1. Does the organisation have training that covers:
. Recognising and reporting Phishing emails
Yes
2. Recognising Tailgating and how to respond (challenging strangers, checking for ID etc)
Yes
3. Disposal of confidential information
Yes
4. Dangers of using USB sticks being given away or finding one that looks like it has been dropped
Yes
2. Does the organisation allow the use of USB sticks?
Only Trust issued encrypted USB sticks
3. Does the organisation deliver specialised training to key staff (those staff that could be targeted as part of a phishing email campaign, ie finance, execs etc)?
Yes
4. Does the organisation perform confidentiality audits as per the Data Security & Protection Toolkit?
Yes
Can you also answer relating to the audits:
1. Where the audits are undertaken would these be organised with the local team manager or the head of department ie the director etc?
Usually head of department but we also do unannounced audits as well
2. Would an audit ever be carried out unannounced?
Yes
3. Do you have a policy / procedure of how to conduct the audit? – if so can you supply a copy.
No policy but guidance document exists but more important is that IG staff react to what they see and follow up as appropriate.
4. Do you record the results on a checklist / report and return the key contact? – if so can you supply a blank copy.
Yes we do. No standard format as report is tailored for areas specifically.
5. Does the organisation have confidential waste receptacles placed through the entire organisation and are they regularly emptied?
We use Shreddit consoles supplemented by cross cut shredders
6. Does the organisations Exec board receive board level training relating to Cyber Awareness?
Yes
7. How does the organisation provide Data Security & Protection Training to staff, does the organisation use (please select all the options that are applicable):
We do not use third party companies but base our training on requirements set out by NHS Digital via DSP Toolkit.