plan lists who is responsible for completing each item and includes columns to check off tasks once complete.

Uploaded by

Jennifer Shelton
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 2

Heriot-Watt University

Information governance and security


INDUCTION PLAN FOR:

START DATE:

Use the completed column to tick off each item once it has been addressed. On completion
of induction, file this record in the local personnel file for the individual member of staff.
Security and confidentiality
WEEK BEFORE START DATE
Confirm and set up security and access permissions for university
information systems e.g. SAS, Oracle, shared drives
What areas does job holder need access to? Arrange for appropriate
office keys ready for first day
What confidential information does the job holder need access to?
What HIGH or MEDIUM risk information? Arrange briefing by
manager/information governance coordinator
Does job holder need and encrypted USB memory stick? If so get one
from Group Risk Officer
Does job holder need remote desk top access from home or access to
secure laptop or smart phone for off campus working? If so make
arrangements with IT or School/Institute IT staff
Security and confidentiality
INDUCTION PROGRAMME
Confirm receipt of completed conflict of interest declaration
Information security use University key messages document at start of
briefing about specific local information security requirements
What are the universitys expectations about maintaining security and
confidentiality? n
Personal data: e.g. student and staff personal data: security and nondisclosure requirements
Handling confidential information dos and donts see policy on secure
use of confidential information on portable media.
Specific conditions of access to HIGH and MEDIUM risk confidential
information. Permission of Head of Service required to copy or take
confidential information away from workplace. Security arrangements:
including encryption, physical security
Physical security Keep cabinets and doors locked when not working
on the information
Workstation security: lock workstation [Windows]L whenever away
from desk
Freedom of Information compliance: what everyone needs to know
refer non business- as usual requests promptly to manager or
information governance coordinator
Records and Information Management
INDUCTION PROGRAMME
Who is my information governance coordinator?
Who is responsible for managing information and records?
- designated staff
- responsibilities of role holder
Records retention schedules for this School/ Institute/ Service
Procedures for transferring records and archives to Archive, Records
Management and Museum Service
Arrangements for confidential destruction of time-expired records

WHO
Manager

COMPLETED

TIME:

COMPLETED

TIME:

COMPLETED

/var/www/apps/conversion/tmp/scratch_7/294733578.doc
http://www.dm.usda.gov/physicalsecurity/workplace.htm
http://www.idville.com/category/knowledge+center/reference+library/workplace+security+audit+checklist.do

/var/www/apps/conversion/tmp/scratch_7/294733578.doc
http://www.dm.usda.gov/physicalsecurity/workplace.htm
http://www.idville.com/category/knowledge+center/reference+library/workplace+security+audit+checklist.do

You might also like