Corporate publication

IT Security Policy and Procedures

The NHS Confederation’s position and arrangements for the installation and use of IT facilities and equipment, including dealing with any abuse.

30 October 2020

Read the policy (PDF) External link icon

Chapters

Introduction

The organisation provides access to a range of electronic facilities and equipment which are intended to assist employees in the performance of their duties. These facilities are an integral part of how we work.

This policy sets out the NHS Confederation’s position and arrangements for the installation and use of IT facilities and equipment including dealing with any abuse. Responsibility for the implementation and monitoring of this policy is the responsibility of the IT and Facilities Manager.

This policy is intended to protect the organisation’s information, assets and reputation as well as the rights of every employee. It applies equally to every employee and all other persons logging on to the organisation’s equipment or accessing the organisation’s domain and network. If third parties, such as secondees or consultants, are given access to the network, it is the responsibility of the staff member who appoints them to inform them about this policy.

Purpose

The principal reasons why this policy must be followed in all circumstances are:

  • The NHS Confederation is legally responsible for all software on the organisational devices. The IT team maintain records of the licences purchased and ensures the organisation operates within the limits permitted by the number of licences owned.
  •  The software being used within the organisation can be audited at any time by the supplier, without notice. The NHS Confederation would be prosecuted if found to be using software without the correct licensing arrangements.
  • There is the risk of a virus being picked up from any software installation or from the connection of any piece of hardware. Because the organisation is networked, a virus that contaminates one machine can quickly spre
  • There is the possibility that the installation and use of any piece of software will adversely affect the performance of the machine(s) on which it is installed. Programs may not run properly or may conflict with each other. Machines may crash or run poorly. The IT team therefore needs to evaluate any proposal to use new software before making it available
  • If a member of the IT team identifies any unauthorised software on any equipment owned and operated by the NHS Confederation, it will be removed immediately. 4 NHS Confederation: IT Security Policy

This policy should be read in conjunction with:

Related content

NICON 2024 | 16 - 17 October | La Mon Hotel
Conference

NICON 2024

NICON24 is the premiere event for HSC Leaders and partners, bringing them together to discuss how to secure the best health and care outcomes for NI.

16 October 2024 08:00 - 17 October 2024 13:30 GMT
NHS ConfedExpo - 12 and 13 June 2024 at Manchester Central
Event

NHS ConfedExpo 2024

Join us at Manchester Central as we and NHS England unite health and care leaders and their teams at one of the biggest health and care conferences.

12 June 2024 08:30 - 13 June 2024 16:45 GMT
Matthew Taylor headshot
News

NHS Confederation responds to survey showing sexual harassment in the NHS

A survey from UNISON found that one in ten (10%) healthcare workers reported experiences of sexual harassment.

8 April 2024
Corporate publication

Conflicts of Interest Policy

Guidance on how to recognise and manage perceived and real conflicts of interest.

31 March 2024

View the policy library.

Find out more Arrow pointing right