Embedded Files
Overall implementation
Martin Poot is coordinating implementation and with the help of many others creating the training materials in the Information Security Project.
Information Assets
First thoughts from Ben - pls add assets and thoughts on security required. (Personal Data always requires high security, so no need to annotate individually)
Our initial practical focus will be on ISO27002 sections 8 (Assets) and 9 (Access Control). Thus we need to identify our assets and then determine i) What level of security they require, ii) who should be responsible for ensuring security (owner)
EU Directives addressed:
TBC exactly how this all fits together, will be updated in Information Security Project.
UK Law Addressed:
TBC exactly how this all fits together, will be updated in Information Security Project.
Quick brain dump of Data Assets (mostly Theatre)
Accounting - Aggregated (i.e. not revealing identity of 3rd parties)
- Income
- Expenditure
- Bank, Debtor and Creditor balances
- Tangible and intangible assets
- Profit & Loss
For prior years in Theatre this is non-sensitive as available on Charity Commission website
For prior years in Energy and Bar this is partially sensitive as Statutory accounts reveal very little
For current year in all companies this is sensitive
Accounting - Expenditure
- General purchase information from non-sensitive sources (e.g high street shops, mainstream online suppliers). Includes the supplier name, invoice and payment info
- Staff information - includes address, NI, phone, bank, payroll and payment info
- Individual Contractor information - includes address, NI, UTR, phone, bank, invoice and payment info
- Company contractors - includes name, address, Reg No, bank, invoice and payment info
- Specialist Suppliers
Accounting - Income
- Earned Income - general sales without 3rd party identity (e.g. bar takings from non-members)
- Earned Income - companies (e.g. energy clients)
- Earned Income - individuals (e.g. Talent development students)
- Charitable donors - public (grants, trusts, etc who will publish their giving, donors shown on our website)
- Charitable donors - anonymous (identity not to be revealed)
Talent Development
- Young & Vulnerable people personal info
- Other personal info
Boxoffice
- Personal info of Members & customers in Spektrix
- Personal info of casual crew
Boxoffice
- Personal info of Members & customers in PointOne
- Personal info of casual crew
Tech
- Personal info of casual crew
Marketing
- Mailing lists
- Social Media lists
Page updated
Report abuse