Information security policy

It's for all employees.

• The purpose of this policy is the protection of the confidentiality, integrity and availability of Barnardo’s information assets from threats, deliberate or accidental, internal or external. 
• Barnardo’s uses ISO27001 principles to manage information security.
• The policy describes a number of key actions and outcomes that need to be in place to make sure data is secure, including having data accessible only to people inside our organisation.
• All breaches of information security and suspected weaknesses must be reported and investigated.

• It is the responsibility of all employees to comply with this policy. 
• The Trustees of Barnardo’s are legally responsible for information security. 
• The Director of Information Services is accountable for ensuring that cost-effective security and legal controls are implemented that are appropriately matched with identified risks. They are supported in this task by the Information Security Officer, Managers and other users of our IT Systems. 
• The Information Security Officer has the role and responsibility for managing information security at an operational level.  The Information Security Officer is responsible for maintaining the policy, providing advice and guidance on all matters related to the policy, reporting on and ensuring the information security management system is maintained and continually improved.
• All managers are directly responsible for implementing the policy within their operational areas, and for adherence by staff they are responsible for.