The OfS aspires to provide a consistently high quality service to our stakeholders across all that we do. This requires our approach to the management of IT and communication to be supported by robust and secure systems and processes that protect information and personal data.
We seek to protect our information assets, including personal data concerned with our policy analysis and funding roles, wherever, however, and whenever they are created, processed, transmitted, shared or stored.
Our intention is to protect our information assets from misuse of any type, including unauthorised disclosure, modification and destruction. We manage the development and continuous improvement of our information security processes through drawing on UK government and international standards.
This is achieved through:
- utilising cross-organisational groups with oversight of this work
- assigning senior and other roles with specific responsibilities in this work
- using regularly reviewed policies, procedures, guidance and technical responses to issues arising which staff and others are required to follow
- all staff completing required training packages
- training and awareness-raising activity for staff to promote compliance with our data protection and wider information security policies
- keeping personal data confidential, retaining its integrity but making it available (through restricting access) only to those staff who need access
- having data sharing agreements in place with organisations with whom we share personal data (whether as data controller or processor)
- ensuring that data protection features in routine business contracts
- operating restrictions on the transmission of personal data, particularly overseas
- a range of physical, technical, and organisational security measures - for example, access control, encryption, secure collection of data over our extranet.