Like all organisations we’ve been preparing for the introduction of the GDPR and new Data Protection Act 2018. We’re revising our policies and processes in line with the new legislation.
All staff are subject to the Council’s “Information Security and Acceptable Use Policy” and must complete an on-line “Data Protection and Information Security” training course (or refresher course) on an annual basis. Staff are only allowed to access personal and special information to undertake particular tasks.
All Council systems are accessed through our IT network which is maintained in accordance with the “Public Service Network Code of Compliance” which is renewed annually. We also commission twice yearly penetration tests which are administered by independent experts. Ad hoc tests are commissioned for new systems or system developments where required.
We’ve also achieved compliance with the NHS Information Governance Toolkit.
Where systems are hosted externally by suppliers, the hosting is subject to stringent, best practice standards.
The Council monitor IT supplier performance and engage in proactive account management. All our systems are backed up on a regular basis and have formal disaster recovery arrangements.