Is it for you?
It's for all employees.
Key points
- The purpose of this policy is the protection of the confidentiality, integrity and availability of Barnardo’s information assets from threats, deliberate or accidental, internal or external.
- Barnardo’s uses ISO27001 principles to manage information security.
- The policy describes a number of key actions and outcomes that need to be in place to make sure data is secure, including having data accessible only to people inside our organisation.
- All breaches of information security and suspected weaknesses must be reported and investigated.
Your responsibilities
- It is the responsibility of all employees to comply with this policy.
- The Trustees of Barnardo’s are legally responsible for information security.
- The Director of Information Services is accountable for ensuring that cost-effective security and legal controls are implemented that are appropriately matched with identified risks. They are supported in this task by the Information Security Officer, Managers and other users of our IT Systems.
- The Information Security Officer has the role and responsibility for managing information security at an operational level. The Information Security Officer is responsible for maintaining the policy, providing advice and guidance on all matters related to the policy, reporting on and ensuring the information security management system is maintained and continually improved.
- All managers are directly responsible for implementing the policy within their operational areas, and for adherence by staff they are responsible for.
Download policy documents
Published
31 January 2019
Latest update
18 August 2023
-
18 August 2023Added the latest Information Security policy
-
23 June 2022Added the latest Information Security policy
-
1 February 2021Added the latest Information Security policy
-
28 August 2020Added the latest Information Security policy
-
8 April 2020Added the latest Information Security policy
-
31 January 2019First published