The Department uses Wi-Fi Protected Access encryption on all its wireless networks.
Compliance audits are routinely and regularly undertaken. These include but are not limited to checks for removable computer media being left unsecured, passwords not carelessly written down and that accounts are being used in accordance with the Acceptable Use of information technology (IT) policy. These are either promoted in advance, but without giving a specific time or area, or carried out without warning. There are three types of compliance audit, one type focuses on IT security and six of these were performed in the last year. The Department is regularly reviewed against the Information Security Management Standard, ISO 27001.
On 154 occasions there were minor breaches of the IT security policies such as storing personal photographs or poor housekeeping. None warranted referral to HR. However, on each of these occasions the individual concerned was notified of the area of concern via their section head, was reminded of the relevant security policy and asked to modify their future behaviour.
Following is an organisational list showing the Department’s information technology (IT) security hierarchy. The Departmental Security Officer reports both to the Director of Information Services and to the Permanent Secretary as appropriate, for instance for leak inquiries.
Department of Health Security Organisational List:
Permanent Secretary
Director General of Finance, Chief
Operating Officer and Senior Information Risk Officer
Director of Information Services
Departmental Security Officer
IT Security Office