|
Certified Digital Security Level 1
The aim of this level is to provide a basis from which all the other levels can develop. Without agreed policies addressing acceptable use and basic controls and checks there is little value in implementing more detailed measures. This first step will also aid the organisation in clarifying and defining its approach to digital security, and lead to a clearer understanding of their optimum CDS goal.
To be compliant at Level 1, CDS requires the organisation is to have implemented the following:
- Publish a policy governing how the organization wishes to manage its information security and explain, in simple terms what it expects of its staff. The policy must cover what is and is not acceptable staff behavior when sending email and browsing the internet.
- Individual User Accounts for all users (including Administrators), so the organization can quickly and easily determine who has carried out specific activities on the IT system.
- Making Administrators use a normal user level account for all work not requiring the special capabilities of an Administrator account significantly reduces the chances of their account being taken over or abused by malware or hackers.
- Install Anti Virus software on servers and desktop / laptop computers to reduce the risk of a virus or other malicious software stopping the IT system from working, or making it unreliable.
- Publish a policy explaining what the organization’s important data assets are and how they are to be disposed of when they become unusable or are no longer required. This will help to prevent the organization accidentally disposing of items that have stored sensitive data (including client or personal data), and attracting criticism.
- Check with the Information Commissioner’s Office that any handling or storage of personal data meets the registration requirements of the Data Protection Act.
By implementing Level 1, an organization can expect to see:
- The legal responsibility for Users’ actions moved from the organization’s Directors and Senior Staff to the individual users.
- Greater productivity as the system suffers fewer virus attacks.
- More productive users as a result of improved system performance with less user induced breakdowns and failures
- Legal compliance is simpler to achieve with template forms and links to agencies.
CDS Certification
CDS documents are provided to the community free of charge. Organizations are encouraged to get their work independently verified through the CDS Audit scheme from either a CDS certified auditor or a partnering organisation. See the Certification section for additional information.
This is a summary; please download the detailed guidance document below. Also listed, are any supporting documents published by CDS for this level.
The detailed guidance document (see download at the bottom of this page) explains what is required to achieve this level, a summary is below. The document is divided in to 3 sections:
Section 1 Executive Summary of the target level.
Section 2 General guidance of how to implement the security recommended at this level.
Section 3 The audit criteria (or what is required to pass the audit).
This single document contains all the information necessary to implement the security for, evidence the fact and pass the audit required to achieve CDS Validation for the site tested.
Any errors, omissions, comments or questions should be sent to certifieddigitalsecurity.com.
All documentation provided is formatted as PDF and a free Adobe PDF viewer can be downloaded from this link.
|
