This document sets Shires Festival of Dance’s overarching Information and Communications Technology (ICT) policy, governance arrangements and best practice for data security. It also sets out the overarching security policy statements to which all committee members will adhere.
Shires Festival of Dance requires the use of ICT to underpin the needs of the festival and to support a more technology advanced organisation. Therefore, Shires Festival of Dance’s ICT security management is vital for public confidence and for the efficient conduct of our organisation. In order to maintain the highest standards of information security, the Shires Festival of Dance has developed a number of policies to protect information technology assets; such as computer hardware and software (USB memory sticks), and data held within the Shires Festival of Dance’s IT systems.
The main objectives of the policy are: -
The policy covers data that is held by the Shires Festival of Dance in any form, electronic or otherwise. All electronic, manual or other data processed by or on behalf of the Shires Festival of Dance is within the scope of this and related policies. The ICT Security Policies will apply to All Shires Festival of Dance Committee Members.
ICT security and data protection is the responsibility of the Shires Festival of Dance as an entity (Charity Trustees and Members).
The Charity Commission states that charity trustees shall be responsible for the security of all assets under their control.
The Data Protection Officer and Secretary are responsible for the day to day management of volunteers with authorised access to data, to ensure this policy is being implemented properly and that volunteers only have access to data they are authorised to see and use.
Shires Festival of Dance has to comply with relevant legislation affecting ICT. All users in scope of this policy must comply with the following Acts and may be held personally responsible for any breach of current and future legislation undertaken knowingly: -
The following policies are based on best good practice guidelines.
It is the duty of all users to immediately report any incidents involving loss or suspected loss of data, and actual or suspected breaches in information security to the Data Protection Officer.
Any user who contravenes any ICT Security policy will be subject to Shires Festival of Dance procedures whereby they will be removed from the committee due to their code of conduct. Violations such as the disclosure of personal data may result in the incident being reported to the proper authorities with a view to prosecution of the user.
Violations of ICT security policies may include, but are not limited to, any act that:
An annual review will be carried out by the Secretary and or Data Protection Officer.
Any member of staff who identifies a need to change any of the ICT Policies can do so by logging a request with the Secretary and Data Protection Officer.