Tuesday 25 September 2012

How to avoid that immediate ICO fine

Hi Brian,

Many thanks for your recent email. I do hope you were joking when you told me that you’ve lost the data stick I sent you containing all of the policies you’re supposed to have in place to prevent an immediate ICO fine the next time you report a security breach. No policy = almost certain fine. You may well get fined if you don't follow the policy, but you really do need to have a policy in the first place.

Now, listen very carefully, as I’m getting sick of repeating myself.

As a local authority, you must implement a range of security policies, to ensure compliance with the PSN, N3 and GCSx / GCF regimes. Examples of policies covering a wide range of topics are available on a free website – but if I send you the link in this email I’ll almost certainly get collared by the commercial organisations that sell this stuff for serious money.

Anyway, let me know where we can meet for lunch and where I can pass you details of the website.

Any nice restaurant in Central London is acceptable. Remember, after a bit of customisation, you’re going to get your hands on your very own:

Acceptable usage policy
End user awareness training
E-mail usage policy
Use & control of portable media policy
Home & mobile working policy
Secure document printing policy
Manual (paper) document handling policy
Handling of faxes policy
Secure disposal and destruction policy
Information asset valuation policy
Risk management regime
Protective marking policy
Use of personal devices policy
The use of encryption software policy
Incident reporting policy
Incident management policy
Log management policy
Intrusion detection policy
System Access Control policy
Configuration management and change control policy
Business continuity management policy

Just promise me that you’ll try harder not to lose them, this time!


Image credit: