IT Security Policy

1. Purpose

The purpose of this IT Security Policy is to ensure the confidentiality, integrity, and availability of The Lambourn Junction Community Interest Company’s (LJCIC) information technology systems and data. This policy is designed to protect the organisation, its volunteers, and the sensitive information it handles.

2. Scope

This policy applies to all individuals who have access to LJCIC’s information technology systems, including volunteers, contractors, and any other personnel.

3. Information Security Responsibilities

  3.1 Volunteers

Volunteers are responsible for:

  • Safeguarding their login credentials and not sharing them with others.
  • Using strong passwords to secure access
  • Reporting any suspicious activity or security incidents to the designated IT contact.
  • Maintaining IT equipment to the required security standards in terms of hardware and software

  3.2 IT Contacts

Designated IT contacts are responsible for:

  • Implementing and maintaining IT security measures.
  • Conducting regular security assessments and audits.
  • Providing IT security training for volunteers.

4. Access Controls

  4.1 User Accounts

– Each volunteer will have a unique user account unless a risk assessment is in place.

– User accounts will be deactivated promptly upon the end of the volunteer’s engagement.

  4.2 Passwords

– Volunteers must use strong passwords.

– Passwords should be changed regularly.

 5. Data Protection

  5.1 Data Classification

– Sensitive information will be classified, and access will be restricted based on the classification.

  5.2 Data Backups

– Regular backups of critical data will be performed and stored securely.

 6. Network Security

  6.1 Firewalls and Anti-Malware

– Firewalls and anti-malware software must be installed and regularly updated on all systems used for company business.

  6.2 Wireless Networks

– Wireless networks, where in use, will be secured with strong encryption and access controls.

 7. Incident Response

  7.1 Reporting Security Incidents

– Volunteers must immediately report any suspected or actual security incidents to the designated IT contact.

  7.2 Incident Investigation

– The designated IT contact will promptly investigate reported security incidents.

 8. Training and Awareness

– Volunteers will receive IT security training with regard to this policy upon onboarding and periodically thereafter.

 9. Compliance

– LJCIC will comply with all relevant data protection laws and regulations.

 10. Review and Revision

– This policy will be reviewed annually and updated as necessary.

Document Control

  • Policy approved on: 8 December 2023
  • Next review date: 7 December 2024

Lambourn Junction Community Interest Company
The Blue House, Station Road, Lambourn, RG17 8PH
Company Number: 13305113