Information Security Policy

Information security involves preserving confidentiality, preventing unauthorised access and disclosure, maintaining the integrity of information, safeguarding accuracy and ensuring access to information when required by authorised users.

In addition to complying with this policy, all users must comply with the Data Protection Legislation and the Data Protection Policy.

‘Church data’ means any personal data processed by or on behalf of the church.

Information security is the responsibility of every member of staff, church member and volunteer using Church data on but not limited to the Church information systems.  This policy is the responsibility of [insert name] who will undertake supervision of the policy.  Our IT systems may only be used for authorised purposes.   We will monitor the use of our systems from time to time.  Any person using the IT systems for unauthorised purposes may be subject to disciplinary and/or legal proceedings.

We will ensure information security by:

  • Ensuring appropriate software security measures are implemented and kept up to date;
  • Making sure that only those who need access have that access;
  • Not storing information where it can be accidentally exposed or lost;
  • Making sure that if information has to be transported it is done so safely using encrypted devices or services.

Access to systems on which information is stored must be password protected.  Passwords must not be disclosed to others.  If you have a suspicion that your password has been compromised you must change it. 

You must ensure that any personally owned equipment which has been used to store or process Church data is disposed of securely.  Software on personally owned devices must be kept up to date.  Do not use unsecured wifi to process Church data.

All breaches of this policy must be reported to Ben Cook. 

This policy will be regularly reviewed and audited.