This document sets out Ashford and St Peter’s Hospitals NHS Foundation Trust’s (hereafter referred to as ‘the Trust’) Policy for the Acceptable Use of Information Technology (IT), electronic communication systems and equipment. It provides a high-level framework within which all Trust Staff, Contractors and Third Parties are expected to conduct their day-to-day activities by.
The Acceptable Use Policy (AUP) defines the principles and minimum controls necessary for protecting the Trust’s IT as well as its information and data. This Policy outlines the expectations of the Trust regarding Staff conduct with and through digital capability, and the mandatory controls that shall be followed to secure the Trust’s information throughout its lifecycle, together with any information belonging to Third Parties of which the Trust is the legitimate custodian.
Setting out the rights, responsibilities and limitations on the use of IT systems helps the Trust prevent any unauthorised or careless use which might result in adverse patient care or a data breach / loss. Due to the criticality of effective and secure use of its information and systems, all users of the Trust’s IT shall be required to read and agree to the Acceptable Use Policy before access to IT systems is granted.
|Compiled by:||Templar Executives|
|Ratified by:||The Senior Information Risk Owner (SIRO), on behalf of the St. Peter's Hospitals NHS Foundation Trust Board.|
|Date Ratified:||July 2020|
|Date Issued:||November 2020|
|Review Date:||July 2023|
|Target Audience:||All those employed by Ashford and St. Peter’s Hospitals NHS Foundation Trust in whatever capacity assigned and/or using the Trust’s IT equipment.|
|Contact name:||Morné Beck|
- IT Equipment Security Policy
- Removable Media Policy
- Communications and Information Security Policy
- Social Media Policy
- Data Protection Regulations Policy
- Information Handling and Classification Policy
- NHS Code of Practice for Confidential Information
- Records Retention and Destruction Policy
- Information Security Incident Management Policy