Mind Professionals
1 Stow Court
Stow Road, Stow-Cum-Quy
Cambridge CB25 9AS
T: +44 [0]1223 813838
F: +44 [0]1223 812046
E: enquiries@mindprofessionals.com
This Data Security Policy is Mind Professionals (hereafter referred to as “us”, “we”, or “our”) policy regarding the safeguarding and protection of sensitive personal information and confidential information as is required by law (including, but not limited to, the Data Protection Act 2018, Health & Social Care Act 2012, and the Common Law duty of confidentiality).
The purpose of this document is to outline how we prevent data security breaches and how we react to them when prevention is not possible. By data breach we mean a security incident in which the confidentiality, integrity or availability of data is compromised. A breach can either be purposeful or accidental.
This Data Security Policy covers:
The management of digital access rights is subject to regular compliance checks to ensure that these procedures are being followed and that staff are complying with their duty to use their access rights in an appropriate manner.
Areas considered in the compliance check include whether:
Confidentiality audits will focus on controls within electronic records management systems and paper record systems; the purpose being to discover whether confidentiality has been breached, or put at risk through deliberate misuse of systems, or as a result of insufficient controls. Audits of security and access arrangements within each area are to be conducted on a annual rolling programme.
Audits will be carried out as required by some or all of these methods:
The following checks will be made during data security audits:
In order to mitigate the risks of a security breach we will:
In the instance that it appears that a data security breach has taken place:
Data Systems Manager is responsible for physical security;
Data Systems Manager is responsible for updating and auditing the IAR and ROPA;
Data Systems Manager is responsible for digital access;
Data Systems Manager is responsible for managing breaches;
Data Systems Manager is responsible for data security audits.