GSI REVISION OF POLICIES

PURPOSE
To notify staff of the revised or new policies which must be implemented before joining the GSi Community.

Probation Circular
REFERENCE NO: 29/2005 ISSUE DATE: 20 April 2005 IMPLEMENTATION DATE: Immediate EXPIRY DATE: March 2006 TO: Chairs of Probation Boards Chief Officers of Probation Secretaries of Probation Boards CC: Board Treasurers Regional Managers IT/System/Security Managers AUTHORISED BY: Bob Nicholls, NOMS Offender Information Services ATTACHED: N/A

ACTION
Chief Officers must sign off and implement the following NPS Policies. They must also make sure that all Area staff are trained and made aware of the implications of these NPS Policies.

SUMMARY
This set of policies fulfils the requirement to join the GSi Community and rationalises existing policies and creates several new policies such as Protective Marking. These policies are intended to protect NPS Authorised Users, Offenders and Victims. These policies have been widely circulated and in many cases merely reflect an updated version of an existing NPS Policy.

RELEVANT PREVIOUS PROBATION CIRCULARS
PC45/2003 Information Security Programme PC66/2003 SEM Update PC69/2003 Vetting Protocol

CONTACT FOR ENQUIRIES
Kathryn Perry, NOMS OIS (Offender Information Services) 020 7217 0783 Information.security@homeoffice.gsi.gov.uk

National Probation Directorate
Horseferry House, Dean Ryle Street, London, SW1P 2AW General Enquiries: 020 7217 0659 Fax: 020 7217 0660

Enforcement, rehabilitation and public protection

POLICY DISTRIBUTION AND SUMMARY
Due to the number of attachments to this PC it has been decided to include these on a CD-Rom which will be sent to Chief Officers of Probation Areas under separate cover. This CD will include authorised security policies for the Service. Four policies will shortly be sent to you under separate PC. Policy NPS Business Continuity Policy NPS Clear Desk Policy Reference PIT-SEC-POL-0015 PIT-SEC-POL-00013 To maintain the integrity of NPS and other protectively marked or confidential information/ Personal Data by securely storing Data when not in use. To ensure compliance with the NPS Policies, Government Standards, Manuals and Schemes and that to ensure that the obligations of the NPS Areas are recognised. To ensure that all Areas comply with the Data Protection Act 1998. To provide a framework for access to Email and Internet and acceptable use of the Communication Infrastructure. Status To follow Included

NPS Community Information Security Policy NPS Data Protection Policy NPS Email and Internet Communications Policy NPS Incident Management Policy NPS IS & Network Monitoring Policy NPS IT Asset and IT Media Disposal Policy NPS Logical Access Control Policy NPS Password Policy

PIT-SEC-POL-0001

Included

PIT-SEC-POL-0005 PIT-SEC-POL-0002

Included Included

PIT-SIP-POL-0018 PIT-SIP-POL-0016 PIT-SIP-POL-0001 To ensure that all IT Assets and IT Media are disposed of in an appropriate manner to avoid any unauthorised disclosure of NPS Information. To ensure the Confidentiality of NPS Information by means of stringent Logical Access Control baseline requirements. To provide a strong identification and authentication policy and associated procedures to help prevent unauthorised access to IT Systems and to assist any audit and investigation activities.

To follow To follow Included

PIT-SIP-POL-0008

Included

PIT-SIP-POL-0004

Included

NPS Physical Security Policy NPS Protective Marking Policy

PIT-SIP-POL-0015 PIT-SIP-POL-0017 To interpret the Government Protective Marking Scheme for the National Probation Service, set out how it will be applied in the Service, and outline the rules for compliance with this policy.

To follow Included

PC29/2005 - GSi Revision of Policies

2

NPS Remote Working Policy

PIT-SIP-POL-0007

To provide the framework for the development of local procedures, Standards’ and guidelines that each Local System Controller must put in place to support Confidentiality and Integrity of all NPS Information when Authorised Users conduct Remote Working. To ensure that all NPS staff undergoes Vetting procedures before taking up any position in the NPS in order to identify candidates who may be unsuitable for certain posts within the NPS Area, especially if it involves contact with children or other vulnerable people. To provide a clear structure for preventing and handling incidents concerning Computer Viruses and Malicious Software or Code.

Included

NPS Vetting Policy

PIT-SIP-POL-0003

Included

NPS Virus and Malicious Software Policy

PIT-SIP-POL-0009

Included

PC29/2005 - GSi Revision of Policies

3