George Mizen BTEC ICT Level 3 Unit 7
D2 – EVALUATE THE SECURITY POLICIES
USED IN AN ORGANISATION
In this report, I will be making a critical judgement on the IT (Information Technology)
security polices used by the Southern Health NHS (National Health Service)
Foundation Trust. This trust provides community, mental health and learning
disability services to hundreds of thousands across Hampshire. I will be evaluating
version five of their policy. IT policies identify the rules that individuals must follow
when they are granted access to an organisation’s technology.
Effective IT policies are unique to each organisation, with each one being catered to
fit how each company handles information; how do their employees use the
information that is given to them? For an IT policy to be effective, it must achieve
three objectives (also known as the CIA triad). These are as follows:
Confidentiality = protect tech from unauthorised parties
Integrity = modification of tech is done in a specific way
Availability = all authorised users should always have access to tech
The Southern Health NHS policy immediately states their intentions to achieve these
three objectives because as stated in the ‘Summary’ section at the beginning of the
policy, this document describes the processes put in place to maintain the
Confidentiality, Integrity and Availability of digital information stored by the trust.
1
D2 – EVALUATE THE SECURITY POLICIES
USED IN AN ORGANISATION
In this report, I will be making a critical judgement on the IT (Information Technology)
security polices used by the Southern Health NHS (National Health Service)
Foundation Trust. This trust provides community, mental health and learning
disability services to hundreds of thousands across Hampshire. I will be evaluating
version five of their policy. IT policies identify the rules that individuals must follow
when they are granted access to an organisation’s technology.
Effective IT policies are unique to each organisation, with each one being catered to
fit how each company handles information; how do their employees use the
information that is given to them? For an IT policy to be effective, it must achieve
three objectives (also known as the CIA triad). These are as follows:
Confidentiality = protect tech from unauthorised parties
Integrity = modification of tech is done in a specific way
Availability = all authorised users should always have access to tech
The Southern Health NHS policy immediately states their intentions to achieve these
three objectives because as stated in the ‘Summary’ section at the beginning of the
policy, this document describes the processes put in place to maintain the
Confidentiality, Integrity and Availability of digital information stored by the trust.
1
