The purpose of this policy is to ensure that People reacts appropriately to any actual or suspected security incidents
All People staff who are responsible for dealing with customer data in any format must understand and adopt the use of this policy
This policy relates to, but is not limited to:
1.The loss or theft of data or information.
2.The transfer of data or information to those who are not entitled to receive that information.
3.Attempts (either failed or successful) to gain unauthorised access to data or information storage or a computer system.
4.Changes to information or data without consent.
5.Unwanted disruption or denial of service to a system.
6.The unauthorised use of a system for the processing or storage of data by any person.
People recognises that there are risks associated with accessing and handling data in order to conduct official People business. This policy is aimed at mitigating those risks.
Events and weaknesses need to be reported at the earliest possibility to the following email address firstname.lastname@example.org
Helpdesk support staff will asses these weaknesses to identify if they have escalated to become an incident
The accountable person within People is Sat Sindhar, Managing Director.