sender” information in the event that the mail is undeliverable.
Staff must adhere to the HSE’s Password Standards Policy
All passwords must be unique and must be a minimum of 8 characters. If existing systems
are not capable of supporting 8 characters, then the maximum number of characters
allowed must be used. Passwords must contain a combination of letters (both upper &
lower case), numbers (0-9) and at least one special character (for example: “, £, $, %, ^, &,
*, @, #, ?, !, €).
Passwords must not be left blank.
Users must ensure passwords assigned to them are kept confidential at all times and are
not shared with others including co-workers or third parties. In exceptional circumstances
where a password has to be written down, the password must be stored in a secure locked
place, which is not easily accessible to others.
For full details please refer to the HSE Password Policy on HSE intranet at
http://hsenet.hse.ie.
http://hsenet.hse.ie/HSE_Central/Commercial_and_Support_Services/ICT/Policies_and_Procedu
res/Policies/
Staff must adhere to the HSE’s Encryption Policy
Confidential and personal information stored on shared HSE network servers which are
situated in physically unsecure locations, for example, remote file/print servers, must be
protected by the use of strict access controls and encryption. All devices used for the
storage and processing of personal data must be encrypted. It is the responsibility of each
device owner to ensure that the device is appropriately secure.
Where possible all confidential and personal information must be stored on a secure
HSE network server with restricted access. Where it has been deemed necessary by
the information owner to store confidential or personal information on any device
other than a HSE network server the information must be encrypted.
HSE desktop computers which for business or technical reasons need to store/host
HSE clinical or employee information systems and/or confidential or personal
information locally (as opposed to a secure HSE network server) must have HSE
approved encryption software installed.
HSE desktop computers used by employees to work from home (home working)
must have HSE approved encryption software installed.
All HSE laptop computer devices must have HSE approved encryption software
installed prior to their use within the HSE. In addition to encryption software the
laptop must be password protected and have up to date anti-virus software installed.
Only HSE approved USB memory sticks which are distributed by the ICT Directorate
may be used to store or transfer HSE data. HSE I.T. security policies specifically
prohibit the storage of HSE data on unapproved encrypted / unencrypted USB
memory sticks and USB memory sticks which are the personal property of staff and
are not owned or leased by the HSE.
HSE employees who have been issued with a HSE approved USB memory stick
must take all reasonable measures to ensure the memory stick is kept secure at all
times and is protected against unauthorised access, damage, loss and theft.
HSE approved USB memory sticks must only be used on an exceptional basis where
it is essential to store or temporarily transfer confidential or personal data. They must
not be used for the long term storage of confidential and personal data, which must
where possible be stored on a secure HSE network server.
Specific services or areas may take local decision to prohibit completely the use of
encrypted USB memory sticks to store personal data.
For full details please refer to HSE Encryption Policy on HSE Intranet at
http://hsenet.hse.ie