The Diamond Information Security Policy (the ‘ISPolicy’) is part of a suite of Information Technology and Information Governance policies listed in the Information Technology Information Governance Framework document. Its primary aim is to facilitate the protection of Diamond’s information assets and technology services against compromise of their confidentiality, integrity or availability.
and objectives for the management of information security throughout the company. Information Security is defined as the preservation of confidentiality, integrity and availability of information. The ISPolicy should be read in conjunction with the Information Technology Information Governance Corporate Statement.
The ISPolicy forms an integral part of an overall Information Security Framework (the ‘Framework’) as set out in section 5, which is designed to:
This document must be read and adhered to by those listed in the Information Technology Information Governance Framework document, namely: all individuals working for Diamond or on our behalf in any capacity, including: Diamond Employees, joint appointees, seconded workers, collaborators, members of advisory groups/committees, members of review panels, students, volunteers, interns, agents, contractors (specifically including suppliers and casual and agency staff), external consultants, third-party representatives and facility users.
Diamond’s Directors have overall responsibility for this policy. The Directors have delegated day-to-day responsibility for its operation to the Head of Cyber Security and Information Governance.
This policy should be read in conjunction with the IT Acceptable Use Policy, the Data Protection Policy, the Data Classification Policy, and any privacy notices that Diamond may communicate.
This policy will reference the following Information Security sub-policies in due course:
Diamond’s information security is managed through a Framework which comprises:
The Framework provides a flexible and effective platform upon which the Diamond’s information security objectives are met. Adherence to this Policy can be met by adopting and complying with the associated Standards.
Diamond’s Information Security Policy principles, embraced within the Information Security Framework, are:
Diamond users are required to:
Awareness of this policy forms part of Diamond’s induction and training process.
Breaches of the Policy may:
This Policy will be reviewed every 2 years by the Information Governance Work Group to incorporate legislation or regulatory changes.
The current version of the Policy is dated 13 October 2021; version 0.1.
For the purposes of this policy, the following definitions shall apply:
Availability: Having appropriate access to Information Assets as and when required in the course of Diamond’s business
Confidentiality: The restriction of information to those persons who are authorised to receive or access it
Information: Data that has a meaning or can be interpreted. It can be held as an electronic record or in a non-electronic format such as paper, microfiche, photograph
Information Asset: Information that has value to Diamond. Key Information Assets are the most important types of information required for achievement of Diamond’s strategic aims
Information Security Incident: A systematic approach to managing information within a predefined acceptable range so that it remains secure. It includes people, processes and technology by applying a risk management process.
Integrity: The completeness and preservation of information in its original and intended form unless amended or deleted by authorised people or processes
Quality: The state of completeness, validity, consistency, timeliness and accuracy that makes data appropriate for both operational and strategic use.
Risk: The chance or possibility of uncertainty on objectives, expressed as a combination the probability of an event occurring and the impact such an event would have on the achievement of one or more objectives.
Diamond Light Source is the UK's national synchrotron science facility, located at the Harwell Science and Innovation Campus in Oxfordshire.
Copyright © 2022 Diamond Light Source
Diamond Light Source Ltd
Harwell Science & Innovation Campus
Diamond Light Source® and the Diamond logo are registered trademarks of Diamond Light Source Ltd
Registered in England and Wales at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom. Company number: 4375679. VAT number: 287 461 957. Economic Operators Registration and Identification (EORI) number: GB287461957003.