This document consists of the Confidentiality Policy of the i-cert Team which establishes the framework on its expectations of staff use of customer’s information. The i-cert Team has a responsibility to ensure that their staff complies with these requirements on confidentiality in their use of customers’ information.
This policy is applicable to current and future employees and applies to all information currently in use and that to be collected in the future. It will be reviewed with new employees and its key elements and impact discussed. All employees will be required to sign a statement signifying that they have read, understood and will follow provisions of this policy.
As part of the i-cert Team’s continuous commitment to providing high quality services we abide by the following confidentiality policy for all service provided to our systems users. We place the highest priority on ensuring the security and confidentiality of data pertaining to each user.
The i-cert Team is aware that our service users have entrusted us with their personal information and this imposes a duty on us to collect, use, store and manage such information with confidentiality. This policy assures that the i-cert Team maintains, in the strictest confidence, all customers’ personal, professional, confidential and sensitive information.
Purpose of the Policy
The purpose of the policy is to ensure that all staff in the i-cert Team maintains the confidentiality of personal information obtained while providing services to existing and potential users. The policy applies to all personnel involved in the activities of the organisation and imposes a duty on them to maintain the confidentiality of information obtained as a consequence of their involvement in the different elements of our corporate activities.
Protecting Customers’ Confidential Information
Our commitment is to protect any personal information that our service users might supply to us with the same strict standards of security and confidentiality we employ in all customer relationships. Maintaining strict security and confidentiality standards for users’ personal and confidential information is one of our key responsibilities. Since our most important asset is the trust and confidence of our customers, keeping their information confidential and using it only as they would wish us to is a top priority for the i-Cert Team.
The i-cert Team employs and continually assesses state-of-the-art technology and other appropriate security measures to protect personal information from unauthorised disclosure or usage. This organisation will retain records it receives and holds that relate to its users in a confidential manner. In order to guard against inappropriate disclosure of its current and potential customers, the company shall restrict access to its employees, auditors and consultants who need to know such information and who are bound by the Privacy and Confidentiality Policies of the company. The organisation will maintain physical, electronic, and procedural safeguards to ensure restricted access, use and disclosure of information.
Non-disclosure of Confidential Information
Staff of the i-cert team should not use any confidential information disclosed to them by service users for unauthorised use or for any purpose other than to carry out transactions to give effect to the purpose for which the information was given. Staff should not disclose any confidential information other than to other employees or agents who are subject to this confidentiality policy and who are required to have the information in order to perform functions which relate to the services provided to the company’s customers.
All employees should take reasonable measures to protect the secrecy of and avoid disclosure of the customers’ confidential information in order to prevent it from falling into the public domain. Appropriate measures should be taken by all staff to ensure that customers’ information does not fall into the possession of persons other than those authorised to use the information.
Handling of Data
Every staff member has a responsibility to ensure that the data they are working on is not read or handled by anyone who has no need to do so. In the event that confidential data is lost or made public, or even suspected to be lost or made public, a member of Senior Management Team should be notified immediately.
Data Security
It is each staff member’s responsibility to ensure the physical security of the documents and/or media that they use, including storage of files on PCs. Confidential information must never be left unlocked in an unattended room and should be locked away when not in use. PCs should be password protected, unless they are physically locked in an office for short periods of absence.
IT Security
Staff have a unique username and password for access to the Worldwide Web based system on which we hold customer data. Additional levels of security exist for access to confidential systems. User passwords must not be written down or disclosed to other individuals. Passwords should be a combination of numbers, alphabets, uppercase, and lowercase characters.