• No results found

Acceptable Use Policy

N/A
N/A
Protected

Academic year: 2021

Share "Acceptable Use Policy"

Copied!
28
0
0

Loading.... (view fulltext now)

Full text

(1)

Copyright Customer Service Direct Ltd. 2011

Customer Service Direct - a partnership between BT, Suffolk County Council and Mid Suffolk District Council. Customer Service Direct Ltd. Registered in England No. 05111581

Registered Office: 81 Newgate Street, London, EC1A 7AJ

NOT PROTECTIVELY MARKED

Email Acceptable Use Policy

Document Owner

: SCC Chief Information Officer

Version

:

3.2

Date

:

May

2011

We will on request produce this policy/procedure, or

particular parts of it, in other languages and formats, in

order that everyone can use and comment upon its

content.

(2)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 2 of 28

Table of Contents

1 INTRODUCTION ... 3

1.1 PURPOSE ... 3

1.2 OBJECTIVES ... 3

1.3 SCOPE ... 3

1.4 LINKED/OTHER USEFUL POLICIES/PROCEDURES ... 3

2 RESPONSIBILITIES ... 4

2.1 SUFFOLK COUNTY COUNCIL ... 4

2.2 CSDPOLICY &COMPLIANCE TEAM ... 4

2.3 MANAGERS ... 4

2.4 USERS ... 4

2.5 EMAIL ETIQUETTE ... 5

2.6 LEGAL LIABILITY &COMPUTER MISUSE ... 7

2.7 INFORMATION SECURITY,VIRUSES,SPAM &EMAIL MONITORING ... 8

2.8 PERSONAL USE OF EMAIL ... 11

2.9 EMAIL RECORDS MANAGEMENT ... 12

2.10 AUTOMATIC EMAIL FORWARDING ... 13

2.11 OUT-OF-OFFICE MESSAGES ... 14

2.12 ACCESSING MAILBOXES OF USERS ... 15

2.13 MANAGING PERSONNEL CHANGES ... 17

2.14 MANAGING COUNCILLOR CHANGES ... 18

2.15 TEAM MAILBOXES ... 18

2.16 PUBLIC FOLDERS ... 19

2.17 GOVERNMENT CONNECT SECURE EXTRANET (GCSX)MAILBOXES ... 19

3 SIGNATURES FOR EMAIL & DISCLAIMERS ... 20

3.1 SUFFOLK COUNTY COUNCIL EMPLOYEES ... 20

3.2 SUFFOLK COUNTY COUNCILLORS ... 22

3.3 EMPLOYEES WORKING FOR CUSTOMER SERVICE DIRECT (CSD) ... 23

3.4 EMPLOYEES OF SUFFOLK COUNTY COUNCIL WORKING FOR OR ON BEHALF OF OTHER ORGANISATIONS (E.G.JOINT EMERGENCY PLANNING UNIT) ... 24

4 FURTHER ADVICE ... 27

5 GOVERNANCE ... 27

(3)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 3 of 28

1 INTRODUCTION

1.1 Purpose

1.1.1 The purpose of this policy it to describe the etiquette and standards that users are expected to observe when using email facilities provided by Suffolk County Council (SCC) and ensure that users are aware of the consequences of inappropriate use.

1.2 Objectives

1.2.1 The primary objectives of this policy are:

• To set the expectations for email etiquette and establish email management standards;

• To help comply with the legal requirements for email management and protect SCC, Councillors, employees and our partner organisations against litigation; • To support the delivery of more efficient and effective front-facing services by

providing timely access to full and accurate email records;

• To minimise information storage and administration costs by ensuring the timely and secure disposal of expired emails;

• To support the SCC Acceptable Use of ICT Policy.

1.3 Scope

1.3.1 This policy applies to the use of ICT facilities to send, receive and manage email messages (and attachments) and is applicable to SCC Councillors, the employees of SCC, any partners, voluntary groups, third parties and agents who SCC employees have authorised to access ICT facilities and staff seconded to, or working for, Customer Service Direct (CSD), including contractors and vendors with access to ICT systems. For the purposes of this Policy all these individuals are referred to as ‘user’ or ‘users’.

1.4 Linked/Other useful policies/procedures

1.4.1 This policy should be read in conjunction with the: • SCC Acceptable Use of ICT Policy;

• SCC Password Management Policy; • SCC ICT Remote Working Policy; • SCC Software Policy;

• SCC Removable Media Policy;

• SCC Information Security Incident Management Policy; • SCC Information Security Policy;

(4)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 4 of 28

2 RESPONSIBILITIES

2.1 Suffolk County Council

2.1.1 Training - SCC will train users in the appropriate use and management of email.

Training for Councillors will be provided as part of the Councillors’ Learning and

Development Programme.

2.2 CSD Policy & Compliance Team

2.2.1 Implementation and Monitoring of Policy - The CSD Policy & Compliance Team has been tasked to implement this policy and monitor its effectiveness.

2.3 Managers

2.3.1 Induction, Training and Support - Managers are responsible for ensuring that adequate induction and training is undertaken by staff and that support is provided to them so as to implement this policy.

The Monitoring Officer is responsible for ensuring that adequate induction and training is undertaken by Councillors and that support is provided to them so as to implement this policy.

2.3.2 User Access - Managers are responsible for ensuring the users they have approved and authorised to access Council Networks, ICT facilities and equipment are aware of and comply with this policy.

For Councillors, approvals and authorisations will be provided by the Head of Scrutiny and Monitoring.

2.4 Users

2.4.1 Training - All users should attend the relevant training course. Outlook training is also available via the corporate training programme.

Training for Councillors will be provided as part of the Councillors’ Learning and

Development Programme.

2.4.2 Breach of this Policy - Users found to be in breach of this policy may be disciplined in accordance with the SCC Conduct and Capability Policy and the SCC

Harassment & Bullying Policy. In certain circumstances, breach of this policy may

(5)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 5 of 28

Councillors found to be in breach of this policy may be deemed to be a breach of

the Members’ Code of Conduct leading to action by the Standards Committee. 2.4.3 Breach of Information Security - Users must report all suspected breaches of

information security to the CSD Policy & Compliance Team via the CSD IT Helpdesk using the Information Security Incident report form on COLIN.

2.4.4 User Email Accounts – Users will be allocated one business email account only except where they work for more than one organisation (see 2.4.5). In addition there may be business cases where, due to data security issues, an additional email account is required. Assistant Directors and/or Strategic Information Agents must formally approve each business case.

For Councillors, approvals and authorisations will be provided by the Head of Scrutiny and Monitoring.

The CSD Policy & Compliance Team must be made aware of any such approvals via ICT Self Service. The CSD Policy & Compliance Team will provide final approval where appropriate.

2.4.5 Users Working For More Than One Organisation – Where a user works for more than one organisation (e.g. SCC and CSD) they may be provided with a separate mail account for each organisation. The CSD Policy & Compliance Team will provide final approval where appropriate.

2.4.6 Users Moving from One Organisation to Another – Where a user moves from one organisation to another (e.g. SCC to CSD) they will be provided with a new mail account for the new organisation. (see 2.13 Managing Personnel Changes) 2.4.7 Users Moving from One Directorate or Department to Another – If a user

moves from one directorate or department to another within the same organisation then they may be provided with a new mail account dependent on the information security risk of keeping the original mail account. The CSD Policy & Compliance Team will provide final approval where appropriate. (see 2.13 Managing Personnel Changes)

2.5 Email Etiquette

2.5.1 Alternatives to Email - Do not use email as the only method of communication. A face-to-face meeting or telephone conversation may be more suitable for sensitive or complex issues.

2.5.2 Numbers of Emails - People feel overwhelmed by the number of emails they receive. Keep the use of email to a minimum.

2.5.3 Plain English - Maintain a concise, professional standard of communication using plain English.

(6)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 6 of 28

2.5.4 Standard Font, Size and Colour - If using formats other than plain text, users must select as standard the font – Arial, size – 12, colour – black, using capitals and lowercase as normal. (Note: the standard size can be increased from 12 where visual clarity is required). The CSD IT Helpdesk can assist users in changing their settings.

2.5.5 Spell Check - Email applications should be set up to automatically spell check before sending email. The CSD IT Helpdesk can assist users in changing their settings.

2.5.6 Single Topic and Facts - Restrict email to a single topic, and only record facts and evidence-based opinions. This facilitates better corporate record-keeping.

2.5.7 Personal and Business Content - Do not mix personal and business content within the same email.

2.5.8 Email Distribution - Only distribute emails to colleagues who need to receive the message. Where feasible, make it clear what you are expecting recipients to do, and to what timescale e.g. “For Information” or “For Action by dd/mm/yyyy”. Users do not always need to “Cc” colleagues or “Reply to all”.

2.5.9 Blind Copies (bcc) - In the interests of transparency and accountability, “Blind” copies (bcc) must not be used. The only exception is when sending mail to a large distribution list and it is appropriate to hide the individual email addresses to protect privacy.

2.5.10 Email Title - Give emails a meaningful title in the Subject field and include the appropriate Protective Marking Level (see SCC Protective Marking Policy). Re-title an email before forwarding if appropriate.

2.5.11 Emails to ‘All Staff’ - Do not attempt to send an email message to all members of the organisation – the Internal Communications team will do this if appropriate1. 2.5.12 Email Response - Reply to emails as soon as possible if the sender requires a

response. Do not assume that a sent message has been read.

2.5.13 Read Receipts - Only request read receipts where it is absolutely necessary. Do not set request read receipts as a default.

1

Check with the Internal Communications team to see if email is the best method of getting your message across. Consider the following points: What is the intended result of the communication exercise? What needs to be communicated? Have you used plain English? Who does it need to be communicated to? When does it need to be communicated? Who needs to communicate it? Have you included details of the sender, their role & contact information in the footer? Have you included the phrase “Please do not hit ‘Reply’ to respond to this email, contact the individual named above”?

(7)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 7 of 28

2.5.14 Large Emails - Do not send large emails (e.g. mails with large attachments) because they fill up their recipients’ mailbox (see Email Records Management). 2.5.15 Outlook Calendars - Users must keep their outlook calendar up to date and

ensure that it is accessible on a read-only basis to other users in their organisation, amending the access permissions as appropriate. The CSD IT Helpdesk can assist users in changing their settings, and in hiding from general view any private appointments.

In order to appropriately separate the diary activities of Councillors and staff, the default will be that the outlook calendars of Councillors and staff will not be open to each group.

2.6 Legal Liability & Computer Misuse

2.6.1 Formal Business Wording - Give emails the same level of attention as drafting a formal letter. Emails could commit SCC to an agreement with suppliers and other third parties or provide evidence of harassment, defamation, libel and discrimination if worded incorrectly.

2.6.2 Personal or Non-Work Email Accounts - Users must not use a personal or non-work email account to send or receive business emails.

2.6.3 Users must not:

• use a false identity in emails nor use email for the creation or transmission of anonymous messages;

• create emails, or alter a message and then forward it, with the intention of deceiving the recipient;

• create, transmit, or forward any illegal, offensive, obscene or indecent images, data, or other material, or any data capable of being resolved into obscene or indecent images;

• create, transmit, or forward material that is designed or likely to cause annoyance, inconvenience or needless anxiety;

• create, transmit, or forward material that is designed to or would conflict with the business, or undermine the business in any way;

• create, transmit, or forward emails containing customers personal information, or information that is commercially sensitive, to a personal or non-work email account or to a work email account where the user does not require it for a legitimate business use.

2.6.4 Sensitive Personal Data - Do not include sensitive personal data within emails. For more information on Data Protection please contact the Information Management Services Helpdesk, or see Managing Information on COLIN. Sensitive personal data is defined as:

• Racial or ethnic origin; • Political Opinions;

(8)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 8 of 28

• Religious Beliefs (or other beliefs of a similar nature); • Membership of a trade union;

• Physical or mental health condition; • Sexual life;

• Criminal convictions / alleged offences.

2.6.5 In addition to the sensitive personal data listed above, as specified by the Data Protection Act, staff should be mindful of all of the characteristics protected under the Equality Act 2010 (age, disability, gender, gender reassignment, marriage and civil partnerships, pregnancy and maternity, race, religion or belief and sexual orientation). Staff should only make reference to these characteristics in e-mails where it is necessary and relevant to do so, and should mark such e-mails PROTECT.

2.6.6 Payment Card Data - You must not include or request Credit or Debit card numbers within emails. If you receive an email containing a Credit or Debit card number you must delete it immediately. Credit or Debit card numbers include the ‘long’ card/account number (PAN), the Card Security Code (CSC – number printed on reverse of card) and the PIN number. If you process Credit or Debit card payments in the course of your work, you must do this in accordance with the Payment Card Industry Data Security Standard (PCI DSS) and any job-specific guidance on handling payment card data. Your line manager can provide you with job-specific guidance on handling payment card data.

2.7 Information Security, Viruses, Spam & Email Monitoring

2.7.1 Temporarily Away From Desk - Users must log out from or lock their PC when temporarily away from their desk to prevent unauthorised use of email accounts. This applies wherever the user is located at the time of use (e.g. home or office). 2.7.2 PROTECT, RESTRICTED or CONFIDENTIAL Information - Do not send

PROTECT, RESTRICTED or CONFIDENTIAL information by unencrypted email, particularly to an external recipient if accidental disclosure could lead to significant harm or embarrassment. Where possible do not use data that makes it easy to identify individuals e.g. Use initials instead of names. Please refer to COLIN for details of how to send encrypted email. For further advice on when encrypted email should be used please contact Information Management Services. Please refer to the Acceptable Use of ICT Policy for Third Party Access to Data.

2.7.3 Encrypting Email - The transmission of sensitive, RESTRICTED, or CONFIDENTIAL information should be limited to exceptional circumstances. In these exceptional circumstances the encryption service must be used. The encryption service should not be used for the routine exchange of information. Please refer to COLIN for details of how to send encrypted email. For further advice on when encrypted email should be used please contact the Information Compliance Helpdesk.

(9)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 9 of 28

2.7.4 Protective Marking Categorisation of Messages – When creating an email, the information contained within it must be assessed and classified by the owner according to the content. All emails should be protectively marked in accordance with the SCC Protective Marking Policy. The marking classification will determine how the email, and the information contained within it, should be protected and who should be allowed to access it. How it is handled, published, moved and stored will also be dependant on this scheme.

The owner should add the classification of the email in CAPITALS to the start of the subject line of the email e.g. PROTECT: Normal Title of Email, or RESTRICTED: Normal Title of Email. NOT PROTECTIVELY MARKED may be used but this is not an absolute requirement (see also SCC Protective Marking Policy).

2.7.5 Suspicious Activity - Do not open any email from an unrecognised source or emails that have dubious or missing subject lines. Do not open unsolicited email attachments unless sure of the source. Disable the preview pane within Outlook to minimise the risk of opening an infected email. Report any suspicious activity to the CSD Policy & Compliance Team via the CSD IT Helpdesk immediately.

2.7.6 Unwanted Emails - Report all problems with unwanted emails, including any received that are defined in paragraphs 2.6.3 and 2.6.4, to the CSD Policy & Compliance Team via the CSD IT Helpdesk immediately. Do not forward these to any other person unless requested by the CSD IT Helpdesk or the CSD Policy & Compliance Team. Never send or forward chain email messages or virus warnings. The vast majority are bogus and they waste user’s time and network bandwidth. 2.7.7 Personal Messages - Do not forward emails containing anyone’s personal

messages without their permission.

2.7.8 Copyright - Do not forward material via email in breach of copyright.

2.7.9 Inspection of Email Records - Users must comply with a request from a manager to inspect email records and/or to printout items relevant to a particular individual, case or subject. This will only be requested when required under the Data Protection Act, under a Freedom of Information request, as allowed for in the Sections Email Monitoring and Accessing Mailboxes of Users of this policy or for other legitimate business reasons. Deletion of relevant emails following such a request may be a criminal offence.

For Councillors, requests will be made by the Head of Scrutiny and Monitoring. 2.7.10 Email will be checked if:

• There is reasonable cause to believe the user has violated or is violating this policy, any guidelines or procedures established to implement this policy;

• An email account appears to be engaged in unusual or unusually excessive activity;

(10)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 10 of 28

• It is necessary to do so to protect the integrity, security, or functionality of ICT resources or to protect SCC or its partners from liability;

• Establishing the existence of facts relevant to the business;

• Ascertaining or demonstrating standards which ought to be achieved by those using the email facilities;

• Preventing or detecting crime;

• Investigating or detecting unauthorised use of email facilities; • Ensuring effective operation of email facilities;

• Determining if communications are relevant to the business (for example, in the last resort where an employee is off sick or on holiday and business continuity is threatened);

• It is otherwise permitted or required by law.

2.7.11 Monitoring - Any necessary monitoring will be carried out in accordance with the Information Commissioner’s Office (ICO) Code of Best Practice on Monitoring

Employees.

2.7.12 Violation of this Policy - Where an individual has reasonable cause to believe that another user has violated, or is violating this policy, or any guidelines, or procedures established to implement this policy then they shall in the first instance inform a Senior Manager who may refer the matter to the HR Professional Services Team (via the HR Helpdesk) for investigation under the SCC Conduct and

Capability Policy see 2.4.2. If the HR Professional Services Team advise the Senior

Manager that email use needs to be checked in accordance with 2.7.10 then the Senior Manager should refer this to the CSD Policy & Compliance Team directly or via the CSD IT Helpdesk. In these circumstances the checks may necessitate the immediate suspension of the user’s access to relevant Council Networks, ICT facilities and equipment, ICT systems and applications in order that any potential evidence is not compromised.

Where an individual has reasonable cause to believe that a Councillor has violated, or is violating this policy, or any guidelines, or procedures established to implement this policy then they shall in the first instance inform a Senior Manager who should refer the matter on to the Head of Scrutiny and Monitoring for investigation. If the Head of Scrutiny and Monitoring advises that use needs to be checked in accordance with 2.7.10 then they should refer this to the CSD Policy & Compliance Team. In these circumstances the checks may necessitate the immediate suspension of the Councillor’s access to relevant Council Networks, ICT facilities and equipment, ICT systems and applications in order that any potential evidence is not compromised.

2.7.13 User Access Suspension - If the HR Professional Services Team advise the Senior Manager that the user’s access to Council Networks, ICT facilities and equipment, ICT systems and applications needs to be suspended in order that use can be checked in accordance with 2.7.10 then the Senior Manager should refer this to the CSD Policy & Compliance Team directly or via the CSD IT Helpdesk.

(11)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 11 of 28

Councillor User Access Suspension – If the Head of Scrutiny and Monitoring

advises that the Councillor’s access to Council Networks, ICT facilities and equipment, ICT systems and applications needs to be suspended in order that use can be checked in accordance with 2.7.10 then they should refer this to the CSD Policy & Compliance Team.

2.7.14 Automatic Email Monitoring - SCC will apply automatic message monitoring, filtering and rejection systems as appropriate and deny transmission or receipt of messages with content that represents a threat to the ICT network or is unacceptable in the terms of this and other corporate policies. An ICT administrator may examine messages placed in quarantine, and forward or delete them as appropriate.

2.8 Personal Use of Email

2.8.1 Personal Use - Limited personal email use by Councillor’s, or in an employee’s own time at work is permitted, but this must comply with the Acceptable Use of ICT

Policy.

2.8.2 Multimedia Attachments - Do not use corporate email systems to send or receive multimedia attachments that are not related to work e.g. containing images, video or sound clips.

2.8.3 Users must not use the corporate email systems to send: • personal adverts;

• personal sponsorship requests; • personal appeals; or

• details of events that are not corporately supported.

2.8.4 Title Mail as Personal - Clearly title personal email and email folders as “personal” to reduce the risk of administrators inadvertently viewing private, non-work email. Delete personal mail from SCC systems as soon as possible.

2.8.5 Personal and Business Content - Do not mix personal and business content within the same email.

2.8.6 Registering with any Organisation or Web-Site - Do not use your work email account as the registration mail address when registering with any organisation or web-site for personal use.

2.8.7 Management of Personal Emails - Personal emails should be managed as if they are non-records (see 2.9.7).

(12)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 12 of 28

2.9 Email Records Management

2.9.1 Size of Mailbox - Users are responsible for keeping control of the size of their mailbox by managing their emails and all email folders (including their inbox, sent and deleted items). Users must operate within a mailbox limit of 100 megabytes (MB).2 There may be business cases where, for operational reasons, this limit needs to be exceeded. Assistant Directors and/or Strategic Information Agents must formally approve each business case and keep to a minimum any operational exceptions.

For Councillors, approvals and authorisations will be provided by the Head of Scrutiny and Monitoring.

The CSD Policy & Compliance Team must be made aware of any such approvals using the Request for a Mailbox Size Increase. The CSD Policy & Compliance Team will provide final approval where appropriate.

2.9.2 Email Records - Email records must be saved in accordance with the SCC

Freedom of Information & Records Management Policy, either as a hardcopy

printout or as electronic .msg file on a shared file-server alongside related business documents and spreadsheets. Email records should be saved for business needs only, not for defensive filing purposes. For more information on records, non-records and managing them see the Essential Guidance to Managing Electronic

Records on COLIN, or contact the Information Compliance Helpdesk for further

details.

2.9.3 Outlook Personal Folders (PST Files) - Email records must not be stored within Outlook personal folders (or PST files), as these are generally inaccessible to other people. Do not use the Outlook Auto-archiving function to manage email records. Users who currently use personal folders (or PST files) for records must migrate the emails contained within to a shared file system and delete all folders. In exceptional circumstances additional storage or archiving functionality can be purchased where there is a clear business need. If however, following determination that there is not a clear business need and that the personal folders are not migrated following a request to do so, then ICT will remove any folders that are not deleted. Assistant Directors and/or Strategic Information Agents must formally approve each business case for additional storage or archiving functionality and keep to a minimum any operational exceptions. The CSD Policy & Compliance Team must be made aware of any such approvals via ICT Self Service. The CSD Policy & Compliance Team will provide final approval where appropriate.

2

You can find out how big your mailbox is by right-hand clicking “Outlook Today – Mailbox – Your name” and selecting “Properties for Mailbox – Your Name”. Select “Folder Size” and note the Total Size (Fld+SubFld). The number is in kilobytes. Divide by a 1000 to gain an approximation of the number of megabytes e.g. 75366K = 75 MB.

(13)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 13 of 28

2.9.4 Service Area Saving Conventions - Conventions should be established within each service area to determine who saves what and when to reduce duplication e.g. the author of an internal mail and the primary recipient of an external mail has the responsibility to file it.

2.9.5 Records Retention - Email records must be kept for an appropriate period according to their content. Information Agents or the Information Compliance Helpdesk can help in applying the Corporate Records Retention Guidelines.

2.9.6 Email Non-Records – Email business non-records must not be stored within Outlook personal folders (or PST files) and should remain in your mailbox. Users who currently use personal folders (or PST files) for business non-records must migrate the emails contained back to their mailbox and delete all personal folders. If however, the personal folders are not migrated following a request to do so, then ICT will remove any folders that are not deleted. It may be necessary to keep three months’ worth of email business non-records in your mailbox in order to provide context for current tasks however these must be deleted promptly and within 3 months of receipt or sending.

2.9.7 Personal Emails - Personal emails must not be stored within Outlook personal folders (or PST files) and should remain in your mailbox. Users who currently use personal folders (or PST files) for personal emails must migrate the emails contained back to their mailbox and delete all personal folders. If however, the personal folders are not migrated following a request to do so, then ICT will remove any folders that are not deleted. All personal emails must be deleted promptly and within 1 month of receipt or sending.

2.9.8 Attachments - Try not to send attachments with internal emails. Where there are no technical barriers, save the file to a shared file-server and send a short cut by email, use the Electronic Document Management System (if available) or ask a web editor to place the file on the intranet and send a link.

2.9.9 Large Attachments - Do not send attachments on the corporate network larger than 10MB.

2.10 Automatic Email Forwarding

2.10.1 Email Forwarding to an External Email Address - Do not set up an automatic email forwarding rule to an external email address. It is recommended that use is made of the Outlook Web Access service for those users who need to access emails away from the office.

2.10.2 Email Forwarding to a CSD user - If you are a SCC user do not set up an automatic email forwarding rule to a CSD user, or vice versa.

(14)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 14 of 28

2.10.3 Email Forwarding if Leaving Employment - Where a user is leaving the employment of SCC then they may set up an automatic email forwarding rule to another team member, their line manager or a team mailbox prior to leaving however their mail account will be closed when they leave. (see Managing

Personnel Changes)

2.10.4 Email Forwarding if Absent - Where a user is absent and unable to set up an automatic email forwarding rule (e.g. due to sickness) a request that one is set up to another team member, or a team mailbox can be made by contacting the CSD IT Helpdesk. Such requests should be from the line manager of the user who is absent. If the line manager is the user who is absent then the request needs to be from the next higher level manager. If in addition access is required to the user’s email account this can be requested by their line manager (see Accessing

Mailboxes of Users).

For Councillors, approvals and authorisations will be provided by the Head of Scrutiny and Monitoring.

The CSD Policy & Compliance Team will provide final approval where appropriate. 2.10.5 GCSx Email Forwarding - If you are a GCSx user do not set up an automatic

email forwarding rule to a non GCSx user.

2.11 Out-of-Office Messages

2.11.1 Use of Out-of-Office Messages - Users should set out-of-office messages prior to all periods of leave or absence and remove them immediately upon their return. An out-of-office message should not be set when a user is working from home and has access to email as they are available to receive and respond to emails in the usual way. Out-of-office messages should not be used for any other purpose.

2.11.2 Out-of-Office Message Content - Alternative contact details for urgent enquiries must be provided e.g. “I am out of the office between 1st and 3rd July. Please contact John Smith on XXXXX XXXXXXX (john.smith@suffolk.gov.uk) for urgent matters relating to recycling or Jane Jones on XXXXX XXXXXX (jane.jones@suffolk.gov.uk) for enquiries regarding waste disposal.”

2.11.3 Managers Out-of-Office Messages - Managers should detail a named alternative contact in their out-of-office message and not simply refer people to generic mail accounts, or helpdesks.

2.11.4 Personal Details - Personal details about holiday, leave or sickness must not be revealed within out-of-office messages.

2.11.5 Alternative Contacts - If you are a SCC user do not set an out-of-office message detailing a CSD user as an alternative contact, or vice versa.

(15)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 15 of 28

2.11.6 Internal & External Out-of Offices Messages - Out-of-office messages should be set for all internal and external contacts. Certain versions of Outlook require the setting up of 2 types of out-of office message, one internal and the other external. Other versions of Outlook require one type of out-of-office message which is then sent to all internal and external contacts.

2.11.7 Setting an Out-of-Office Message if Absent - Where a user is absent and unable to set an out-of-office message (e.g. due to sickness) a request that one is set up can be made by contacting ICT Self Service. Such requests should be from the line manager of the user who is absent. If the line manager is the user who is absent then the request needs to be from the next higher level manager. The out-of-office message should warn the sender of the user’s absence, including timescales where possible and provide alternative contact details. If in addition access is required to the user’s email account this can be requested by their line manager (see

Accessing Mailboxes of Users). Please note that a request for setting an

out-of-office message where the user has just forgotten to do so will not in normal circumstances be actioned.

For Councillors, approvals and authorisations will be provided by the Head of Scrutiny and Monitoring.

The CSD Policy & Compliance Team will provide final approval where appropriate. 2.11.8 Professional Email Group Subscriptions - Users should unsubscribe from any

professional email groups while away or when they leave the employment of SCC to avoid sending out-of-office or undeliverable messages to forum members.

2.12 Accessing Mailboxes of Users

2.12.1 Access Permission - Do not attempt to gain access to any other user’s email mailbox without their permission.

2.12.2 Access to a User Mailbox where the User is Absent and has Granted

Permission - Where the user is absent (e.g. due to sickness), has granted

permission to access their email mailbox however is unable to set this up themselves, the set up can be requested via ICT Self Service). The request must be from the line manager of the person requiring access detailing the business need to do so. If the line manager is the user who is absent then the request needs to be from the next higher level manager. Managers should be aware that access would be time limited and strictly limited to business email.

For Councillors, approvals and authorisations will be provided by the Head of Scrutiny and Monitoring.

(16)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 16 of 28

2.12.3 Access to a User Mailbox where the User is Absent and Unable to Grant

Permission - Where the user is absent and unable to provide permission to access

their email mailbox do not attempt to gain access without the express permission of the CSD Policy & Compliance Team (available via ICT Self Service). Such requests should be from the line manager of the person requiring access detailing the business need to do so. If the line manager is the user who is absent then the request needs to be from the next higher level manager. Managers should be aware that such permission would only be granted in the last resort in the interests of business continuity, that access would be time limited and strictly limited to business email.

For Councillors, approvals and authorisations will be provided by the Head of Scrutiny and Monitoring.

The CSD Policy & Compliance Team will provide final approval where appropriate. 2.12.4 Access to a User Mailbox where the User is Absent for a Long Period so as to

Manage their Mailbox Prior to Return - Where the user has been absent for a

long period (over 1 month) access to their email mailbox can be requested in order that unnecessary emails can be deleted and the mailbox managed prior to the user’s return to work. In these cases express permission needs to be granted by the CSD Policy & Compliance Team (available via ICT Self Service). Such requests should be from the line manager of the person requiring access detailing the business need to do so. If the line manager is the user who is absent then the request needs to be from the next higher level manager. Managers should be aware that access would be time limited and strictly limited to business email.

For Councillors, approvals and authorisations will be provided by the Head of Scrutiny and Monitoring.

The CSD Policy & Compliance Team will provide final approval where appropriate. 2.12.5 Access to a User Mailbox where the User is Absent so as to Check for any

Inappropriate or Sensitive Emails - Where the user has been absent access to

their email mailbox can be requested in order to check for any inappropriate or sensitive emails that may require deletion prior to the user’s return to work. In these cases express permission needs to be approved by the CSD Policy & Compliance Team (available via ICT Self Service). Such requests should be from the line manager of the person requiring access detailing the business need to do so. If the line manager is the user who is absent then the request needs to be from the next higher level manager. Managers should be aware that access would be time limited and strictly limited to business email.

For Councillors, approvals and authorisations will be provided by the Head of Scrutiny and Monitoring.

(17)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 17 of 28

2.12.6 Access to a User Mailbox where the User Changes Roles or is Leaving

Employment - Where the user changes roles or leaves the employment of SCC

and their email account is closed down do not attempt to gain access to the closed email account without the express permission of the CSD Policy & Compliance Team (available via ICT Self Service). Such requests should be from the line manager of the person requiring access detailing the business need to do so. If the line manager is the person who is changing roles or leaving then the request needs to be from the next higher level manager. Managers should be aware that such permission would only be granted in the last resort in the interests of business continuity, that access would be time limited and strictly limited to business email. For Councillors, approvals and authorisations will be provided by the Head of Scrutiny and Monitoring.

The CSD Policy & Compliance Team will provide final approval where appropriate.

2.13 Managing Personnel Changes

2.13.1 Management of Email Records where the User Changes Roles or Moves from

one Organisation to Another or is Leaving Employment - Users must ensure

that all email records are transferred to their manager if they change roles within the organisation, or if they move from one organisation to another and the records are no longer required for the new role, or if they leave the employment of SCC. All personal messages must be removed from their account.

2.13.2 Deletion of a User who Leaves Employment - If a user leaves SCC, it is the manager’s responsibility to ensure that CSD ICT is informed immediately by logging a Delete User Account request via ICT Self Service so that they revoke access rights and shut down the personal email account as soon as the user has left. For audit purposes, the contents of the mailbox will be kept for a 3 month period after the user has left before it is deleted.

2.13.3 Notification to Contacts of a User who is Leaving Employment - If notice is worked out the user should be asked to inform all business and personal contacts when they will be leaving and who should be contacted instead.

2.13.4 Notification to Contacts of a User Changing Roles or Leaving Employment

where the User is Dealing with Issues where Responses are Awaited - Where

the user changes roles or leaves the employment of SCC and is dealing with issues where responses are awaited which would be sent to their email account, the user or their line manager should ensure that all relevant contacts are made aware that no future responses should be sent to that individual and provide an alternative email address.

2.13.5 Informing ICT that a User is leaving the Employment of SCC quickly or is on

Discretionary Leave – If a user is leaving the employment of SCC quickly (e.g.

(18)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 18 of 28

to have the access rights revoked and the personal email account shut down due to potential information security/integrity risks, it is the Assistant Director’s responsibility to ensure that the CSD Policy & Compliance Team are contacted immediately.

2.13.6 User Leaving Employment - If the user leaves the employment of SCC then see

2.10 Automatic Email Forwarding and 2.12 Accessing Mailboxes of Users. 2.14 Managing Councillor Changes

2.14.1 Management of Email Records where a Councillor’s Role Changes Within the

Council or their Term of Office Ends - Councillors must ensure that all email

records are transferred to the Head of Scrutiny and Monitoring if the Councillor’s term of office ends, or if their role changes within the Council and the records are no longer required for the new role.

2.14.2 Informing ICT when a Councillor’s Term of Office Ends - The Head of Scrutiny and Monitoring is responsible for ensuring that CSD ICT is informed immediately when a Councillor’s term of office ends, by logging a Delete User Account request via ICT Self Service so that access rights can be revoked and the personal email account shut down as soon as the Councillor has left. For audit purposes, the contents of the mailbox will be kept for a 3 month period after the Councillor has left before it is deleted.

2.15 Team Mailboxes

2.15.1 Requests to Set Up a Team Mailbox - Where there is a business need a request to set up a team mailbox can be made via ICT Self Service. The line manager of the team needs to make the request. An ‘owner’ for the Team Mailbox also needs to be stated.

For Councillors, approvals and authorisations will be provided by the Head of Scrutiny and Monitoring.

The CSD Policy & Compliance Team will provide final approval where appropriate. 2.15.2 Size of Mailbox – The ‘owner’ of the Team Mailbox is responsible for keeping

control of the size of the mailbox by managing the emails and all email folders (including the inbox, sent and deleted items). The ‘owner’ must operate within a mailbox limit of 100 megabytes (MB).3 There may be business cases where, for operational reasons, this limit needs to be exceeded. Assistant Directors and/or

3

You can find out how big your mailbox is by highlighting the Team Mailbox under All Mail Folders, then right-hand clicking and selecting “Properties for Mailbox – the Team

Mailbox”. Select “Folder Size” and note the Total Size (Fld+SubFld). The number is in kilobytes. Divide by a 1000 to gain an approximation of the number of megabytes e.g. 75366K = 75 MB.

(19)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 19 of 28

Strategic Information Agents must formally approve each business case and keep to a minimum any operational exceptions.

For Councillors, approvals and authorisations will be provided by the Head of Scrutiny and Monitoring.

The CSD Policy & Compliance Team must be made aware of any such approvals using the Request for a Mailbox Size Increase. The CSD Policy & Compliance Team will provide final approval where appropriate.

2.15.3 Auto Forwarding by Team Members to and from a Team Mailbox - Auto forwarding of mail to and from the team mailbox by the team membership can be set up however this should be managed appropriately and kept to a minimum due to mailbox size and storage restrictions.

2.16 Public Folders

2.16.1 Use of Public Folders – SCC is phasing out the use of Public Folders and no new Public Folders will be created.

2.16.2 Public Folder Management - The ‘owner’ of an existing Public Folder is responsible for keeping control of the Public Folder and ensuring that its use is phased out in order that it can be deleted by 1st April 2011.

2.17 Government Connect Secure eXtranet (GCSx) Mailboxes

2.17.1 GCSx Mailbox Format – All emails sent via the Government Connect Secure eXtranet (GCSx) must be sent using a @suffolk.gcsx.gov.uk address.

2.17.2 RESTRICTED Information – Emails sent outside this Council network travel over the public communications network and are liable to interception or loss. There is a risk that copies of the email are left within the public communications system. Therefore any emails containing RESTRICTED information must not be sent outside of the Council network, unless encrypted, or sent from a GCSx email account.

2.17.3 Addressing Emails – Care should be taken when addressing all emails, but particularly where they include PROTECT or RESTRICTED information, to prevent accidental transmission to unintended recipients.

2.17.4 External Email Messages via GCSx Connection – Where GCSx email is available to connect sender and receiver of the email message, this must be used for all external email use between those parties.

2.17.5 GCSx Email Forwarding - If you are a GCSx user you must not set up an automatic email forwarding rule to a non GCSx user.

(20)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 20 of 28

2.17.6 Requests to Set Up a GCSx Mailbox - Where there is a business need a request to set up a GCSx mailbox for a user or team can be made via the ICT Service Catalogue. The line manager of the user or team needs to make the request. The Section 151 Officer is responsible for approving the request.

The CSD Policy & Compliance Team will provide final approval where appropriate. 2.17.7 GCSx Mailbox Creation – Where a user has been approved to be provided with a

GCSx mailbox, in accordance with paragraph 2.17.6, then their normal mail account will be amended to a GCSx one; the user will not be provided with a separate GCSx mailbox. There may be business cases where, for operational reasons, a separate GCSx mailbox is required. Assistant Directors must formally approve each business case however the request to set up the mailbox must also be approved by the Section 151 Officer in accordance with paragraph 2.17.6.

The CSD Policy & Compliance Team will provide final approval where appropriate. 2.17.8 GCSx Mailboxes and the SCC Webmail and Blackberry Services – Where a

user has been approved to be provided with a GCSx mailbox, in accordance with paragraph 2.17.6, then, for reasons of information security, currently they will be barred from using the SCC Webmail (OWA) and Blackberry Services. In addition a user is not authorised to have ‘send as’ or ‘send on behalf of’ permissions to a GCSx mailbox unless that user also has a GCSx mailbox.

3 SIGNATURES FOR EMAIL & DISCLAIMERS 3.1 Suffolk County Council Employees

3.1.1 Email Footer Statement - All emails that are sent to external email addresses will automatically include the following statement in the footer:

• Emails sent to and from this organisation will be monitored in accordance with the law to ensure compliance with policies and to minimize any security risks. • The information contained in this email or any of its attachments may be

privileged or confidential and is intended for the exclusive use of the addressee. Any unauthorised use may be unlawful. If you receive this email by mistake, please advise the sender immediately by using the reply facility in your email software.

The following email signature must be used by Suffolk County Council employees:

3.1.2 Standard Email Signature - Users must not include logos, animation, scanned images, home addresses, personal email addresses or personal telephone numbers in their standard email signature.

3.1.3 Standard Email Background - The background of emails must be white and with no patterns.

(21)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 21 of 28

3.1.4 Standard Email Signature Font, Size and Colour – If using formats other than plain text, users must select as standard the font – Arial, size – 12, colour – black, using capitals and lowercase as normal. (Note: the standard size can be increased from 12 where visual clarity is required). The CSD IT Helpdesk can assist users in changing their settings.

3.1.5 Standard Email Signature - Users must use the following corporate text for their email signature. All of the text below should be copied into an email signature box so that it appears every time a work email is signed.

Forename Surname (in bold)

Job Title Service Area Directorate

Suffolk County Council

Postal address (which can be presented horizontally, rather than vertically, to save space)

Tel: 01473 XXXXXX

Mob: 0XXXX XXXXXX (if required) Fax: 01473 XXXXXX (if required)

Email: forename.surname@ suffolk.gov.uk www.suffolk.gov.uk

3.1.6 Postal Address - Emails sent to internal colleagues do not require the inclusion of the postal address in the signature.

3.1.7 Email Disclaimer - SCC users are not required to add a disclaimer to their email. However, where users wish to include one to help protect against email messages being misused, the following disclaimer can be added:

The information contained in this email is intended for the named addressee only, and may be confidential and privileged. If you have received it in error, I apologise and ask that you destroy it and notify me that you have done so.

3.1.8 Copyright - Where the user wishes to note that the contents are protected by copyright they should attach a copyright notice:

Copyright (Year) Suffolk County Council or © (Year) Suffolk County Council

3.1.9 Personal Email Disclaimer - Users sending genuinely personal email messages from their corporate email account may use the following disclaimer, although the message will be identified as having come from SCC and great care must be taken to avoid any possibility of being left vulnerable to legal action or loss of reputation:

The views contained in this message are those of the individual and do not necessarily represent the views of Suffolk County Council.

(22)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 22 of 28

3.2 Suffolk County Councillors

3.2.1 Email Footer Statement - All emails that are sent to external email addresses will automatically include the following statement in the footer:

• Emails sent to and from this organisation will be monitored in accordance with the law to ensure compliance with policies and to minimize any security risks. • The information contained in this email or any of its attachments may be

privileged or confidential and is intended for the exclusive use of the addressee. Any unauthorised use may be unlawful. If you receive this email by mistake, please advise the sender immediately by using the reply facility in your email software.

The following is the suggested email signature format for Councillors to use:

3.2.2 Standard Email Signature - Councillors should not include logos, animation, or scanned images in their standard email signature.

3.2.3 Standard Email Background - The background of emails should be white and with no patterns.

3.2.4 Standard Email Signature Font, Size and Colour - If using formats other than plain text, Councillors should select as standard the font – Arial, size – 12, colour – black, using capitals and lowercase as normal. (Note: the standard size can be increased from 12 where visual clarity is required). The CSD IT Helpdesk can assist Councillors in changing their settings.

3.2.5 Standard Email Signature - Users can use the following text for their email signature. All of the text below can be copied into an email signature box so that it appears every time an email is signed.

Councillor xxxxx (in bold)

Name

County Councillor for xxxxx Division

Post (e.g. portfolio holder for xx, Chairman of xx) (if applicable) Postal Address (SCC or Home Address)

Tel: xxxxx xxxxxx Mobile: xxxx xxxxx Fax: xxxx xxxxxx

E-mail: forename.surname@ suffolk.gov.uk www.suffolk.gov.uk

www.xxxxxCouncillorsown website (if applicable)

3.2.6 Email Disclaimer - Councillors are not required to add a disclaimer to their email. However, where they wish to include one to help protect against email messages being misused, the following disclaimer can be added:

(23)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 23 of 28

The information contained in this email is intended for the named addressee only, and may be confidential and privileged. If you have received it in error, I apologise and ask that you destroy it and notify me that you have done so.

3.2.7 Copyright - Where the Councillor wishes to note that the contents are protected by copyright they should attach a copyright notice:

Copyright (Year) Suffolk County Council or © (Year) Suffolk County Council

3.2.8 Personal Email Disclaimer - Councillors sending genuinely personal email messages from their SCC email account may use the following disclaimer, although the message will be identified as having come from SCC and great care must be taken to avoid any possibility of being left vulnerable to legal action or loss of reputation:

The views contained in this message are those of the individual and do not necessarily represent the views of Suffolk County Council.

3.3 Employees working for Customer Service Direct (CSD)

3.3.1 Scope - This includes all employees seconded to CSD, BT employees and any other authorised contractors with a @csduk.com mail account working within CSD. 3.3.2 Email Footer Statement - All emails that are sent to external email addresses will

automatically include the following statements in the footer:

• Emails sent to and from this organisation will be monitored in accordance with the law to ensure compliance with policies and to minimise any security risks. • The information contained in this email or any of its attachments may be

privileged or confidential and is intended for the exclusive use of the addressee. Any unauthorised use may be unlawful. If you receive this email by mistake, please advise the sender immediately by using the reply facility in your email software.

• Customer Service Direct – a partnership between BT, Suffolk County Council and Mid Suffolk District Council. Customer Service Direct Ltd. Registered in England No. 05111581 Registered Office: 81 Newgate Street, London, EC1A 7AJ

The following email signature must be used by all users identified in 3.3.1 above:

3.3.3 Standard Email Signature - Users must not include logos, animation, scanned images, home addresses, personal email addresses or personal telephone numbers in their standard email signature.

3.3.4 Standard Email Background - The background of emails must be white and with no patterns.

3.3.5 Standard Email Signature Font, Size and Colour - If using formats other than plain text, users must select as standard the font – Arial, size – 12, colour – black,

(24)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 24 of 28

using capitals and lowercase as normal. (Note: the standard size can be increased from 12 where visual clarity is required). The CSD IT Helpdesk can assist users in changing their settings.

3.3.6 Standard Email Signature - Users must use the following corporate text for their email signature. All of the text below should be copied into an email signature box so that it appears every time a work email is signed.

Forename Surname (in bold)

Job Title

Team Name Service Area

Customer Service Direct Tel: XXXXX XXXXXX

Mobile: XXXXXX (if required) Fax: XXXXX XXXXXX (if required) Email: forename.surname@csduk.com

Where there is a business requirement for the user to be contacted via a helpdesk instead of directly then the following format can be used, if authorised by the relevant team lead:

Forename Surname (in bold)

Job Title

Team Name Service Area

Customer Service Direct

Tel: 0845 XXXXXX (the helpdesk phone number) Fax: XXXXX XXXXXX (if required)

Email: xxxxhelpdesk@csduk.com

3.4 Employees of Suffolk County Council working for or on behalf of other Organisations (e.g. Joint Emergency Planning Unit)

3.4.1 Email Footer Statement - All emails that are sent to external email addresses will automatically include the following statement in the footer:

• Emails sent to and from this organisation will be monitored in accordance with the law to ensure compliance with policies and to minimize any security risks. • The information contained in this email or any of its attachments may be

privileged or confidential and is intended for the exclusive use of the addressee. Any unauthorised use may be unlawful. If you receive this email by mistake, please advise the sender immediately by using the reply facility in your email software.

(25)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 25 of 28

The following email signature must be used by all users working for or on behalf of other Organisations:

3.4.2 Standard Email Signature - Users must not include logos, animation, scanned images, home addresses, personal email addresses or personal telephone numbers in their standard email signature.

3.4.3 Standard Email Background - The background of emails must be white and with no patterns.

3.4.4 Standard Email Signature Font, Size and Colour - If using formats other than plain text, users must select as standard the font – Arial, size – 12, colour – black, using capitals and lowercase as normal. (Note: the standard size can be increased from 12 where visual clarity is required). The CSD IT Helpdesk can assist users in changing their settings.

3.4.5 Standard Email Signature - Users must use the following corporate text for their email signature. All of the text below should be copied into an email signature box so that it appears every time a work email is signed.

Forename Surname (in bold)

Job Title Service Area

(Include any other details relevant to the area of activity)

Postal address (which can be presented horizontally, rather than vertically, to save space)

Tel: 01473 XXXXXX

Mob: 0XXXX XXXXXX (if required) Fax: 01473 XXXXXX (if required)

Email: forename.surname@ suffolk.gov.uk (or other email address as appropriate)

www.suffolk.gov.uk (or other website as appropriate)

3.4.6 Postal Address - Emails sent to internal colleagues do not require the inclusion of the postal address in the signature.

3.4.7 Email Disclaimer - Users are not required to add a disclaimer to their email. However, where users wish to include one to help protect against email messages being misused, the following disclaimer can be added:

The information contained in this email is intended for the named addressee only, and may be confidential and privileged. If you have received it in error, I apologise and ask that you destroy it and notify me that you have done so.

3.4.8 Copyright - Where the user wishes to note that the contents are protected by copyright they should attach a copyright notice:

Copyright (Year) Suffolk County Council or © (Year) Suffolk County Council or other Organisation(s).

(26)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 26 of 28

3.4.9 Personal Email Disclaimer - Users sending genuinely personal email messages from their corporate email account may use the following disclaimer, although the message will be identified as having come from SCC and great care must be taken to avoid any possibility of being left vulnerable to legal action or loss of reputation:

The views contained in this message are those of the individual and do not necessarily represent the views of Suffolk County Council or other Organisation(s).

(27)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 27 of 28

4 FURTHER ADVICE

For further advice on this policy, please contact:

Your Strategic Information Agent, or the

SCC Information Management Services Helpdesk on 01473 264618

information.Management@suffolk.gov.uk

CSD Policy & Compliance Team via the CSD IT Helpdesk on 01473 265555

ITHelpdesk@csduk.com

5 GOVERNANCE

This policy is sponsored by;

• SCC Director of Resource Management.

Responsibility for maintaining and updating this policy belongs to: • SCC Chief Information Officer;

• CSD Policy & Compliance Manager; • SCC Head of Legal Services;

• SCC Head of Audit Services;

(28)

NOT PROTECTIVELY MARKED

Printed on: 12/05/2011 Page 28 of 28

6 DOCUMENT CONTROL Changes History

Version Date Amended By Change

3.2 May 2011 Neal Scarff Review & Updates

Approval (CSD)

Role Name Signed Date

Policy & Compliance Manager

References

Related documents

Methods for the development of the case definition and guidelines for data collection, analysis, and presentation for gestational diabetes mellitus as an adverse events

You will need to create a data table to record all observations of the samples including the letter of the solid samples and the ID number for your Unknown (Mystery Mixture).

[r]

How the study was conducted The researchers used a 3-D global atmospheric download to predict how the radioactive material download move over earth and a health-effects model to see

The planning process should address various workforce imbalances--from geographical to occupational to gender-based--and seek to determine how many workers are needed, what.. type

Quality: We measure quality (Q in our formal model) by observing the average number of citations received by a scientist for all the papers he or she published in a given

The RIDM process is used to inform decision making by emphasizing proper use of risk analysis to make decisions that impact all mission execution domains (e.g., safety, technical,

In this study, it is aimed to develop the Science Education Peer Comparison Scale (SEPCS) in order to measure the comparison of Science Education students'