Security Policy of PIN Waste

The purpose of this Security Policy is to safeguard information belonging to PIN Waste within a secure environment.

This Policy informs PIN Waste staff and other individuals entitled to use PIN Waste facilities of the principles governing the holding, use, and disposal of information.

PIN Waste’s goal is that:

• Information will be protected against unauthorized access or misuse.
• Confidentiality of information will be secured.
• Integrity of information will be maintained.
• Availability of information/information systems is maintained for service delivery.
• Business continuity planning processes will be maintained.
• Regulatory, contractual and legal requirements will be complied with.
• Physical, logical, environmental, and communications security will be maintained.
• Infringement of this Policy may result in disciplinary action or criminal prosecution.
• When information is no longer used, it is disposed of suitably. 

Information relates to:

• Electronic information systems (software, computers, and peripherals) owned by PIN Waste, whether deployed or accessed on or off-site.
• PIN Waste computer network used either directly or indirectly.
• Hardware, software, and data owned by PIN Waste.
• Paper-based materials.
• Electronic recording devices (video, audio, CCTV systems).

Our Security Policy

PIN Waste requires all users to exercise a duty of care in relation to the operation and use of its information systems.

Authorized users of information systems except information published for public consumption, all users of PIN Waste information systems must be formally authorized by appointment as a staff member or contractor. 

Authorized users will pay due care and attention to protect PIN Waste information in their possession. Confidential, personal, or private information must not be copied or transported without consideration of:

• Permission of the information owner
• The risks associated with loss or falling into the wrong hands
• How the information will be secured during transport and at its destination.

Acceptable use of information systems use of PIN Waste information systems by authorized users will be lawful, honest, and decent and shall have regard to the rights and sensitivities of other people.

PIN Waste Information System Directors who are responsible for information systems are required to ensure that:

1. Systems are adequately protected from unauthorized access.
2. Systems are secured against theft and damage to a cost-effective level.
3. Adequate steps are taken to ensure the availability of the information system, commensurate with its importance (Business Continuity).
4. Electronic data can be recovered in the event of the loss of the primary source. I.e., failure or loss of a computer system. It is incumbent on all system owners to backup data and to be able to restore data to a level commensurate with its importance (Disaster Recovery).
5. Data is maintained with a high degree of accuracy.
6. Systems are used for their intended purpose, and procedures are in place to rectify discovered or notified misuse.
7. Any electronic access logs are only retained for a justifiable period to ensure compliance with the data protection, investigatory powers, and freedom of information acts.
8. Any third parties entrusted with PIN Waste data understand their responsibilities with respect to maintaining its security.

Personal Information

Authorized users of information systems are not given rights of privacy in relation to their use of PIN Waste information systems. Duly authorized officers of PIN Waste may access or monitor personal data in any PIN Waste information system (mailboxes, web access logs, file store etc).

Individuals in breach of this policy are subject to disciplinary procedures at the instigation of the Directors with responsibility for the relevant information system, including referral to the Police where appropriate.

PIN Waste will take legal action to ensure that unauthorized persons do not use its information systems.