IT Security Policy (Overview)
This policy gives an overview of information security principles and responsibilities within the Ministry of Justice (MoJ) and provides a summary of the MoJ’s related security policies and guides.
This policy is aimed at three audiences:
These are in-house MoJ Digital and Technology staff who are responsible for implementing controls throughout technical design, development, system integration, and operation. This includes DevOps, Software Developers, Technical Architects, and Service Owners. It also includes Incident Managers from the Event, Problem, Incident, CSI and Knowledge (EPICK) Team.
Defined as any other MoJ business group, agency, contractor, IT supplier and partner who in any way designs, develops or supplies services (including processing, transmitting and storing data) for, or on behalf of, the MoJ.
All other staff working for the MoJ.
Within this policy, “all MoJ users” refers to General users, Technical users, and Service Providers as defined previously.
For further guidance on IT Security, refer to the following policies.
- IT Security All Users Policy: which provides further details of the responsibilities of all MoJ users at the MoJ.
- IT Security Technical Users Policy: which provides the details of where users can find more technical and service provider related information on IT Security within the MoJ.
All MoJ users shall:
- Comply with the MoJ’s Acceptable Use Policy wherever they work.
- Report all security incidents promptly and in line with MoJ’s IT Incident Management Policy.
- Make themselves aware of their roles, responsibilities and accountability and fully comply with the relevant legislation as described in this and other MoJ guidance.
- Be aware of the need for Information Security as an integral part of the day to day business.
- Protect information assets under the control of the organisation.
Further information can be found in the IT Security All Users Policy.
- This policy is enforced by lower level policies, standards, procedures and guidance.
- Non-conformance with this policy could result in disciplinary action taken in accordance with the MoJ’s Disciplinary procedures. This could result in penalties up to and including dismissal. If an employee commits a criminal offence, they might also be prosecuted. In such cases, the MoJ always co-operates with the relevant authorities, and provides appropriate evidence.
Note: If you work for an agency or ALB, refer to your local incident reporting guidance.
- Email: firstname.lastname@example.org
For any further questions or advice relating to security, contact: email@example.com.
If you have any questions or comments about this guidance, such as suggestions for improvements, please contact: firstname.lastname@example.org.