Digital First and Information Assurance

Digital First – your snapshot guide

Reporting a Data Breach
  • Staff that identify a data loss, become aware of or suspect a data loss or a near miss, must immediately (within one hour) notify HMPPS Information Security (InfoSec) & Services team via the reporting line and bring it to the attention of the designated responsible manager, or in their absence, another manager.
  • Data Loss Reporting Line – Save it in your work phone! 0203 334 0324
Working remotely
  • When working remotely all staff must have read the following guidance:

Use of Information Security & Information Technology for HMPPS Staff Remote working & using personal IT devices

  • Line Managers should retain evidence of the staff member for assurance purposes.
Handling Personal Data
  • Emailing of HMPPS information must be by secure email, do not use a private email address.
  • Before SENDING please DOUBLE CHECK the recipients of your email.
  • HMPPS information should be stored only on approved IT infrastructure
Clear Desk Policy
  • All staff are responsible for adhering to the Clear Desk policy and ensure that HMPPS information is not left unattended, or on desks in the sight of others without a need to know.
  • When periodically away from your desk, at the end of a working day, or when leaving a meeting room ensure that you remove any information from the unattended space and lock computers using Ctrl-Alt-Del.
Digital First!
  • Let’s make Probation Service GREENER And let’s protect INFORMATION SECURITY
  • Only print when necessary
Finding InfoSec online

To find HMPPS Information Security information on the HMPPS Intranet pages navigate to the following: SUPPORT>INFORMATION SECURITY (INFOSEC)>GUIDANCE

Information matters on a page

Digital First Poster

Information Assurance

Information assurance (IA) is very important within the MOJ, HMPPS and NPS. IA involves assuring our information and managing information risks related to the use, processing, storage and sharing of information.

It is important that you take the time to understand the key information related policies so that you are prepared to handle information in the right way when you join the probation service.

The information below highlights what you need to know and the policies you should read and comply with.

Electronic information
  • You should name all unstructured electronic files (which means things like Word, Excel and Powerpoint documents that are not held in a system like nDelius)  in a logical and informative manner so that they cannot be confused with other files.
  • The file name should describe what the document is about. For example, ‘Quarterly Management Information for Business Support Team (BST) 28-03-2015’.
Physical Information (Paper)
  • All information related to offenders in personal record keeping logs (e.g. diaries, notebooks) should be redacted.
  • Any business paper records held in relation to employment with CRCS should be reviewed for destruction.
  • Any business paper records held within a location (e.g. a visitor record book at an office location) should be reviewed for destruction
Information Assurance guidance documents

In your role it is important to understand key information assurance principles such as understanding and identifying freedom of information (FOI) requests and Subject Access Requests (SARs) so that they can be handled appropriately and naming and retaining information appropriately.

Please find key information on this here:

Familiarising yourself with key policies

The following policy documents have been provided by Information Security for staff transferring to read and understand.