INSERT PROTECTIVE MARKING HERE

Document Sample
INSERT PROTECTIVE MARKING HERE Powered By Docstoc
					                              UNCLASSIFIED




                 GOVERNMENT OFFICES FOR THE REGIONS




           Information Security Policy Policy
                        for the
           Government Offices for the Regions




Document Reference:     [Insert Document Reference]

Version:                2.0

Date of Issue:          XX August 2005

Author:                 Colin Braziel – CLAS Security Consultant
                        Griffin Security Management Limited

Authorisation:          [Insert Authoriser]

Acceptance:             [Insert Owner- Head of Department/Agency or
                        Senior Responsible Officer]




                              UNCLASSIFIED
                                      UNCLASSIFIED
GO Information Security Policy Document                                    Version 2.0


Document History

Version             Date                  Revision description
0.1                 30th April 2004       Draft for comment
0.2                 16th May 2004         2nd Draft
1.0                 October 2004          Initial issue
2.0                 Aug 2005              Revised to comply with ISO/IEC 17799:2005,
                                          MPS and ODPM Security Policy




                                      UNCLASSIFIED
                                        Page 2 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                  Version 2.0


Reference Documents

         HMG Manual of Protective Security
         HMG Infosec Standard No. 1 – Assurance Requirements for IT Systems
         HMG Infosec Standard No. 2 – Accreditation Document Set
         HMG Infosec Standard No. 3 – Interconnecting Business Domains
         CESG Compusec Memorandum No. 8
         CESG Compusec Memorandum No. 20
         ISO/IEC 17799:2005
         BS7799 supporting documents BSI PD 3000 - 3005
         Government Security Framework Documents
         e-GIF
         GSi Code of Connection
         Human Rights Act
         Computer Misuse Act
         Data Protection Act
         Regulation of Investigatory Powers Act
         Freedom of Information Act
         Official Secrets Act




                                      UNCLASSIFIED
                                        Page 3 of 49
                                                      UNCLASSIFIED
GO Information Security Policy Document                                                                                  Version 2.0


Contents
    Document History ....................................................................................................... 2
    Reference Documents ................................................................................................. 3
    Contents ...................................................................................................................... 4
Responsibility for Security ............................................................................................... 7
  This Section: ................................................................................................................... 7
  Summary of Key Points .................................................................................................. 7
  Need to safeguard information........................................................................................ 7
  Responsibilities ............................................................................................................... 8
    Staff ............................................................................................................................. 8
    The Line Manager ....................................................................................................... 8
    The Security Liaison Officer/Information Security Officer ....................................... 8
    The GO Security Advisor ........................................................................................... 8
    The ODPM Departmental Security Officer (DSO) .................................................... 9
  Checklist of good security practices ............................................................................... 9
  Security liaison officers: responsibilities and duties ....................................................... 9
    General ........................................................................................................................ 9
    Keys, combination numbers and PC passwords ......................................................... 9
    New entrants ............................................................................................................. 10
    Reporting of incidents ............................................................................................... 10
    Protectively marked material .................................................................................... 10
    Informal reviews ....................................................................................................... 10
Information Security ...................................................................................................... 11
  This section: .................................................................................................................. 11
  Summary of key points ................................................................................................. 11
  General guidance .......................................................................................................... 11
    Need-to-know ........................................................................................................... 11
    Protection of sensitive information ........................................................................... 12
    Reporting leaks and losses ........................................................................................ 12
    Protective markings and descriptors ......................................................................... 12
       Protective markings .............................................................................................. 12
       TOP SECRET ....................................................................................................... 13
       SECRET ................................................................................................................ 13
       CONFIDENTIAL ................................................................................................. 13
       RESTRICTED ...................................................................................................... 13
    Descriptors ................................................................................................................ 14
    Correct marking ........................................................................................................ 15
    Time limited markings .............................................................................................. 15
    Markings from other governments and international organisations ......................... 16
  Downgrading and destruction ....................................................................................... 16
    Downgrading of information .................................................................................... 16
    Destruction of protectively marked waste ................................................................ 16
  Despatch and distribution ............................................................................................. 17
    Dispatch of protectively marked documents ............................................................. 17
    Communicating information outside the government service .................................. 19

                                                      UNCLASSIFIED
                                                        Page 4 of 49
                                                    UNCLASSIFIED
GO Information Security Policy Document                                                                              Version 2.0

    Security of protectively marked material outside the office ..................................... 19
  Cabinet papers ............................................................................................................... 20
  Open government and freedom of information ............................................................ 20
    Open government ...................................................................................................... 20
    Freedom of information ............................................................................................ 20
    The clear desk policy ................................................................................................ 20
Physical Security ............................................................................................................. 23
  This section: .................................................................................................................. 23
  Summary of key points ................................................................................................. 23
  Security arrangements ................................................................................................... 23
    Security arrangements ............................................................................................... 23
    Security in open plan areas ....................................................................................... 24
       Visitors .................................................................................................................. 24
       IT Security ............................................................................................................ 24
       Leaving your work station .................................................................................... 24
       Leaving an open plan area unattended .................................................................. 24
       Meetings and telephone conversations ................................................................. 25
       Personal property .................................................................................................. 25
       Identity cloning ..................................................................................................... 25
    Precautions against theft ........................................................................................... 25
    Security furniture ...................................................................................................... 26
       Keys and locking up procedures ........................................................................... 26
       Combination locks ................................................................................................ 27
       Mechanical combination locks ............................................................................. 27
       Unlocking a mechanical combination lock ........................................................... 28
       Locking a combination lock.................................................................................. 29
       Digital combination locks ..................................................................................... 29
    Lapses of security ..................................................................................................... 30
Computer Security .......................................................................................................... 31
  This section: .................................................................................................................. 31
  Summary of key points ................................................................................................. 31
  PC Passwords ................................................................................................................ 31
    INDiGO Password Policy ......................................................................................... 31
       Keeping your password secure ............................................................................. 31
       Principles............................................................................................................... 32
       Personal computers ............................................................................................... 32
    Corporate IT systems and departmental network ..................................................... 32
    Government secure intranet (GSI) ............................................................................ 32
    The internet ............................................................................................................... 33
    Data Protection Act ................................................................................................... 33
       GO Data Protection Policy.................................................................................... 33
Communications Security .............................................................................................. 36
  This section: .................................................................................................................. 36
  Summary of key points ................................................................................................. 36
  Telephones .................................................................................................................... 36
  Radio pagers.................................................................................................................. 37

                                                    UNCLASSIFIED
                                                      Page 5 of 49
                                                     UNCLASSIFIED
GO Information Security Policy Document                                                                                Version 2.0

  Facsimile machines ....................................................................................................... 37
  Quick reference table .................................................................................................... 37
  Internet mobile code blocking ...................................................................................... 38
     Policy ........................................................................................................................ 38
     What is mobile code? ................................................................................................ 38
  e-Mail blocking policy .................................................................................................. 38
     Policy ........................................................................................................................ 38
     Background ............................................................................................................... 38
     Viruses ...................................................................................................................... 39
     MS Excel macro virus. .............................................................................................. 39
       Executable files ..................................................................................................... 39
     Visual basic script ..................................................................................................... 40
     Encrypted material .................................................................................................... 41
     Bad data .................................................................................................................... 42
     Active HTML............................................................................................................ 42
     Unauthorised file types ............................................................................................. 43
     Undetermined data .................................................................................................... 43
Basic Checks and Security Clearances ......................................................................... 45
  This section: .................................................................................................................. 45
  Summary of key points ................................................................................................. 45
  Basic checks .................................................................................................................. 45
     Security vetting review ............................................................................................. 46
Countering Terrorism .................................................................................................... 47
  This section: .................................................................................................................. 47
  Summary of key points ................................................................................................. 47
  Counter terrorist advice................................................................................................. 47
  States of alert and access control .................................................................................. 47
Annex A - GSI Personal Commitment Statement ....................................................... 48




                                                     UNCLASSIFIED
                                                       Page 6 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

RESPONSIBILITY FOR SECURITY
This Section:
           sets out the GO policy on security and explains the need to safeguard sensitive
            intimation;
           sets out the security responsibilities and duty confidentiality to the Crown of
            individual staff, line managers and management.


Summary of Key Points
           staff are personally responsible for protecting information in their custody.

           All Crown employees are bound by the Official Secrets Act and duty of
            confidentiality to the organisation

           Line Managers should encourage their staff to give security appropriate
            priority.

           Each GO should appoint a Security Liaison Officer (SLO)/ Information
            Security Officer who will required to attend the appropriate training.

           GO RCU will appoint a Security Advisor to be responsible for GO-wide
            security policy, providing advice, ensuring compliance and providing an
            interface with the ODPM DSO.

           The Departmental Security Officer (DSO) within Infrastructure Services
            Division of ODPM, is responsible for security policy, providing advice,
            ensuring compliance and providing assurance to the Permanent Secretary.

Need to safeguard information
GO, in pursuing its strategic aims and wide ranging policy objectives, is committed to
being an open Department, sharing information about problems, options, and policies as
widely as possible. Necessarily, a balance has to be maintained between openness and
the need to safeguard information that is not to be released or that is not yet ready to be
released.

The need to safeguard information that is sensitive applies especially when this has been
given in confidence or relates to issues of national security. As a Government
Department, we are required to conform with the Code of Conduct for Open Government,
Freedom of Information legislation, the Data Protection Act and the agreed minimum
Government standards on security. Good security is not the opposite of openness, but a
part of it.

A simple checklist of good security practices is included in this section.


                                      UNCLASSIFIED
                                        Page 7 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                          Version 2.0

Responsibilities
Staff
As an employee of the GO, you are personally responsible for protecting information,
documents and assets in your custody. The formal position is that as a Crown employee
you are bound by the provisions of criminal law, including the Official Secrets Acts, and
you owe a duty of confidentiality to the Crown. These responsibilities continue after you
have left Crown employment. They are described in more detail in the Civil Service
Management Code, the Civil Service Code and the Basic Guide to the Official Secrets
Acts 1911 to 1989, copies of which are available on request from the ODPM
Infrastructure Services Division. They are also covered in the Staff Handbook.

The Line Manager
As a Line manager you have an additional responsibility for ensuring that the appropriate
security procedures are properly applied by your supporting staff. These responsibilities
also include fostering a positive climate in which your staff give security appropriate
priority.

You should take an interest in the welfare and behaviour of your staff, inside and outside
the office, but without being unduly intrusive, encouraging them to discuss concerns
before they become security problems. Special attention should be given to managing the
security aspects of any temporary staff, consultants and contractors for whom you are
responsible.

Remember that you are accountable for the way in which you discharge your security
responsibilities, just as you are for other aspects of your work. If you are concerned
about a possible security problem involving a member of your staff or have any reason to
doubt his/her reliability, you should contact your local Information Security Officer at the
earliest opportunity, with a view to getting some expert advice. All information will be
treated in the strictest confidence and its source closely protected.

The Security Liaison Officer/Information Security Officer
Each GO should have one or more Security Liaison Officers (SLO) / Information
Security Officer whose role is to exercise day-to-day oversight of security matters within
their appointed area and to act as a link between their GO and the RCU Security Advisor.
SLOs are responsible to their respective Regional Director and it is vital that they are
given the necessary support and encouragement. The preferred grade for SLOs is Pay
Band 4 (HEO) and should be permanent staff. New SLO appointments should be
registered with the ODPM Infrastructure Services Division so that appropriate training
can be arranged. The full responsibilities and duties of an SLO are set out separately in
this section.

The GO Security Advisor
The GO Security Advisor is responsible for providing security advice and assistance to
GOs and to provide an interface with the ODPM DSO.

                                      UNCLASSIFIED
                                        Page 8 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                             Version 2.0

The ODPM Departmental Security Officer (DSO)
The ODPM Departmental Security Officer (DSO) assisted by his team, within the
Infrastructure Services Division, is responsible for policy on security, providing advice,
ensuring compliance and providing assurance to the Permanent Secretary.

Checklist of good security practices
           Observe the clear desk policy.
           Lock all cabinets at the end of the day.
           Add appropriate Protective Markings to sensitive material.
           Do not over mark, and question others who do.
           Protect sensitive material at all times.
           Dispose of sensitive waste in approved ways.
           Remember recycling bins are insecure. Comply with IT, telephone and fax
            security.
           Take special care of sensitive material out of the office, especially in hotels or
            at meetings.
           Confine sensitive information to those who need-to-know. Do not disclose
            official information without authority.

Security liaison officers: responsibilities and duties
General
As an SLO, your role is to exercise day to day oversight of security matters within your
GO and to act as a link with the RCU Security Advisor.

By far your most important function is to educate colleagues that security is everyone's
responsibility. You should make colleagues, particularly new entrants, aware that you are
their SLO, and draw their attention to the Security Manual and other relevant material.
You should encourage colleagues to observe and apply good security practices. Security
posters are available to help reinforce the message. Remember, you have direct access to
the RCU Security Advisor and ODPM DSO at any time for assistance or advice on any
security related matter.

The following paragraphs indicate the core tasks that all SLOs should expect to
undertake.

Keys, combination numbers and PC passwords
As the SLO you should hold, or make arrangements for somebody else to hold, in a
container appropriate to the highest level of Protective Marking held, all spare keys to
security containers, PCs, photocopiers, fax machines, security briefcases and secure
rooms. You should carry out periodic checks to ensure that keys, combinations, etc are
held for all security containers and items of equipment as above.




                                      UNCLASSIFIED
                                        Page 9 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                         Version 2.0

New entrants
You should ensure that all new entrants to your appointed area, including staff transferred
from elsewhere, are aware of the contents of this guidance, know where the Security
Manual can be found on the IntraNet and know where information on security issues may
be obtained. It is also important that you ensure that they are made familiar with local
security procedures and practices, particularly in respect of locking up at the end of the
working day and observance of the Clear Desk Policy.

Reporting of incidents
You should report to your Regional Director, RCU Security Advisor and the ODPM ISD
Security Team any case in which:
        a protectively marked document is missing;
        there appears to be a leakage of official information to unauthorised persons;
        there has been a lapse of security;
        there is a persistent disregard of security rules.

Protectively marked material
You should ensure that colleagues are aware of, and are operating, the correct procedures
for the handling, storing, regarding, destruction and photocopying of protectively marked
material and files. You should pay special attention to the procedures for the higher
levels of Protective Marking including, for SECRET and TOP SECRET, the completion
of the Classified Document Register and when appropriate, a Certificate of Destruction.

Informal reviews
You may find it helpful to carry out periodic informal reviews or checks of the security
procedures being observed within your appointed area. This will serve a number of
purposes:
        it will enable you to identify potential weaknesses in security practices;
        it will enable you to identify areas of misunderstanding or where further
          advice or guidance would be beneficial; and
        it will allow you to form a clear picture of the level of security and security
          awareness within your appointed area and to report accordingly to senior line
          management should you be required to do so.




                                      UNCLASSIFIED
                                       Page 10 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                            Version 2.0



INFORMATION SECURITY
This section:
           outlines the “need-to-know” principle;
           outlines the principles for the protection of sensitive material and the reporting
            of leaks and losses;
           underlines the requirements to adhere to the Clear Desk Policy;
           gives guidance on protective markings and descriptors;
           sets out the methods of communicating/handling and destroying sensitive
            information; and
           establishes the principles for releasing protectively marked information under
            the Code of Practice for Open Government and Freedom of Information
            legislation.

Summary of key points
           The principle of "need-to-know" is that information should be disseminated
            no wider than is necessary for the efficient conduct of business.
           Sensitive information should be protected regardless of the form it takes.
           The Clear Desk Policy should be observed.
           Any loss, leak, or suspected compromise of sensitive information must be
            reported immediately.
           Protective markings should be used to indicate that material needs protecting.
           Descriptors can be used with protective markings to identify what sort of
            information is being protected.
           Protectively marked material should be downgraded at the earliest
            opportunity.
           Protectively marked documents should not be taken out of the office unless
            necessary.
           Protectively marked waste paper must be secured until it has been properly
            destroyed.
           A protective marking does not, in itself, constitute grounds for rejecting a
            request for information under the Code of Practice for Open Government.

General guidance
Need-to-know
The conduct of the GO's business means that official information needs to be
communicated to others within Government service and outside. A balance needs to be
maintained between the policy on openness and the need for security. In all cases
involving protectively marked documents, or other information properly regarded as
sensitive, you should carefully consider whether those to whom it needs to be
communicated are entitled to receive it. You should bear in mind the “ need-to-know”
principle, that the dissemination of sensitive information should be no wider than is


                                      UNCLASSIFIED
                                       Page 11 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

required for the efficient conduct of the business in hand and restricted to those who are
authorised to have access. That principle is fundamental to all aspects of security.

If you have any doubt about the sensitivity of information and/or whether a proposed
recipient of sensitive information should be given authorised access you should consult
your line manager, or your local Security Liaison Officer. The existence of a protective
marking is usually a good indication of sensitivity, but there may be situations where
unmarked documents contain sensitive information.

Protection of sensitive information
You should interpret widely the responsibility to protect sensitive information from
unauthorised access or disclosure to include protecting all forms of recorded information
e.g. files, briefs, letters, email messages, reports, photographs, microfilm and microfiche,
charts, magnetic tapes, floppy disks and compact disks (CDs). Information may be
sensitive whether it is hand written (e.g. drafts), typed, printed or otherwise recorded.

You should ensure that sensitive information is securely stored overnight and also during
the day, particularly when your room or work area is unoccupied. Protectively marked
information must be secured in the appropriate security furniture. You should observe
the Clear Desk Policy when rooms or work areas are unoccupied. Not only is this the
simplest way of ensuring that sensitive papers are protected against unauthorised access,
it would be valuable in protecting papers and allowing you to carry on with your business
should your building be affected by explosion, fire or water damage.

Reporting leaks and losses
You should report any loss, leak, or suspected compromise of sensitive or protectively
marked information through your Security Liaison Officer to the Regional Director and
RCU Security Advisor as appropriate, without delay.

Protective markings and descriptors

Protective markings
The purpose of protective markings is to indicate that the information contained in a
document, etc has a particular level of sensitivity and therefore needs to be protected to a
certain standard. The Protective Marking System ensures that sensitive information
receives a uniform level of protection and treatment across Government, according to its
degree of sensitivity.

There are four protective markings that define the degree of damage that would be caused
should the information be compromised. It is the responsibility of the author of the
material to apply the appropriate protective marking. Recipients will know from the
marking what measures are required to be employed in protecting the information.

The protective markings are:

           RESTRICTED

                                      UNCLASSIFIED
                                       Page 12 of 49
                                       UNCLASSIFIED
GO Information Security Policy Document                                            Version 2.0

           CONFIDENTIAL
           SECRET
           TOP SECRET

It can sometimes be helpful to indicate that a document is intentionally NOT
PROTECTIVELY MARKED .

It is very important that, as an author, you take care in selecting the correct level. You
should avoid over marking, as this risks bringing the system into disrepute as well as
introducing inefficiencies. Equally, you should avoid under marking, as explained in
Correct Marking below.

The full definitions are as follows:

TOP SECRET
The compromise of this information or material would be likely: to threaten directly the
internal stability of the UK or friendly countries; to lead directly to widespread loss of
life; to cause exceptionally grave damage to the effectiveness or security of UK or allied
forces or to the continuing effectiveness of extremely valuable security or intelligence
operations; to cause exceptionally grave damage to relations with friendly governments;
to cause severe long-term damage to the UK economy

SECRET
The compromise of this information or material would be likely: to raise international
tension; to damage seriously relations with friendly governments; to threaten life directly,
or seriously prejudice public order, or individual security or liberty; to cause serious
damage to the operational effectiveness or security of UK or allied forces or the
continuing effectiveness of highly valuable security or intelligence operations; to cause
substantial material damage to national finances or economic and commercial interests.

CONFIDENTIAL
The compromise of this information or material would be likely: materially to damage
diplomatic relations (i.e. cause formal protest or other sanction); to prejudice individual
security or liberty; to cause damage to the operational effectiveness or security of UK or
allied forces or the effectiveness of valuable security or intelligence operations; to work
substantially against national finances or economic and commercial interests;
substantially to undermine the financial viability of major organisations; to impede the
investigation or facilitate the commission of serious crime; to impede seriously the
development or operation of major government policies; to shut down or otherwise
substantially disrupt significant national operations.

RESTRICTED
The compromise of this information or material would be likely: to affect diplomatic
relations adversely; to cause substantial distress to individuals; to make it more difficult
to maintain the operational effectiveness or security of UK or allied forces; to cause

                                       UNCLASSIFIED
                                        Page 13 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

financial loss or loss of earning potential to or facilitate improper gain or advantage for
individuals or companies; to prejudice the investigation or facilitate the commission of
crime; to breach proper undertakings to maintain the confidence of information provided
by third parties; to impede the effective development or operation of government
policies; to breach statutory restrictions on disclosure of information; to disadvantage
government in commercial or policy negotiations with others; to undermine the proper
management of the public sector and its operations.

Covering notes should be protectively marked as appropriate to their own content but
should indicate the highest marking of the material they cover, e.g. "RESTRICTED -
covering - CONFIDENTIAL".

Descriptors
Complementary to protective markings are a number of descriptors. These support the “
need-to-know” principle by:

           showing what sort of sensitive information is being protected; and
           helping you to consider who should have access to it.

   Table: The core descriptors currently recommended by the Cabinet Office are:

   APPOINTMENTS               concerning actual or potential appointments that have not yet
                              been announced.

   BUDGET                     concerning proposed or actual measures for the Budget
                              before its announcement.

   COMMERCIAL                 relating to a commercial undertaking's processes or affairs.

   CONTRACTS                  concerning tenders under consideration and the terms of
                              tenders accepted.

   HONOURS                    concerning the actual or potential award of an Honour before
                              the announcement of the award.

   INVESTIGATION              concerning investigations into disciplinary or criminal
                              matters.

   MANAGEMENT                 concerning policy and planning affecting the interests of
                              groups of staff.

   MEDICAL                    medical reports and records and material relating to them.

   PERSONAL                   material only to be seen by the person to whom it is
                              addressed.

   POLICY                     concerning proposals for new or changed Government policy
                              before publication.

                                      UNCLASSIFIED
                                       Page 14 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

   REGULATORY                 concerning material which has come into the possession of
                              Government Departments or Agencies in the course of
                              carrying out their statutory regulatory duties.

   STAFF                      containing references to named or identifiable staff or
                              personal confidences entrusted by staff to management.

   VISITS                     concerning details of visits by, for example, Royalty,
                              Ministers or very senior staff.

Other descriptors may be used but must be agreed and registered as a Departmental
standard by the Departmental Records Officer

Descriptors must only be used in conjunction with a protective marking, e.g.
RESTRICTED - STAFF or CONFIDENTIAL - POLICY. They must not be used on
their own.

The one exception to this rule is PERSONAL which you may use on its own when the
material does not merit a protective marking but you wish to indicate that it should only
be seen by the addressee e.g. personal information.

Correct marking
Sensitive information must be given the protective marking appropriate to its content.
You should therefore exercise care in deciding which marking to apply. Information
should never be given a marking lower than its degree of sensitivity deserves merely to
avoid inconvenience - to do so increases the chances of its compromise. On the other
hand information should not be over marked simply to be on the safe side - you and
recipients may be applying costly protective measures unnecessarily. If in doubt you
should discuss the marking with your line manager or consult the RCU Security Advisor.

Because of the importance of avoiding over or under marking, you should only decide
what, if any, protective marking is appropriate if you fully understand the importance of
the information and the consequences of its compromise. Regional Directors may wish
to apply a system of delegations, particularly for markings above CONFIDENTIAL,
taking into account the type of information handled by their Units.

Time limited markings
The degree of sensitivity of information often decreases after a certain time e.g. when a
White Paper has been published or policy has passed into the public domain.

Once that has occurred it may be possible for you to reduce the protective marking or
remove it completely. To do so will allow both you and other recipients of the
information to apply less stringent protective measures.




                                      UNCLASSIFIED
                                       Page 15 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                        Version 2.0

If it is possible to identify beforehand when the Protective Marking can be downgraded
or removed altogether, you should indicate this by marking it as in the following
example:

“CONFIDENTIAL until [Date] then NOT PROTECTIVELY MARKED”.

Markings from other governments and international organisations
Many governments and some international organisations, e.g. NATO, have classification
systems similar to our own protective marking system. Agreements often exist for the
mutual recognition and protection of marked documents.

In all such cases you are required to provide the level of protection indicated by the
originator. In some cases international organisations use the word "Restricted" to mean
"For Official Use Only". If you are in any doubt about how any such information should
be treated, you should check with the RCU Security ASdvisor or ODPM Security
Division.

Downgrading and destruction
Downgrading of information
You should carry out regular review of holdings of protectively marked documents in any
media since this is desirable in terms of security, cost and convenience. You should
review whether the current grading needs to be retained or whether it is possible to
downgrade or destroy the material. Only originators or their successors may authorise
downgrading.

When the originator or successor was in the GO but cannot be traced, members of the
Senior Civil Service may authorise the downgrading and/or removal of protective
markings provided that it is related to their current sphere of responsibility. Once
authorisation is given regarding a particular subject, the actual downgrading can be
delegated in the same way as the application of markings (see Correct Marking).

Where the original source is outside the Office, and cannot be traced, copy documents
may be downgraded by the holders after consultation with other addressees. If possible
seek agreement to a consistent practice being applied to whole topics. The criteria for
downgrading should be the same as applied in determining the original marking but
making due allowance for the passage of time and any other relevant developments.

Destruction of protectively marked waste
Waste paper, which is protectively marked, is a notorious source of unauthorised access
to information. You should keep it secure until it has been destroyed. The main points to
note are:

SECRET and TOP SECRET documents should be disposed of by use of shredding
machines of approved standard. The shredding should be well mixed by hand before
disposal.

                                      UNCLASSIFIED
                                       Page 16 of 49
                                       UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

Other protectively marked documents may also be shredded or should otherwise be
disposed of by the use of Confidential Waste sacks or bins. Confidential Waste sacks and
bins, until collected, should be stored in a container appropriate to the highest protective
marking of the information that they contain (see Security Furniture).

In order to comply with the GO‟s green policy it is important that non protectively
marked papers should be disposed of in Office Paper Recycling Points.

Sensitive or protectively marked information stored on computers or computer media,
such as floppy disks, cannot securely be removed by simple deletion or reformatting.
Consult your local IT Security Manager before disposing of computers and computer
media which may have been used to hold sensitive or protectively marked information.

Despatch and distribution
Dispatch of protectively marked documents
Sensitive material is often at its most vulnerable when in transit. Rules have been
developed to ensure that information bearing a protective marking receives uniform
treatment throughout Government, according to its degree of sensitivity.

The procedures for the despatch of protectively marked material when sending it from
one place to another, including overseas, are set below. You may apply more stringent
measures to protect the information if you consider its sensitivity justifies this but you
should never apply lower standards without first checking with the ODPM Security
Division.

   Table 1: Dispatch of protectively marked documents
                       Within a building Between buildings in the UK *        To locations abroad
                      By hand or           By post, IDS, or other courier     By post, or other
                      messenger            service                            courier service

                       Single sealed       Single sealed envelope             Single sealed
                       envelope                                               envelope

                       No marking or       No marking or descriptor           No marking or
                       descriptor (other   (other than "Personal" or          descriptor (other
  RESTRICTED           than "Personal"     "Addressee Only" if you wish       than "Personal" or
                       or "Addressee       to limit access) Address to an     "Addressee Only"
                       Only" if you        individual by name or              if you wish to limit
                       wish to limit       appointment                        access) Address to
                       access)                                                an individual by
                                                                              name or
                                                                              appointment

                       INDiGO E-mail       INDiGO E-mail, including           E-mail of any kind


                                       UNCLASSIFIED
                                        Page 17 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                         Version 2.0

                       may be used (but   GSI members, may be used          must not be used
                       not Internet e-    (but not Internet email)
                       mail)
                                          *for Northern Ireland seek        For countries of
                                          advice from your local post       special sensitivity,
                                          room or ODPM Security             or which insist on
                                          Division                          despatch via
                                                                            Government
                                                                            channels, seek
                                                                            advice from ODPM
                                                                            Security Division

                      As RESTRICTED As RESTRICTED plus: For a               As RESTRICTED
                      but not by INDiGO non-Government address,             plus: For a non-
                      or Internet email double-sealed envelope - see        Government
                                        footnote below but not by           address, double-
                                        INDiGO or Internet email            sealed envelope -
                                                                            see footnote below

                                          *for Northern Ireland seek        To be carried by
  CONFIDENTIAL                            advice from your local post       Diplomatic air
                                          room or ODPM Security             freight - seek
                                          Division                          advice from your
                                                                            local Post room or
                                                                            ODPM Security
                                                                            Division

                                                                            E-mail of any kind
                                                                            must not be used

                      As RESTRICTED As RESTRICTED plus: For a               Seek advice from
                      but not by INDIGO non-Government address,             ODPM Security
                      or Internet e-mail double-sealed envelope - see       Division
                                         footnote below

                                          By messenger, IDS or other        E-mail of any kind
                                          approved courier, DataPost        must not be used
                                          (not 48), or Registered Post
  SECRET                                  but not by INDIGO or Internet
                                          e-mail

                                          *for Northern Ireland seek
                                          advice from your local post
                                          room or ODPM Security
                                          Division

                                          Receipts required if carried by
                                          courier or mail services

                                      UNCLASSIFIED
                                       Page 18 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                             Version 2.0

   TOP SECRET          Seek advice from ODPM Security Division

Footnote: Outer covers or secure container/packaging should not show any protective
marking or descriptor but only the name/appointment of the recipient and a return
address. Inner covers should be similarly addressed but should carry in addition the
marking plus descriptor, if any.

Communicating information outside the government service
If it is necessary for you to communicate protectively marked or other sensitive
information outside the Government Service, you are responsible for making sure that the
intended recipient is aware of the sensitivity and, if relevant, has the appropriate security
clearance.

If the information to be communicated is protectively marked you should check with
ODPM Security Division who can advise on standard clauses for insertion in
letters/contracts to draw the recipient's attention to the duty of confidentiality and the
Official Secrets Acts.

In addition, you will need to check that the recipient has appropriate arrangements for
storing the information to be communicated. The arrangements must ensure that the
information concerned is at no greater risk than if it were being held by the GO. If in
doubt, check with ODPM Security Division.

Security of protectively marked material outside the office
You should not take protectively marked and other sensitive documents etc. out of the
office unless necessary, e.g. to attend a meeting or to work on at home overnight. Should
it be necessary to do so you will be responsible for the safekeeping of the documents in
your care.

If it is necessary for you to take material marked CONFIDENTIAL out of the office, you
must keep it securely in a security briefcase or one of reasonably robust construction with
two locks. You should keep the briefcase in your personal possession at all times. When
attending meetings, sensitive papers should be put away in locked briefcases during
coffee breaks, etc.

Make sure you know what sensitive papers you have taken so that you can report if any
are missing. Leave a record of documents marked CONFIDENTIAL or above with your
Security Liaison Officer. It is advisable to attach a discreet label to the briefcase asking
anyone finding it to hand it into the nearest police station.

You should not take SECRET or above material out of the office unless absolutely
necessary, and only then after checking with ODPM Security Division.

You should not read protectively marked papers in public places, e.g. on trains. You
should be aware that members of the public have been known to report breaches of this

                                      UNCLASSIFIED
                                       Page 19 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                              Version 2.0

rule to departments resulting in disciplinary procedures being taken. This also indicates
that members of the public do notice what you might be reading.

If it is essential to take sensitive material overseas, e.g. for a meeting, you should first
seek advice from ODPM Security Division.

Cabinet papers
Papers and minutes of Ministerial Cabinet Committees are subject to special handling
arrangements. These arrangements provide for access on a strict need-to-know basis with
all movements of individually numbered papers on special folders being recorded. These
papers must not be photocopied or placed on Departmental files. A summary of the
special handling rules appears on each folder.

Open government and freedom of information
Open government
Requests for information under the Code of Practice for Open Government or other
measures, e.g. environment legislation giving rights of access to certain classes of
information, should be dealt with in accordance with the guidance issued separately.

A protective marking does not, in itself, constitute grounds for rejecting a request for
information but should be taken into account when deciding whether it can be made
available. In such circumstances you should seek advice from the author of the material
and, in appropriate cases, consult with Legal Group. However, if the material, or part of
it, is released, it will be appropriate for the author to consider whether the Protective
Marking should continue to apply.

Freedom of information
The introduction of Freedom of Information legislation will not effect the system of
protective markings but may effect what records and information may be released.
Further information about the proposals is available on the IntraNet and further guidance
will be issued as necessary.

The clear desk policy
The GO operates a Clear Desk Policy which was originally designed to prevent sensitive
documents being mislaid or overlooked. Experience has shown that it can also
significantly assist in disaster recovery. Material stored in locked cabinets is more likely
to survive the impact from incidents such as explosion, fire or water damage and remain
salvageable. The Clear Desk Policy additionally helps to improve the quality of our
working environment.

Responsibility for ensuring that the Clear Desk Policy is implemented rests with Regional
Directors, however, day-to-day monitoring may be delegated to Security Liaison Officers
(SLOs). SLOs carry out periodic checks as part of their wider security responsibilities
and Regional Directors are advised of the extent to which the Clear Desk Policy is being


                                      UNCLASSIFIED
                                       Page 20 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                          Version 2.0

observed. The application of the Clear Desk Policy will, to some extent, depend on local
circumstances. However, the following guidelines should be observed:

           All official papers and removable IT media (such as floppy disks), whether
            protectively marked or not, should be cleared away at the end of the working
            day and placed in appropriate containers. Whilst it is not essential that such
            items as books, directories, magazines, staff notices, stationery, etc are put
            away, they should be left in such a way that official papers will not become
            intermingled with them.
           In brief, the minimum requirements are for material marked
            CONFIDENTIAL and above to be kept in security containers and material
            marked RESTRICTED or which is otherwise sensitive to be kept in locked
            containers. Material that is not protectively marked may be placed in suitable
            containers which need not be lockable. Where containers are lockable, they
            should be locked at the end of the day.
           All keys must be suitably protected, preferably by placing them behind a
            combination lock or, if this is not possible, putting them in a place where they
            are not readily accessible. Keys for Mersey lock containers must always be
            kept behind a security lock (Combination or Mersey). Duplicates of keys
            should be held by the SLO or another suitable person.
           Documents, unless enveloped, should not be left in the room or at the work
            station of other members of staff when they are absent unless it is certain that
            they will return that day.
           When staff are absent from the office, arrangements should be made locally to
            deal with their incoming mail or for the messenger/operational assistant to
            hold it until their return.
           Non-protectively marked drawings in preparation on machines or boards need
            not be taken off and stored away overnight.
           During the working day there is a continuing requirement to safeguard
            protectively marked material, including sensitive waste. If a room or work
            area is left unoccupied, all protectively marked material must be locked away
            in appropriate containers unless the absence will be of short duration.
           For documents in a lockable room it is acceptable for them to be left for short
            periods (up to 30 minutes), provided no TOP SECRET documents are
            involved, and all the doors to the room are locked.
           TOP SECRET documents must be locked in an appropriate security container
            whenever they are not in actual use. They must never be left out when a room
            is left unattended whether the door is locked or not.
           In open plan offices, protectively marked documents should not be left out,
            even for short periods, unless they are under the supervision and sight of a
            trusted colleague.
           All protectively marked documents should be protected at all times from
            overlooking. This is particularly relevant in open plan offices where there is
            not always the opportunity to place work stations in such a way that
            overlooking can be completely prevented. You should be alert to the
            possibility of visitors seeking the opportunity to see the work that is being

                                      UNCLASSIFIED
                                       Page 21 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                      Version 2.0

            undertaken and should challenge anyone who does not have a right or a need
            to be in the area.




                                      UNCLASSIFIED
                                       Page 22 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                         Version 2.0



PHYSICAL SECURITY
This section:
           sets out who has responsibility for building security;
           details building pass procedures;
           establishes precautions which should be taken to prevent theft;
           advises on the supply of security furniture and disposal of surplus items;
           sets out the procedures for handling security keys and maintaining a secure
            locking-up procedure;
           advises on changing combination lock settings;
           outlines the procedures for dealing with lapses of security;
           gives guidance on working in open plan areas.

Summary of key points
           Line managers should periodically review the security arrangements in their
            area of responsibility.
           Building passes should be worn in buildings at all times and lost passes should
            be reported immediately.
           Valuable items of equipment and personal belonging should be locked away at
            night or when rooms/work areas are left unoccupied. Losses should be
            reported immediately.
           Special furniture is required for storing material marked CONFIDENTIAL
            and above. RESTRICTED material must be stored in containers with a lock
            and key.
           Security keys must be stored in an approved security container and
            combination locks properly scrambled at the end of the day or when
            rooms/work areas are unoccupied.
           Combination lock setting numbers should be changed regularly and not
            written down.

Security arrangements
Security arrangements
In buildings where the GO is the major occupier, the GO primary responsibility for
building security. The building/facilities manager or SLO can seek specialised advice
and guidance from the RCU Security Advisor or ODPM Security Division. However,
where appropriate, all staff have a duty to ensure that windows and any external doors for
which they have responsibility are closed and locked at night or when the room or
building is to be left unoccupied.

Line managers should conduct a periodic review of security arrangements in the areas
occupied by their staff.



                                      UNCLASSIFIED
                                       Page 23 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

Security in open plan areas

Visitors
To help avoid the possibility of visitors to the building seeing protectively marked
information or other assets, and also to assist them in finding their way through open plan
areas, it will often be appropriate to escort your visitors to and from your work station or
other meeting place.

In an open plan environment some people see the entire office as a thoroughfare and will
disregard the designated walkways. Do not hesitate to query someone's need to be in
your area if you have any doubts.

IT Security
Remember that in open plan areas it is far easier for PC screens to be overlooked. You
should minimise the risk by angling the screen away from walkways and adjacent work
areas. If necessary special filters can be used which make it difficult for passers-by to see
the display.

You should not leave your PC unattended without protecting it from unauthorised access,
either by use of a password-protected screen saver and keyboard lock or by switching it
off.

If you are bringing particularly valuable or vulnerable IT equipment into an open plan
area you may wish to review the physical security measures required to provide adequate
protection. Your local IT Security Officer can advise you on suitable measures.

Leaving your work station
In an open plan area documents are more vulnerable to casual overlooking and if you
have to leave your work station you must ensure that sensitive documents are put out of
sight or, where appropriate, locked away.

For short absences you may be able to leave your papers to be “supervised” by a
colleague. This may be more expedient than locking papers away, but beware of leaving
out anything that your colleague should not see.

Be aware that meetings can overrun and, although you may have left colleagues to
“supervise” your work station, they may run into difficulties at lunch times and at the end
of the day or if they themselves have meetings to attend. It is good working practice to
treat any planned absence as if it is the end of the day by putting away all papers, disks
and other assets and switching off any electrical equipment.

Leaving an open plan area unattended
No open plan area should be left completely unattended at any time unless all papers and
portable equipment have been locked away.


                                      UNCLASSIFIED
                                       Page 24 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                          Version 2.0

Local arrangements should be made to ensure that all protectively marked material and
valuable portable equipment, for example laptop computers, have been secured at the end
of the day.

Meetings and telephone conversations
Meetings and telephone conversations held in open plan areas are vulnerable to casual
overhearing. Where privacy is required a conference room or vacant room should be
used.

Personal property
Open plan work areas help to guard against petty pilfering as staff can more easily see
what is going on. Nevertheless, there is no substitute for taking your own common sense
precautions. Do not bring a lot of cash into the office unless it is unavoidable, keep your
valuables under lock and key and do not leave anything adjacent to walkways that could
be stolen by an opportunist thief.

Any losses of personal property at work should be reported to the SLO. The information
will help to identify a pattern of such losses in a particular area and whether official
action needs to be taken. However, it is for the individual to pursue with the local police
if they so wish and to seek compensation from any suitable insurance they may have.

The Staff Handbook provides guidance on compensation for loss or damage to personal
property brought into the office. However, the Office will not accept claims where the
loss or damage was caused by the individuals own carelessness.

Identity cloning
Staff should also be aware of the growing threat of identity cloning. Personal items such
as pay slips, bank statements, credit cards, credit card statements or receipts etc. should
not be left in accessible areas in the office. Ideally, these items should be either taken
home and kept somewhere safe, or torn up or shredded and disposed of in the paper
recycling bins.

Precautions against theft
It is your duty to ensure that valuable items of equipment in your charge are adequately
protected and, if possible, locked away at night and when rooms or work areas are
unoccupied for any length of time. Items that are particularly vulnerable in this respect
are laptop computers and mobile telephones. Advice on property marking and other theft
deterrent measures may be obtained from ODPM Security Division.

Unfortunately, theft from offices of personal belongings, including cash and credit cards,
continues to be a problem together with the new risk of identity cloning. Valuable
personal belongings should never be left in unlocked drawers or cupboards. Coats or
handbags containing cash and other valuables should never be left unprotected (See
Personal Property).



                                      UNCLASSIFIED
                                       Page 25 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                         Version 2.0

You should be aware of the dangers in this respect and should report immediately to the
officer responsible for accommodation or the security guard if out of hours, any suspicion
or discovery of break-in or theft.

Generally speaking, the same principles of security apply in both cellular and open plan
accommodation. Nevertheless in open plan some additional considerations have to be
taken into account to avoid placing the Department's assets at risk.

Security furniture
Different types of furniture are required depending on the level of protective marking of
the material to be protected and the protection afforded by the building (in terms of
security guarding, etc). Special furniture is required for storing material marked
CONFIDENTIAL and above. RESTRICTED material must be stored in containers with a
lock and key. Advice on the correct security furniture to be used in particular
circumstances can be obtained from ODPM Security Division.

Requests for security furniture should be addressed to the officer responsible for
accommodation. Where there is any uncertainty about the type of security furniture
applicable in any given circumstance, you should seek advice from ODPM Security
Division.

The use of security furniture requires special measures to be taken to store keys (in an
approved security container of the appropriate standard) and/or to set and memorise
combination numbers. Security furniture is also significantly more expensive than
standard furniture of the same size. There will be a substantial saving to the GO if your
holding of security furniture is kept to the minimum.

Advice on the local arrangements for the disposal of surplus security furniture should be
sought from the officer responsible for accommodation. The combination locks of
surplus and unused security furniture should be set on the manufacturer's setting - 40-50-
60 - before returning them to store.

Keys and locking up procedures
The keys to security furniture equipped with Mersey-key locks (the keys are usually brass
with a double head) are always supplied in pairs. One is for day-to-day use; the other
should be marked and held by the Security Liaison Officer in a security cabinet of a
standard appropriate to the highest level of protectively marked material being stored.

If a spare key is not available for a security cabinet, you should seek advice from the
officer responsible for accommodation. If the spare cannot be found the container must
be regarded as potentially compromised. In those circumstances, it will be necessary to
change the security container or have another lock fitted.

Keys must be stored securely in an approved security container and combination locks
properly scrambled at the end of the day or when rooms or work areas are unoccupied.


                                      UNCLASSIFIED
                                       Page 26 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                             Version 2.0

The proper scrambling of a combination lock requires at least five full turns anti-
clockwise of the dial.

In shared rooms or work areas there should be a clear understanding of who bears
responsibility for locking-up at the end of the day. In the absence of any arrangement to
the contrary, responsibility will rest with the last person to leave. As far as possible
security furniture should be arranged so that the staff responsible for it are located in the
same room or work area and have their own key box, if required.

The use of “open/locked” cards is not recommended. The best procedure is for cupboard
doors to be left wide open when in use and for them to be closed only when they are
properly locked.

Combination locks
Combination lock numbers must not be recorded in diaries, etc. As a safeguard, they
should be recorded in sealed and dated envelopes and kept by the Security Liaison
Officer along with duplicate keys in a security cabinet appropriate to the protective
marking of the most sensitive material held.

Combination lock settings should be changed regularly, ideally every six months or when
staff are transferred or whenever there has been a compromise of the number. Instructions
on the use of security furniture with both mechanical and digital combination locks
(including changing of lock settings) are set out below.

Empty security furniture should be locked to prevent compromise of the lock mechanism.

Mechanical combination locks
Setting new numbers
Choose your three new numbers and make a note of them. Select the numbers at random
making sure that successive numbers are separated by at least ten digits and that one
number does not suggest its successor (for example 25 35 45). When selecting your third
number you should avoid a number within ten of the final "static" number (0, 25 or 75
depending on how the lock is installed). Make sure you have available one of the special
Manifoil Change Keys.

Open the container in the normal way using the existing combination numbers and the
arrow mark.

Without closing the container throw the bolt(s) and scramble the combination by turning
the knob at least five turns anti-clockwise.

Carry out the sequence of unlocking using the existing combination numbers but use the
straight mark (to the left of the usual arrow mark) and dial only the first three numbers.
Do not move the dial after reaching the third number.


                                      UNCLASSIFIED
                                       Page 27 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                            Version 2.0

Locate the keyhole at the back of the lock by pushing aside the flap. If the back of the
lock is housed behind a plate this should be removed with a screw driver. Insert the
special change key until the wing of the key has passed right into the hole. You may
have to wiggle the key a bit but do not use force. If the key will not go in try re-dialling
the numbers making sure that each number falls precisely on the straight mark. When the
key has been inserted turn it a quarter turn anti-clockwise. Leave the key in this position.

Carefully dial only the three new combination numbers you have selected in the same
unlocking sequence and with the same number of rotations as before, again using the
straight mark. Do not move the dial from this position.

Note: If you make a mistake while the change key is in the lock you may scramble the
combination, (by turning the dial at least five times anti-clockwise), and restart dialling
your new numbers. You cannot rectify a mistake once the key has been removed and the
dial turned. Do not tamper with the lock in any way.

When you are sure the new combination is correctly set, turn the change key a quarter-
turn clockwise and withdraw. Scramble the lock but do not close the container.

Using the new combination setting and including the static fourth number try opening the
lock in the normal manner, using the arrow mark. Try this twice and read the instructions
on problems before finally closing and locking the container.

Memorise your new combination numbers, securely dispose of your note and pass a
written copy in a sealed, signed and dated envelope to your Security Liaison Officer for
safe keeping.

Problems
If you have followed the above instructions carefully you should have no problem using
your newly set combination lock. However, if the lock does not open, a locksmith must
be called to reset your lock. This will only be possible if the back of the lock is still
accessible, i.e. the cupboard/cabinet door/bar has not been secured. To obtain a
locksmith you should contact the building manager or the officer responsible for
accommodation.

Should it be impossible to arrange for a locksmith to attend before the end of the day any
protectively marked information must be secured elsewhere. Please leave a note on the
container instructing any patrolling security guards not to treat the fact that the container
is open as a breach. It is recommended not to attempt to reset a combination late in the
day in case you experience problems and are unable to obtain a locksmith quickly.

Unlocking a mechanical combination lock
Turn the dial clockwise, stopping when the first of the four combination numbers comes
to the arrow mark the fifth time.



                                      UNCLASSIFIED
                                       Page 28 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                             Version 2.0

Turn the dial anti-clockwise, stopping when the second number comes the fourth time to
the arrow mark.

Turn the dial clockwise, stopping when the third number comes the third time to the
arrow mark.

Turn the dial anti-clockwise, stopping when the static number (0, 25 or 75) comes to the
arrow mark the second time.

Turn the dial clock-wise slowly until the lock operates and the dial refuses to turn any
further.

The bolts, if operated by a separate lever or handle, may now be withdrawn and the door
or drawer opened.

Note: In all operations if you turn the dial past the number, do not turn back, but begin
the whole sequence again. Do not spin the dial round but always turn slowly and steadily,
taking special care as the combination number is approached. At each stage, check
carefully how many times the combination numbers come to the arrow mark irrespective
of how little movement is needed to bring them there.

Locking a combination lock
To lock or scramble a combination lock, the dial must be turned at least five times anti-
clockwise. It will usually be necessary first to turn a separate lever or handle in order to
throw the locking bolts.

Digital combination locks
Security furniture with digital combination locks are operated by entering a two digit user
ID (normally 01) followed by a six-digit PIN. They do not require batteries but are
powered by the movement of the lock. Digital combination locks are easier to operate
than the mechanical combination locks but afford the same security

If necessary these locks can be programmed for multiple users and provide audit trails.
Please refer to the user guide for the unit for more information on how to activate these
options.

Opening and closing the lock
           Power the lock by briskly turning the dial back and forth in both directions
            until the green and red lights flash simultaneously;
           Position the dial to the HOME position (i.e. the red bar is covered);
           Enter the USER ID followed by the unique six-digit PIN;
           Turn the dial to the right (clockwise) as far as it will go to unlock the bolt –
            about a quarter turn;
           Open the cabinet by turning the separate handle/knob;



                                      UNCLASSIFIED
                                       Page 29 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

           To close the and lock the cabinet, engage the bolt using the cabinet
            handle/knob and then turn the lock dial to the left (counter-clockwise) at least
            two full turns.

Changing the PIN
Note: This procedure allows only the PIN to be changed – the User ID cannot be
changed.

           Power the lock by briskly turning the dial back and forth in both directions
            until the green and red lights flash simultaneously;
           Press Enter and then 1 – the green and red lights will flash simultaneously;
           Enter current combination (User ID + PIN) – the green and red lights will
            flash simultaneously;
           Enter new combination (User ID + PIN) – the green and red lights will flash
            simultaneously;
           Enter new combination (User ID + PIN) again for verification – the green and
            red lights will flash simultaneously – the new PIN is now changed.

Lapses of security
The Office takes a serious view of lapses of security. As a general rule, responsibility for
lapses of security lies with the last person to leave the room or work area, or the last
person to finish using shared storage facilities (unless other locking-up arrangements
have been agreed locally).

When lapses of security are discovered the Security Liaison Officer and/or member of
staff concerned will be asked to submit a report on the circumstances leading to the lapse.

Follow-up action, depending on the circumstances, may be taken by the line manager in
accordance with the disciplinary procedures contained in the Staff Handbook. This will
normally take the form of an informal discussion with the person responsible. In more
serious cases, formal disciplinary procedures may be invoked, as set out in the Staff
Handbook.

Line Managers are reminded of their responsibility to oversee and manage the security
aspects of any temporary staff, consultants and contractors that they employ. Line
Managers may be asked to account for any lapses for which such staff are found
responsible.




                                      UNCLASSIFIED
                                       Page 30 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                            Version 2.0



COMPUTER SECURITY
This section:
           establishes the three key principles of IT security - availability, integrity, and
            confidentiality;
           details the mandatory requirements for using passwords;
           sets out the GO‟s baseline security requirements for using personal computers
            for information no higher than RESTRICTED;
           advises that the INDiGO network is accredited to handle, store, and transmit
            information no higher than RESTRICTED;
           advises that INDIGO users may exchange email with users of the Government
            Secure Intranet (GSI) up to RESTRICTED level;
           cautions that whilst INDIGO provides access to the Internet for email and web
            browsing it should be remembered that Internet email is insecure;
           reminds all staff that they need to have regard to the requirements of the Data
            Protection Act.

Summary of key points
           Most of the security advice in the other chapters of The Security Manual
            applies equally to the use of IT systems.
           The use of passwords is a mandatory requirement under the PC Baseline
            Security requirements;
           Personal computers (PCs) and the information stored on them must be
            safeguarded as valuable assets.
           Departmental PCs, INDIGO, and the Government Secure Intranet (GSI) are
            accredited to handle, store, and transmit information no higher than
            RESTRICTED.
           INDIGO users accessing the Internet for email and web browsing should
            remember that the Internet is insecure, unreliable, and unassured. Accessing
            unsuitable material may constitute a disciplinary offence.

PC Passwords
INDiGO Password Policy
When logging on to the INDIGO system, you must use a personal password. The system
will automatically require this password to be changed every ninety days.

Keeping your password secure
Do not write your password down anywhere visible, or in any format recognisable as a
password. Ideally you should memorise your password, so that you do need to keep a
note of it.

If you believe your password has been compromised, you should arrange to change it
immediately. To do this:
                                      UNCLASSIFIED
                                       Page 31 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                         Version 2.0

           On your PC, press Ctrl-Alt-Del,
           Click on Change Password,
           You will be prompted to enter your old password once, and your new
            password twice.
           Once you have done this, click on OK to complete the change.

Principles
Most of the security advice in the other chapters of The Security Manual applies equally
to the use of IT systems, and common sense application of those principles when using IT
systems will go a long way toward maintaining good security. However, IT systems also
have their own particular vulnerabilities and this section explains the security
requirements of the equipment and systems used by most staff in the Office.

IT security is based on three key principles:
       Availability - ensuring that information remains available for use by authorised
       users;
       Integrity - ensuring that information is protected from unauthorised alteration or
       corruption; and
       Confidentiality - ensuring that information is protected from unauthorised
       disclosure.

Personal computers
PCs are provided for official purposes. PCs and the information stored on them must be
safeguarded as valuable assets. The GO‟s Baseline PC Security Requirements enable
PCs to be used for the handling and storage of RESTRICTED information. Additional
security requirements may apply to PCs used for special purposes, and such PCs may not
be used for the handling or storage of RESTRICTED information without specific
approval. No PC may be used for the storage of information above RESTRICTED level
without the prior approval of the RCU ICT and RCU Security Advisor.

Corporate IT systems and departmental network
Most Departmental PCs are connected to the GO network through which access is
provided to corporate systems (such as INDIGO and SAP) and to locally-managed IT
systems that meet the specific needs of individual business areas and workgroups.

The INDIGO network is accredited to handle, store, and transmit RESTRICTED
information. Users are required to comply with the security requirements of all systems
to which they are granted access, as set out in the individual systems‟ user guidance and
must not exceed the user rights allocated to them.

Government secure intranet (GSI)
INDIGO provides users with access to the GSI, offering facilities for browsing GSI sites
and the exchange of email up to RESTRICTED level between members of the GSI
(membership is indicated by the inclusion of ".gsi" in the email address, e.g.
xxx.xxx@departmentalname.gsi.gov.uk).

                                      UNCLASSIFIED
                                       Page 32 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

Staff accessing the GSI are required to read and sign a Personnel Commitment Statement
(copy at Annex A).

The internet
INDIGO also provides access to the Internet for email and web browsing. The key
security points are:
         Internet email is insecure, and must not be used for protectively marked or
           other sensitive information;
         Internet email is also unreliable, and should not be used as the sole carrier for
           important information;
         the web and other Internet sources of information are unassured, and cannot
           always be trusted; and
         accessing unsuitable (offensive, etc.) material using official facilities may
           constitute a disciplinary offence.

Data Protection Act
All staff are reminded of the need to have regard to the requirements of the Data
Protection Act, especially if your work involves the holding or processing, by
computerised means, of personal data (i.e. data from which a living individual can be
identified).

GO Data Protection Policy
GO needs to collect and use certain types of information about people with whom it deals
in order to operate. These include current, past and prospective employees, suppliers,
clients/customers, and others with whom it communicates. In addition, it may
occasionally be required by law to collect and use certain types of information of this
kind to comply with the requirements of government departments for business data, for
example. This personal information must be dealt with properly, however it is collected,
recorded and used – whether on paper, in a computer, or recorded on other material – and
there are safeguards to ensure this in the Data Protection Act 1998.

We regard the lawful and correct treatment of personal information by GO as very
important to successful operations, and to maintaining confidence between those with
whom we deal and ourselves. We ensure that our organisation treats personal
information lawfully and correctly.

To this end GO fully endorse and adhere to the Principles of Data Protection, as
enumerated in the Data Protection Act 1998.

Specifically, the DPA Principles require that personal information:

           Shall be processed fairly and lawfully and, in particular, shall not be processed
            unless specific conditions are met;



                                      UNCLASSIFIED
                                       Page 33 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                          Version 2.0

           Shall be obtained only for one or more specified and lawful purposes, and
            shall not be further processed in any manner incompatible with that purpose or
            those purposes;
           Shall be adequate, relevant and not excessive in relation to the purpose
            or purposes for which they are processed;
           Shall be accurate and, where necessary, kept up to date;
           Shall not be kept for longer than is necessary for that purpose or those
            purposes;
           Shall be processed in accordance with the rights of data subjects under the
            Act;
           Appropriate technical and organisational measures shall be taken against
            unauthorised or unlawful processing of personal data and against accidental
            loss or destruction of, or damage to, personal data.
           Shall not be transferred to a country or territory outside the European
            Economic Area unless that country or territory ensures an adequate level of
            protection for the rights and freedoms of data subjects in relation to the
            processing of personal data.

Therefore, GO will, through appropriate management, strict application of criteria
and controls:

           Observe fully conditions regarding the fair collection and use of information;
           Meet its legal obligations to specify the purposes for which information is
            used;
           Collect and process appropriate information, and only to the extent that it is
            needed to fulfil operational needs or to comply with any legal requirements;
           Ensure the quality of information used;
           Apply strict checks to determine the length of time information is held;
           Ensure that the rights of people about whom information is held, are able to be
            fully exercised under the Act. (These include: the right to be informed
            that processing is being undertaken, the right of access to one‟s personal
            information, the right to prevent processing in certain circumstances and the
            right to correct, rectify, block or erase information which is regarded as wrong
            information.);
           Take appropriate technical and organisational security measures to safeguard
            personal information;
           Ensure that personal information is not transferred abroad without suitable
            safeguards.

In addition, GO will ensure that:

           There is someone with specific responsibility for data protection in the
            organisation.
           Everyone managing and handling personal information understands that they
            are contractually responsible for following good data protection practice;

                                      UNCLASSIFIED
                                       Page 34 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                      Version 2.0

           Everyone managing and handling personal information is appropriately
            trained to do so;
           Everyone managing and handling personal information is appropriately
            supervised;
           Anybody wanting to make enquiries about handling personal information
            knows what to do;
           Queries about handling personal information are promptly and courteously
            dealt with;
           Methods of handling personal information are clearly described;
           A regular review and audit is made of the way personal information is
            managed;
           Methods of handling personal information are regularly assessed and
            evaluated;
           Performance with handling personal information is regularly assessed and
            evaluated.




                                      UNCLASSIFIED
                                       Page 35 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

COMMUNICATIONS SECURITY
This section:
           gives guidance on using telephones, radio pagers, and fax machines to
            communicate sensitive issues.
           gives details of the secure facilities available at the Communications Centre.
           gives the policy on the blocking of threatening content via email and the
            internet

Summary of key points
           Discretion should be exercised about discussing sensitive issues on the
            telephone. Radio pagers are extremely vulnerable to interception. Fax
            machines may be used to transmit RESTRICTED information within the UK.
           Special secure fax machines should be used to transmit information above
            RESTRICTED level.
           The levels of security offered by the various communications methods are set
            out in a quick reference table.
           The blocking of malicious code and viruses received via the Internet and
            emails.

Telephones
You should exercise discretion about discussing sensitive issues on the telephone.
Beware of callers not known to you who wish to discuss sensitive issues: ask for their
telephone number and, before calling them back, check with other members of staff
and/or against other sources, such as recent correspondence, to ensure that they have a
legitimate right to discuss sensitive information. Also check that callers are not using a
form of telephone that is insecure and are not calling from an insecure location, as
explained below.

The UK land-based telephone system, including the GTN network, is sufficiently secure
for it to be used to discuss material with a protective marking of RESTRICTED within
the UK - provided that no parties involved in the call are using cordless telephone
handsets or analogue mobile telephones.

Digital mobile telephones are sufficiently secure to be used to discuss material with a
protective marking of RESTRICTED - subject to the same provisos as for the land-based
telephone system above.

Analogue mobile telephones and cordless telephone handsets are insecure, as these
communications can be intercepted easily for eavesdropping purposes. It should also be
noted that hands-free telephones, or „speakerphones‟, run the risk of eavesdropping by
persons in the immediate area.




                                      UNCLASSIFIED
                                       Page 36 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

Radio pagers
Paging services use radio to broadcast messages across their entire service area (often the
whole country) and those messages are extremely vulnerable to interception. Pager
messages must not be used to convey protectively marked or other sensitive information.

Facsimile machines
You may use normal office fax machines to transmit RESTRICTED information within
the UK provided that you take great care in entering the destination number and check
that the recipient will be present to accept and confirm the transmission as it arrives. If
you have any reason to doubt that the transmission is reaching the correct destination,
interrupt the transmission immediately and recheck the arrangements with the recipient
before trying again.

Fax machines connected to special telephones are provided in GO buildings for the
transmission of information above RESTRICTED level. The IT Security Officer can
advise on the locations of these machines. You must ensure that you know how to
operate these machines in their secure mode before you attempt to use them.

Quick reference table
The following table shows the security levels offered by the various communications
methods. 4 = Secure X = Not secure

NB . This table applies to calls and messages within mainland UK (excluding Northern
Ireland) only.

   Table: Security levels offered by various communication methods
                                          Restricted                Confidential and above
   Internet email                         X                         X

   Radio pager                            X                         X

   Cordless telephone handset             X                         X

   Analogue mobile telephone              X                         X

   INDIGO & GSI email                     4                         X

   Digital mobile telephone               4                         X

   Land-based telephone                   4                         X

   Normal fax machine                     4                         X

   Secure fax machine                     4                         4




                                      UNCLASSIFIED
                                       Page 37 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                            Version 2.0

Internet mobile code blocking
Policy
It is the policy of the GO to block Internet mobile code content that might:
          threaten the availability, integrity, or confidentiality of our information;
          result in a wastage of official resources;
          cause legal problems for the Department; or
          in the case of outgoing email, present others with similar difficulties.

What is mobile code?
Mobile code is the generic term for various forms of executable code (small programs
such as Java applets) which may download to the user‟s PC from the Internet during a
browsing session. Usually, the user will be unaware that the code has been downloaded
and the code will run without giving the user an opportunity to stop it.

Most mobile code is harmless, used to assist in „building‟ the web page display on the
user‟s PC, but the covert nature of its downloading and execution makes it an ideal
vehicle for malicious code. Such malicious code may interfere with the operation of the
PC, damage or delete data, or even copy information and send it out across the Internet.



e-Mail blocking policy
Policy
It is the policy of the GO to block email content that might:
          threaten the availability, integrity, or confidentiality of our information;
          result in a wastage of official resources;
          cause legal problems for the Department; or
          in the case of outgoing email, present others with similar difficulties.

Background
The GO's connection to the GSI and the Internet is guarded by an integrated set of
protective devices that are generally referred to as „the firewall‟. This is used to protect
the GO network (including INDIGO and all other corporate and local application
systems, and all servers and PCs attached to the network. INDIGO Remote Access
Service portables are also included) from external threats, and to ensure that our network
poses no threat to the GSI.

Emails passing in or out of the GO are checked by the firewall against a set of rules, and
those which breach a rule are blocked. Blocked emails are not stored: each is deleted by
the firewall immediately following the decision to block it. This is an automatic process
carried out by the firewall software and does not involve the emails being viewed by any
person.


                                      UNCLASSIFIED
                                       Page 38 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

A notification message is sent to the originator of each blocked email to explain why the
email was blocked and offer advice on avoiding further blocking. The notification
message is also copied to a number of GO staff for operational reasons: in the case of an
outgoing virus-infected email, for example, the local IT Help Desk will then arrange for
the sender‟s computer to be virus-checked.

Viruses
The block on viruses is there for obvious reasons: the potential danger to information and
IT systems from computer viruses is generally well recognised, and few would argue that
we should not protect ourselves. In some cases, however, the sender of the virus may be
unaware that their system is infected and may insist that the detection software is at fault.
Whilst no virus detection software is perfect, IT go to considerable lengths to ensure that
ours is kept fully up-to-date. As it is in the common interest that no-one spreads viruses,
viruses detected in outgoing emails are also blocked.

The notification message sent to external email originators, which is copied to the
intended GO recipients, names the virus detected and suggests that if, after they have
checked their email with up-to-date detection software, a re-send is similarly blocked
they should consult their virus detection software vendor.

The notification message sent to GO email originators, which is not copied to intended
external recipients, informs them that the IT will contact them to arrange for a virus
check of their PC as soon as possible. If you receive one of these notifications, you
should avoid sending further emails (within INDIGO and externally) until your PC has
been checked and pronounced clean by IT.

If the delivery of information in a blocked email is urgently required for official business
purposes, and further virus-checking would take too long, alternative means of
information delivery should be considered. If the information is not required in
electronic form, consider using a telephone call, a FAX message, or delivery by mail or
messenger.

If the information is required in electronic form, consider the use of an alternative file
format that will not carry a virus. Using a text file format instead of an MS Word
document will prevent the spread of an MS Word macro virus (and ASCII or MS-DOS
text file formats are available as SAVE options in MS Word). Similarly, sending the data
output from MS Excel rather than the spreadsheet file itself will prevent the spread of an

MS Excel macro virus.
Executable files
Unauthorised executable files (unapproved, untested, unofficial software or programs)
represent a potential danger to our information and IT systems. As executable files sent
out by the department could represent a similar danger to others, outgoing executable
files are also blocked.


                                      UNCLASSIFIED
                                       Page 39 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                         Version 2.0

Executable files may be:
         Malicious – trick, joke, or „trojan horse‟ programs can cause damage or be
            used to infiltrate systems and, although our anti-virus detection software does
            detect well-known instances of these it cannot detect all of them;
         Incompatible – causing problems because they will not work properly in our
            IT environment and may clash with our standard operating systems and
            application software;
         Faulty – not doing what they are supposed to do and failing to meet the user‟s
            requirements;
         Illegal – there may be a breach of copyright;
         Offensive – to members of staff or visitors.
        
Members of staff who have a business need to use software that is not on the standards
list and has not previously been authorised for use within the Office must submit a
business case to their IT Manager. If the business case is accepted, IT will check the
software concerned to ensure that it is acceptable for use within the GO network before
authorising its use.

The notification message sent to external email originators, which is copied to the
intended GO recipients, explains that executable code must be authorised for use before it
may be accepted into the network. It suggests that if the executable code is intended for
GO business use they should contact the intended recipient to discuss, subject to the
authorisation process, alternative means of delivery. Those alternative means could
include posting disks or sending to an external ISP email account for downloading on a
stand-alone Internet PC within the Office.

Users must, however, contact their IT Manager to obtain official authorisation before
accepting the executable files for use within the GO network. If the business requirement
is so urgent that the authorisation procedure would represent an unacceptable delay, or if
the software is not intended for use on the network, you may run the software on a stand-
alone PC. This option must be approved by an appropriate line manager, who would be
accepting the risk that the software could corrupt or destroy the contents of that PC.

The notification message sent to GO email originators, which is not copied to the
intended external recipients, suggests that you should contact your IT Manager if the
executable code is intended for use outside the department for ODPM business purposes.
If you are granted approval to supply the executable code, you will need to use alternative
delivery methods as mentioned above.

Visual basic script
Emails containing Visual Basic Script (VBS) are blocked because, currently, we cannot
adequately check VBS for malicious or undesirable content. VBS is a powerful tool that
has been used for malicious purposes. Outgoing VBS is also blocked so that passing
unchecked VBS to others is avoided.



                                      UNCLASSIFIED
                                       Page 40 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

The notification message sent to external email originators, which is copied to the
intended Office recipients, explains why we do not accept emails containing VBS and
suggests that the VBS content might be removed (in many cases VBS is not essential to
the delivery of information content). If the VBS content cannot be removed and the
information is required for GO business purposes, it suggests that the originator may wish
to contact the intended recipient and discuss alternative means of delivery.

If the information is not required in electronic form, consider using a telephone call, a
FAX message, or delivery by mail or messenger. If the information is required in
electronic form, consider delivery on disk by mail or messenger or via email to an
external ISP account that may be accessed from a stand-alone Internet PC within the GO.
If you do obtain an electronic copy of the file, it must be treated as unauthorised software
and you should contact your IT Manager to obtain authorisation to open the file on the
GO network.

If the business requirement is so urgent that the authorisation procedure would represent
an unacceptable delay, you may open the file on a stand-alone PC. This option must be
approved by an appropriate line manager, who would be accepting the risk that the VBS
could corrupt or destroy the contents of that PC.

The notification message sent to GO email originators, which is not copied to the
intended external recipients, contains similar information to the above notification. If the
content of the email is intended for use outside the department for GO business purposes,
and you are not able to remove the VBS content, you should consider the alternative
means of delivery discussed above. If you do supply an electronic copy of the file to an
external recipient, you should warn them that it contains VBS so that they may take
whatever precautions they consider appropriate.

Encrypted material
Emails containing encrypted material are blocked primarily because it is difficult to
check the contents for malicious or undesirable content. This includes password-
protected document and zip files, as well as files encrypted by the use of specialist
software.

Outgoing emails of this type are also blocked because it is HMG policy that officially-
approved means of encryption for protectively marked information must be used, and
there is currently no such means approved within the GO for Internet email.

Email between GSI member organisations (indicated by their email addresses ending in
".gsi.gov.uk") may carry RESTRICTED information without the need for encryption.
The question of emails containing protectively marked information at CONFIDENTIAL
level or above does not arise in the Office, as our network is not allowed to handle
information at those levels.

The notification message sent to external email originators, which is copied to the
intended GO recipient, explains why we do not accept emails with encrypted content. It

                                      UNCLASSIFIED
                                       Page 41 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                          Version 2.0

suggests that the originator may wish to reconsider the need for the material to be
encrypted, or contact the intended recipient and discuss alternative means of secure
message delivery. These can include a telephone call, a FAX message, or delivery by
mail or messenger – all of which can offer reasonable levels of security if used properly.

The notification message sent to GO email originators, which is not copied to the
intended external recipients contains similar information to the above notification.
Similar means of secure message delivery may be used. If you consider, however, that
you have a business requirement to use encryption, you must consult the IT Security
Officer.

Bad data
Emails containing bad data are blocked because it is difficult to check the contents for
malicious or undesirable content. The bad data may be due to one of the following:
         the message has some UUEncoded data that uses an unrecognised
            UUEncoding character set;
         the message contains a malformed nested MIME multipart; or
         the message has a CDA-format attachment (e.g. Word, Excel) that has become
            corrupt or contains some anomalies.
        
The notification message sent to external email originators, which is copied to the
intended GO recipients, explains why we do not accept emails that have been detected as
containing bad data. It asks the originator to check the email and any attachments
carefully before re-sending, and suggests that, if a further attempt to send the checked
email is blocked, they should contact the intended recipient to discuss alternative means
of delivery. In this case it is advisable to consider a telephone call, FAX message, or
paper delivery by post or messenger. The continued detection of bad data in the checked
email or attachments could mean that alternative means of delivery in electronic form
would simply result in the successful delivery of corrupt or unreadable information.

The notification message sent to GO email originators, which is not copied to the
intended external recipients, contains similar information to the above notification.
Similar alternative means of delivery may be used.

Active HTML
Emails containing active HTML are blocked because, currently, it is not possible to check
whether the active HTML is malicious or has undesirable content. Active HTML is a
powerful tool, and can easily be used for malicious purposes. Outgoing emails
containing active HTML are also blocked so that we may avoid passing unchecked active
HTML to others.

The notification message sent to external email originators, which is copied to the
intended Office recipients, explains why emails containing active HTML are not accepted
and suggests that the active HTML content might be removed (in many cases active
HTML is not essential to the delivery of information content). If the active HTML
content cannot be removed and the information is required for Office business purposes,

                                      UNCLASSIFIED
                                       Page 42 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                              Version 2.0

it suggests that the originator may wish to contact the intended recipient and discuss
alternative means of delivery.
If the information is not required in electronic form, consider using a telephone call, a
FAX message, or delivery by mail or messenger. If however the information is required
in electronic form, consider delivery on disk by mail or messenger or via email to an
external ISP account that may be accessed from a stand-alone Internet PC within the GO.

If you do obtain an electronic copy a file containing active HTML, it must be treated as
unauthorised software and you should contact your IT Manager to obtain authorisation to
open the file on the GO network. If the business requirement is so urgent that the
authorisation procedure would represent an unacceptable delay, you may open the file on
a stand-alone PC. This option must be approved by an appropriate line manager, who
would be accepting the risk that the active HTML could corrupt or destroy the contents of
that PC.

The notification message sent to GO email originators, which is not copied to the
intended external recipients, contains similar information to the above notification. If the
content of the email is intended for use outside the department for GO business purposes,
and you are not able to remove the active HTML content, you should consider the
alternative means of delivery discussed above. If you do supply an electronic copy of the
file to an external recipient, you should warn them that it contains active HTML so that
they may take whatever precautions they consider appropriate.

Unauthorised file types
Emails with unauthorised file types (currently screensaver, music, and movie files) as
attachments are blocked because they have been found to waste official resources and
their content can sometimes be offensive to recipients or against the receiving
organisation‟s Internet use policy.

In the case of screensavers,
         security considerations also apply as unofficial screensavers may prevent or
            weaken the proper operation of the screen blanking and password protection
            facilities on our PCs. Outgoing emails with such attachments are also blocked
            so we may avoid passing undesirable material to others.
        
The notification message sent to external email originators, which is copied to the
intended Office recipients, explains why such files are not accepted. It suggests that, if
the information content of the files is intended for GO business use, it should be
presented in a different form. If this is not possible, it suggests that the originator contacts
the intended recipient and discusses alternative means of delivery. These could include
delivery on disk by post or messenger, or via email to an external ISP account that may
be accessed from a stand-alone Internet PC within the GO.

Undetermined data
Emails with attachments that contain undetermined data (content that cannot be
recognised by our system) are blocked because it is difficult to check them for malicious

                                      UNCLASSIFIED
                                       Page 43 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

or undesirable content. This may be because the attachments are in an unusual file
format, are corrupted in some way, or may contain „protected‟ components such as sealed
spreadsheet cells. Outgoing emails of this type are also blocked so that we may avoid
sending such uncheckable items to others.

As the firewall is unable to differentiate between incoming and outgoing emails of this
type the same notification message is sent to the originator of the email, whether external
or within the Office, and is not copied to the intended recipients of the email.

The notification message explains why we block emails that contain undetermined data,
and asks the originator to check the email and attachments carefully before re-sending.
An unusual file format might well need to be changed anyway, so that the recipient‟s
software can handle it. A file containing „protected‟ components could be altered to
„unprotect‟ them, or recreated as a plain data output file. If a checked and altered email is
then blocked, the originator may wish to contact the intended recipient and discuss
alternative means of delivery. In this case it is advisable to consider a telephone call,
FAX message, or paper delivery by post or messenger. The continued detection of
undetermined data in the checked email or attachments could mean that alternative means
of delivery in electronic form would simply result in the successful delivery of corrupt or
unusable information.




                                      UNCLASSIFIED
                                       Page 44 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0



BASIC CHECKS AND SECURITY CLEARANCES
This section:
           sets out the requirement for Basic Checks and the procedures for carrying
            them out;
           sets out the levels of security vetting;
           establishes the line manager‟s role in maintaining security within their area;
           gives guidance on security clearance of temporary staff, consultants and
            contractors;

Summary of key points
           Basic Checks are carried out as part of the normal recruitment procedures - a
            review of security clearances is carried out each year.
           Satisfactory completion of the Basic Check provides sufficient assurance for
            an individual to have access to RESTRICTED, CONFIDENTIAL and
            occasional access to SECRET material.
           The two levels of security vetting for higher levels of access are Security
            Check (SC) and Developed Vetting (DV) for which the completion of security
            questionnaires is required.
           Temporary members of staff, consultants or contractors who have not been
            subjected to a Basic Check or granted security clearance should not be
            allowed access to any protectively marked material, the INDIGO system or
            issued with a permanent building security pass.

Basic checks
Basic Checks are carried out as part of the normal departmental recruitment procedures.
Whilst the basic check is not a formal security clearance, it does aim to positively
establish identity and obtain background information on the individual by taking up
references.

The requirement for a basic check equally apply to all temporary or agency staff,
consultants and contractors employed by the GO including those working off-site who
may need to have access to official information.

An ODPM central arrangement exists with the contracted employment agencies (Adecco,
Reed, Brook Street) to only provide staff who have undergone a basic check. Requests
for staff from these agencies must be cleared through the HR Service Centre (HRSC)
before employment begins. The HRSC will ensure that they have undergone a basic
check and if necessary ask to see the verification record.

For temporary staff from other employment agencies clearance for the employment of
such individuals must be gained from the HRSC prior to an agreed start date.



                                      UNCLASSIFIED
                                       Page 45 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

Where staff are employed under a term contract, normally the contractor would be
expected to carry out the basic check and provide the Verification record to the GO.
Where this is not possible or in the case of individuals (such as consultants), the
sponsoring department should carry out the basic check. Once completed the
Verification should be forwarded to the HRSC.

Unless all temporary staff, consultants or contractors have been the subject of the Basic
Check procedures they should not be allowed access to any protectively marked or other
sensitive material or to the INDIGO system, and should not be issued with a permanent
building pass.

The full basic check procedures including the forms that need to be completed are
available from the HRSC.

Security vetting review
Each year ODPM Infrastructure Services Division ask Regional Directors to carry out a
security vetting review by confirming which posts require security clearance and to what
level so that necessary clearances can be carried out or confirmed. This is a review of the
current posts that require postholders to be cleared higher than a basic check. It should
not include individuals who have vettable clearance but do not hold a vettable post and
should not include posts simply because they were included previously.

Posts that are identified as requiring the postholder to be vetted outside the annual review,
should in the first instance be verified with the ODPM DSO.

There are two levels of security vetting for higher levels of access to protectively marked
material:
        Security Check (SC)
        Developed Vetting (DV)

In addition, there are checks that may be carried out in some situations for counter-
terrorist reasons:
         Counter-Terrorist Check (CTC)

In determining which level of clearance is required, refer to the Government‟s Security
Vetting Policy.

Once an individual has been identified as occupying a vettable post HRSC send new
candidates for vetting one or more security questionnaires which explain the purpose of
security vetting. This will ask them to provide personal details necessary for the checks
to be carried out. The clearance procedure needs to be repeated periodically.




                                      UNCLASSIFIED
                                       Page 46 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                              Version 2.0



COUNTERING TERRORISM
This section:
           sets out the role of staff on counter terrorism measures;
           what the states of alert mean;
           the need for bomb shelter areas, where they are located and when they should
            be used.

Summary of key points
           staff are asked to be vigilant and suspicious of strangers and unattended
            packages
           information on the various states of alert are given

Counter terrorist advice
The duties of the ODPM Departmental Security Officer (DSO) include seeking co-
operation and assistance in implementing counter-terrorist security measures. The DSO
is required to ensure that staff are alert to the threat of terrorism and the forms it can take.

To assist in this role, staff are asked to be alert, suspicious and vigilant especially
concerning strangers, unknown vehicles, unattended packages and suspect postal
packages. Line managers should ensure that their staff are aware of the action to take in
the event of an incident and induction for new staff should include awareness of the State
of Alert.

States of alert and access control
States of alert are defined by the Cabinet Office and applied to government buildings
according to advice from security services. The current definitions are as follows:

           BLACK: A STANDARD level of security to address the ever-present
            residual threat from potential domestic and international terrorist
            organisations.
           BLACK SPECIAL: Domestic or international events indicate the need for
            additional security to address a SIGNIFICANT potential threat from terrorist
            organisations.
           AMBER: Domestic or international events suggest that there is a
            HEIGHTENED threat to Government at this time from domestic or
            international terrorists seeking to act to exploit or react to these events.
           RED: This Alert State will be applied at a location in the event of a significant
            SECURITY INCIDENT, such as the discovery of a suspect package or
            suspect vehicle. The Emergency Services are likely to attend at the scene.
        
Depending on the alert state certain access control measures will be put into place. In
addition to normal access by visual or electronic swipe of building passes, heightened
states of alert may include visitor escort, bag searches etc.

                                      UNCLASSIFIED
                                       Page 47 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                          Version 2.0



ANNEX A - GSI PERSONAL COMMITMENT STATEMENT
I understand and agree to comply with the security rules of my organisation as well as the
GSi Code of Connection as explained to me in security awareness training I have
received.

For the avoidance of doubt, the security rules relating to secure e-mail and IT systems
usage include: -

I acknowledge that my use of the GSi may be monitored and/or recorded for lawful
purposes; and
I agree to be responsible for any use by me of the GSi using my unique user credentials
(user ID and password, access token or other mechanism as provided) and e-mail address;
and
         will not use a colleague's credentials to access the GSi and will equally ensure
            that my credentials are not shared and are protected against misuse; and
         will protect such credentials at least to the same level of secrecy as the
            information they may be used to access, (in particular, I will not write down or
            share my password other than for the purposes of placing a secured copy in a
            secure location at my employer‟s premises); and
         will not attempt to access any computer system that I have not been given
            explicit permission to access; and will not attempt to access the GSi other than
            from IT systems and locations which I have been explicitly authorised to use
            for this purpose; and
         will not transmit information via the GSi that I know, suspect or have been
            advised is of a higher level of sensitivity than my GSi domain is designed to
            carry; and
         will not transmit information via the GSi that I know or suspect to be
            unacceptable within the context and purpose for which it is being
            communicated; and
         will not make false claims or denials relating to my use of the GSi (e.g. falsely
            denying that an e-mail had been sent or received); and
         will protect any sensitive or not protectively marked material sent, received,
            stored or processed by me via the GSi to the same level as I would paper
            copies of similar material; and
         will not send protectively marked information over public networks such as
            the Internet; and
         will always check that the recipients of e-mail messages are correct so that
            potentially sensitive or protectively marked information is not accidentally
            released into the public domain; and
         will not auto-forward email from my GSi account to any other non-GSi email
            account; and will disclose information received via the GSi only on a „need to
            know‟ basis; and



                                      UNCLASSIFIED
                                       Page 48 of 49
                                      UNCLASSIFIED
GO Information Security Policy Document                                           Version 2.0

           will not forward or disclose any sensitive or protectively marked material
            received via the GSi unless the recipient(s) can be trusted to handle the
            material securely according to its sensitivity and forwarding is via a suitably
            secure communication channel; and
           will seek to prevent inadvertent disclosure of sensitive or protectively marked
            information by avoiding being overlooked when working, by taking care when
            printing information received via the GSi (e.g. by using printers in secure
            locations or collecting printouts immediately they are printed, checking that
            there is no interleaving of printouts, etc.) and by carefully checking the
            distribution list for any material to be transmitted; and
           will securely store or destroy any printed material; and
           will not leave my computer unattended in such a state as to risk unauthorised
            disclosure of information sent or received via the GSi (this might be by
            closing the e-mail program, logging-off from the computer, activate a
            password-protected screensaver, etc., so as to require a user logon for
            activation); and
           where my organisation has implemented other measures to protect
            unauthorised viewing of information displayed on IT systems (such as an
            inactivity timeout that causes the screen to be blanked or to display a
            screensaver or similar, requiring a user logon for reactivation), then I will not
            attempt to disable such protection; andwill make myself familiar with the
            security policies, procedures and any special instructions that relate to the
            GSi; and
           will inform my manager immediately if I detect, suspect or witness an incident
            that may be a breach of security; and
           will not attempt to bypass or subvert system security controls or to use them
            for any purpose other than that intended; and
           will not remove equipment or information from my employer‟s premises
            without appropriate approval; and
           will take precautions to protect all computer media and portable computers
            when carrying them outside my organisation‟s premises (e.g. leaving a laptop
            unattended or on display in a car such that it would encourage an opportunist
            thief); and
           will not introduce viruses, Trojan horses or other malware into the system or
            GSi; and
           will not disable anti-virus protection provided at my computer; and
           will comply with the Data Protection Act 1998 and any other legal, statutory
            or contractual obligations that my employer informs me are relevant; and
           if I am about to leave my employer, I will inform my manager prior to
            departure of any important information held in my account.




                                      UNCLASSIFIED
                                       Page 49 of 49

				
DOCUMENT INFO