Policies and Procedures vs. Good Practice
We're reviewing some of the IT policies and procedures we have in place (we're a comprehensive), which aren't a great deal, and just the whole topic of good practice and training in this area.
So far we have:
Data Protection Policy (just implemented)
We also have a number of documents that are issued with laptops, including something that's signed to indicate receipt.
We're looking at getting staff trained on the DPA and FoIA.
Is anyone happy to reveal what policies, procedures, and/or training they have in place and/or whether there's any statutory requirement? Does anyone have a Password Policy and/or Procedure?