AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Mhxxs data dtransfer guide3/20/2023 ![]() ![]() Encrypt the data over the network (in transit), using sufficient and appropriate encryption (currently TLS 1.2 or greater).Has the identity and authorisation of the information recipient been established?.What information is actually necessary for the identified purpose? For example, is the intention to send an entire document or spreadsheet, when only one section, or specific spreadsheet columns, are required?.What implications would any loss or unmanaged sharing have for the MoJ?.What damage or distress might be caused to individuals as a result of any loss or unmanaged sharing during transfer?.What is the size of the data being transferred?.What is the nature of the information, its sensitivity, confidentiality, or possible value?.Is it strictly necessary for the effective running of the MoJ, and the care of the people it serves, that the data (regardless of whether the data is sensitive or not) is transferred?. ![]() Transfer ConsiderationsĪnyone handling personal or sensitive data must seek consent from their line manager to authorise data transfer.īefore any data transfers are requested, consider the following: The phrase “all MoJ users” refers to General users, Technical users, and Service Providers as defined previously. General users: all other staff working for the MoJ.Service Providers: defined as any other MoJ business group, agency, contractor, IT supplier, or partner who in any way designs, develops, or supplies services (including processing, transmitting, storing data) for, or on behalf of, the MoJ.It also includes Incident Managers from the Event, Problem, Incident, CSI, and Knowledge (EPICK) Team. This includes DevOps, Software Developers, Technical Architects, and Service Owners. Technical users: these are in-house MoJ Digital and Technology staff who are responsible for implementing controls during technical design, development, system integration, and operation.It is also important to recognise the damage that leaked sensitive data could cause to the vulnerable people the MoJ works to protect. Legislation such as GDPR, and industry standards such as PCI DSS, affect the MoJ’s responsibility to secure this data. This is important to the MoJ, because personal and sensitive data is regularly transmitted between departments. This guide outlines the security procedures and advice for Ministry of Justice (MoJ) staff wanting to send or receive data securely from external sources.
0 Comments
Read More
Leave a Reply. |