CHAPTER 07: Complying with legal and policy requirement
Section 01 Complying with Legal Obligations
Section 02 Complying with Policies
Section 03 Avoiding Litigation
Section 04 Other Legal Issues
Policy 070101 Being Aware of Legal Obligations
POLICY STATEMENT
“Persons responsible for Human Resources Management are to ensure that all employees are fully aware of their legal responsibilities with respect to their use of computer based information systems and data. Such responsibilities are to be included within key staff documentation such as Terms and Conditions of Employment and the Organization Code of Conduct.”
Policy 070102 Complying with the Data Protection Act or Equivalent
POLICY STATEMENT
“The organization intends to fully comply with the requirements of Data Protection Legislation in so far as it directly affects the organization’s activities.”
Policy 070103 Complying with General Copyright Legislation
POLICY STATEMENT
“Persons responsible for Human Resources Management are to prepare guidelines to ensure that all employees are aware of the key aspects of Copyright, Designs and Patents Act legislation (or its equivalent), in so far as these requirements impact on their duties.”
Policy 070104 Complying with Copyright and Software Licensing Legislation
POLICY STATEMENT
“Persons responsible for Human Resources Management are to prepare guidelines to ensure that all employees are aware of the key aspects of Software copyright and licensing legislation, in so far as these requirements impact on their duties.”
Policy 070105 Legal Safeguards against Computer Misuse
POLICY STATEMENT
“Persons responsible for Human Resources Management are to prepare guidelines to ensure that all employees are aware of the key aspects of Computer Misuse legislation (or its equivalent), in so far as these requirements impact on their duties.”
Section 02: Complying with polices
Policy 070201 Managing Media Storage and Record Retention
POLICY STATEMENT
“The organization will maintain a suitable archiving and record retention procedure.”
Policy 070202 Complying with Information Security Policy
POLICY STATEMENT
“All employees are required to fully comply with the organization’s Information Security policies. The monitoring of such compliance is the responsibility of management.”
Section 03: Avoiding Litigation
Policy 070301 Safeguarding against Libel and Slander
POLICY STATEMENT
“Employees are prohibited from writing derogatory remarks about other persons or organizations.”
Policy 070302 Using Copyrighted Information from the Internet
POLICY STATEMENT
“Information from the Internet or other electronic sources may not be used without authorization from the owner of the copyright.”
Policy 070303 Sending Copyrighted Information Electronically
POLICY STATEMENT
“Information from the Internet or other electronic sources may not be retransmitted without permission fro the owner of the copyright.”
Policy 070304 Using Text directly from Reports, Books or Documents
POLICY STATEMENT
“Text from reports, books or documents may not be reproduced or reused without permission from the copyright owner.”
Section 04: Other Legal Issues
Policy 070401 Recording Evidence of Incidents (Information Security)
POLICY STATEMENT
“All employees are to be aware that evidence of Information Security incidents must be formally recorded and retained and passed to the appointed Center.”
Policy 070402 Renewing Domain Name Licenses – Web Sites
POLICY STATEMENT
“Registered domain names, whether or not actually used for the organization’s Web sites, are to be protected and secured in a similar manner to any other valuable asset of the organization.”
Policy 070403 Insuring Risks
POLICY STATEMENT
“A re-assessment of the threats and risks involved relating to the organization’s business activities must take place periodically to ensure that the organization is adequately insured at all times.”
Policy 070404 Recording Telephone Conversations
POLICY STATEMENT
“All parties are to be notified in advance whenever conversations are being recorded.”