scope:

This standard applies to all Network Rail employees and all Users of Network Rail's Information and Information Systems.

This standard and the Information Security Policy Documents supporting it provide requirements and state what is and is not acceptable. It applies to use of information including when not using computers to access or process information. Secure working practices are still required when handling documents electronically or in hard copy form.

NOTE Failure to comply with this standard may constitute a breach of terms and conditions of employment or contract and can lead to legal or disciplinary action including dismissal or termination of contract.

Purpose

The purpose of this standard is to set Network Rail's policy and priorities for Information Security. Information Security supports Network Rail's objectives by protecting the information it requires to achieve these. Network Rail has legal and regulatory obligations relating to Information Security.

Through consistent identification, understanding and assessment of information security risks Network Rail is able to apply appropriate controls in order to manage information security risks at the appropriate level for the company.