Recognizing the value and importance of its information resources, and its statutory obligations to protect them against corruption or loss, the City of Bradford Metropolitan District Council will actively protect these assets in ways that are appropriate and cost effective. The Council will thereby fulfil its statutory responsibilities, protect citizens, customers and businesses, and maintain the effectiveness and continuity of its services.
The Council will:
- Operate security governance to ensure senior management direction and promote compliance throughout the organisation.
- Ensure that controls are based on business requirements and are balanced against risk assessments that are reviewed on a regular basis.
- Maintain an effective, properly resourced information assurance group to monitor controls and assist user departments to safeguard their data.
To support this, we must:
- Make sure that appropriate data is collected and then properly maintained and processed, and that its confidentiality and integrity are suitably preserved.
- Protect our information systems from a wide range of physical threats to minimise risk and maximise their value to the Council.
- Detect and protect against viruses and other malicious software, and correct security vulnerabilities.
- Protect critical business processes and online customer services against failures and disasters.
- Educate and train our staff to handle and process information securely, effectively and legally.
- Develop controls by a process of continuous monitoring and measure their effectiveness.
- Report all breaches of information security, actual or suspected, and deal with them in an appropriate manner.
- Conduct regular security risk assessments and audits.
Every individual in the Council with access to its information systems also has a responsibility to protect that information and prevent harm to businesses, citizens and customers. Information security is primarily about and for people, not technology.