Purpose
The purpose of this policy is to improve the security and confidentiality of information. This policy ensures that confidential information and sensitive materials are stored away & out of sight and will reduce the risk of unauthorised access, loss of, and damage to information during and outside of normal business hours, or when the office location is left unattended.
Background
The Data Protection Act and the GDPR requires organisations and businesses in the UK to ensure that personal information is kept secure. This policy shall apply to employees, contractors, and all affiliates of Performance Accountancy/Herrington Accounting Services.
The Policy
- All sensitive and confidential paperwork must be locked in the office complex at the end of the day, or when the office is unattended for an extended period of time.
- All waste paper which contains sensitive or confidential information must be placed in the shredding box and shredded at the end of the day.
- Computer workstations must be completely shut down at the end of the working week.
- Laptops, tablets, and other devices must be stored away at the office location at the end of the day.
- Mass storage devices, such as CD, DVD, USB drives, or external hard drives must be treated as sensitive material and locked away when not in use.
- Printed materials must be immediately removed from printers and fax machines. Printing physical copies should be reserved for moments of absolute necessity. Documents should be viewed, shared, and managed electronically wherever possible.
- File cabinets and drawers containing personal information must be kept closed.
- Personal information paperwork for self assessment clients should be held in lockable filing cabinets.
Responsibilities
It is the responsibility of all people connected to Performance Accountancy to monitor and comply with this policy.