IT Security Policy (Overview)

This policy gives an overview of information security principles and responsibilities within the Ministry of Justice (MoJ) and provides a summary of the MoJ’s related security policies and guides.

• IT Security All Users Policy

• IT Security Technical Users Policy

Related information

Technical Controls Policy

Audience

This policy is aimed at three audiences:

• Technical users

  These are in-house MoJ Digital and Technology staff who are responsible for implementing controls throughout technical design, development, system integration, and operation. This includes DevOps, Software Developers, Technical Architects, and Service Owners. It also includes Incident Managers from the Event, Problem, Incident, CSI and Knowledge (EPICK) Team.

• Service Providers

  Defined as any other MoJ business group, agency, contractor, IT supplier and partner who in any way designs, develops or supplies services (including processing, transmitting and storing data) for, or on behalf of, the MoJ.

• General users

  All other staff working for the MoJ.

Within this policy, “all MoJ users” refers to General users, Technical users, and Service Providers as defined previously.

Associated documentation

For further guidance on IT Security, refer to the following policies.

• IT Security All Users Policy: which provides further details of the responsibilities of all MoJ users at the MoJ.
• IT Security Technical Users Policy: which provides the details of where users can find more technical and service provider related information on IT Security within the MoJ.

Principles

All MoJ users shall:

• Comply with the MoJ’s Acceptable Use Policy wherever they work.
• Report all security incidents promptly and in line with MoJ’s IT Security Incident Management Policy.
• Make themselves aware of their roles, responsibilities and accountability and fully comply with the relevant legislation as described in this and other MoJ guidance.
• Be aware of the need for Information Security as an integral part of the day to day business.
• Protect information assets under the control of the organisation.

Further information can be found in the IT Security All Users Policy.

Technical users

Technical users shall follow the guidance set out for all MoJ users in IT Security All Users Policy AND also comply with the IT Security Technical Users Policy.

Service Providers

Service Providers shall follow the guidance set out for all MoJ users in IT Security All Users Policy AND also comply with the IT Security Technical Users Policy.

Enforcement

• This policy is enforced by lower level policies, standards, procedures and guidance.
• Non-conformance with this policy could result in disciplinary action taken in accordance with the MoJ’s Disciplinary procedures. This could result in penalties up to and including dismissal. If an employee commits a criminal offence, they might also be prosecuted. In such cases, the MoJ always co-operates with the relevant authorities, and provides appropriate evidence.

Incidents

Note: If you work for an agency or ALB, refer to your local incident reporting guidance.

Security Team

• Email: security@justice.gov.uk
• Slack: #security

Contact details

For any further questions or advice relating to security, contact: security@justice.gov.uk.

Feedback

If you have any questions or comments about this guidance, such as suggestions for improvements, please contact: itpolicycontent@digital.justice.gov.uk.