Information security refers to processes which are designed and implemented to protect all forms of information, but especially person-identifiable, confidential, and sensitive information, from unauthorised access, misuse, disclosure, destruction, modification, or disruption. The security of data in the NHS, especially patient information, is crucial and must remain secure at all times, both in transit and whilst at rest.

Individuals expect that their information will be held securely and confidentially at all times.

All staff are personally responsible for ensuring that they handle information with care and respect. It is their responsibility to protect this information from those who are not authorised to use it or view it. They must ensure that whilst in their care, and when transporting this information to somebody else, they have done everything possible to protect this information and comply with the law and relevant NHS guidance.

Information and systems used to store it are important assets and it is essential to take all the necessary steps to ensure that they are protected, available and accurate at all times to support the operation of the Trust.

The Trust acknowledges that it must protect its own assets, as well as those of its partner organisations. It aims to preserve the following security principles.