Corporate publication

IT Security Policy and Procedures

The NHS Confederation’s position and arrangements for the installation and use of IT facilities and equipment, including dealing with any abuse.

30 October 2020

Read the policy (PDF) External link icon


The organisation provides access to a range of electronic facilities and equipment which are intended to assist employees in the performance of their duties. These facilities are an integral part of how we work.

This policy sets out the NHS Confederation’s position and arrangements for the installation and use of IT facilities and equipment including dealing with any abuse. Responsibility for the implementation and monitoring of this policy is the responsibility of the IT and Facilities Manager.

This policy is intended to protect the organisation’s information, assets and reputation as well as the rights of every employee. It applies equally to every employee and all other persons logging on to the organisation’s equipment or accessing the organisation’s domain and network. If third parties, such as secondees or consultants, are given access to the network, it is the responsibility of the staff member who appoints them to inform them about this policy.


The principal reasons why this policy must be followed in all circumstances are:

  • The NHS Confederation is legally responsible for all software on the organisational devices. The IT team maintain records of the licences purchased and ensures the organisation operates within the limits permitted by the number of licences owned.
  •  The software being used within the organisation can be audited at any time by the supplier, without notice. The NHS Confederation would be prosecuted if found to be using software without the correct licensing arrangements.
  • There is the risk of a virus being picked up from any software installation or from the connection of any piece of hardware. Because the organisation is networked, a virus that contaminates one machine can quickly spre
  • There is the possibility that the installation and use of any piece of software will adversely affect the performance of the machine(s) on which it is installed. Programs may not run properly or may conflict with each other. Machines may crash or run poorly. The IT team therefore needs to evaluate any proposal to use new software before making it available
  • If a member of the IT team identifies any unauthorised software on any equipment owned and operated by the NHS Confederation, it will be removed immediately. 4 NHS Confederation: IT Security Policy

This policy should be read in conjunction with:

View the policy library.

Find out more Arrow pointing right