The Houses of Parliament are committed to ensuring the protection of all information on the Parliamentary estate. This policy identifies best practice and is to be used in association with the staff handbooks of both Houses and the acceptable use policies applicable to Members and their staff.

All Parliamentary IT system users have personal responsibilities:

­ to use IT systems, laptop computers and personal digital assistants securely;

­ to protect the availability, integrity and confidentiality of Parliamentary IT systems and associated data;

­ to ensure, both on the Parliamentary estate and when working remotely, that best practices are adopted to reduce the risk of unauthorised data access, virus infection and equipment theft ;

­ not to connect any device or application to any Parliamentary IT system without authorisation;

­ to comply with Parliamentary IT security policies and associated standards and procedures;

­ to ensure appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data (Data Protection Act 1998);

­ under the Computer Misuse Act 1990, not to gain, or attempt to gain, unauthorised access to, or unauthorised modification of, computer material without authority;

­ under the Copyright, Designs and Patents Act 1988, to ensure that software is not copied or used without the permission of the copyright owner.

The Parliamentary Communications Directorate has responsibility for:

­ the security of the Parliamentary network and protecting its associated equipment, applications and data from loss, damage, corruption or misuse;

­ the security of servers and associated equipment entrusted to them by Departments and Offices;

­ providing protection against offensive or unwanted email.

Heads of Departments and Offices have responsibility for:

­ ensuring that their development staff build appropriate levels of security into IT systems and provide for business continuity in the development process;

­ identifying and implementing security requirements for new applications ;

­ ensuring that their staff and contractors are aware of and comply with this policy and operate and maintain security controls in their area of responsibility.

The Parliamentary IT Security Officer has responsibility for:

­ promoting security awareness, maintaining this policy and providing advice on any matters arising from it;

­ ensuring that IT security controls are comprehensive and integrated with the other components of Parliamentary security;

­ improving IT security standards and ensuring compliance with British security standards and codes of practice associated with BS7799/ISO17799.

Breaches of security must be immediately reported to the PCD helpdesk (extension 2001)