ࡱ> z}yU  bjbjnn Jaa:D```lL <`m N"d"d"d"#"* ,1m3m3m3m3m3m3m$p>sdWm-##--Wmd"d"4lm:Z2Z2Z2-d"d"1mZ2-1mZ2Z2j)dhd"0G[.e2mm<mfsb/sdhshL--Z2-----WmWmZ2---m----s---------B :  ICT Contractor Security POLICY The National Library of Wales September 2018 Contents  TOC \o "1-3" \h \z \u  HYPERLINK \l "_Toc520451707" Introduction  PAGEREF _Toc520451707 \h 3  HYPERLINK \l "_Toc520451708" 1. Scope and definition  PAGEREF _Toc520451708 \h 3  HYPERLINK \l "_Toc520451709" 2. Objectives  PAGEREF _Toc520451709 \h 3  HYPERLINK \l "_Toc520451710" 3. Roles and responsibilities  PAGEREF _Toc520451710 \h 3  HYPERLINK \l "_Toc520451711" 4. Policy  PAGEREF _Toc520451711 \h 3  HYPERLINK \l "_Toc520451712" 4.1 Obligations on ICT Section and Facilities section  PAGEREF _Toc520451712 \h 3  HYPERLINK \l "_Toc520451713" 4.2 Obligations on ICT authorised contractors  PAGEREF _Toc520451713 \h 4  HYPERLINK \l "_Toc520451714" 4.3 Library Building Access management  PAGEREF _Toc520451714 \h 4  HYPERLINK \l "_Toc520451714" 4.4 Access to the Librarys Technical Infrastructure  PAGEREF _Toc520451714 \h 4  HYPERLINK \l "_Toc520451715" 4.5 Vetting  PAGEREF _Toc520451715 \h 4  HYPERLINK \l "_Toc520451716" 5. Monitoring and review of the policy  PAGEREF _Toc520451716 \h 4  HYPERLINK \l "_Toc520451717" 6. Declaration  PAGEREF _Toc520451717 \h 5  Introduction Measures relating to contractor security are important in order to protect information and infrastructure against any potential threat from persons who are contracted to carry out work for the Library, who are not staff members and who are given access to parts of the Library building or to the Librarys technical infrastructure which are otherwise restricted. 1. Scope and definition This policy relates to the measures in place to ensure the security of information held by the Library and the Librarys technical infrastructure against the risks associated with permitting access to external contractors. 2. Objectives The ICT Contractor Security Policy is a sub-policy of the Information Security Policy and it describes the methods employed in order to ensure the security of the Librarys information whilst permitting access by external contractors to secure areas. This is additional to the signing of the Facilities Contractor Safety Handbook which covers general contractor access to the Library. 3. Roles and responsibilities The ICT Section, Facilities Section and all sections allowing internal or external access to contractors shall be responsible for the implementation of the ICT Contractor Security Policy except for its technical aspects, which shall be the responsibility of the ICT Section. 4. Policy Obligations on ICT Section and Facilities section ICT staff will provide advance notice to the Facilities section of visiting ICT contractors to the Library by emailing prifporthor@llgc.org.uk . Facilities staff will provide advance notice to the ICT section of any contractors requiring access to the ICT TLB1 office, Enlli or Tanybwlch by emailing ictaccess@llgc.org.uk. Only permanent ICT staff can authorise contractor access to any ICT secure area, networks, systems or equipment and countersign the ICT Contractor Security Policy. Authorised external access and ongoing on-site access must be registered in the central Contractor Register of ICT Access by ICT staff and access; including enabled services on the firewall, removed at the end of the contract. Obligations on ICT authorised contractors Contractors should only access the part of the Library relevant to their work. Contractors should respect the property of the Library at all times and appreciate the need to take care to avoid any unnecessary damage. Contractors must sign a declaration that they have read the ICT Contractor Security Policy before they can work in ICT secure areas of the Library or be given on-site or external access to Library ICT equipment, systems and networks. Library Building Access management Access to all parts of the NLW building is managed by the card system and software. Policies for access are programmed into this management software. External contractors are normally given a standard card which gives access to most of the Library but excludes the ICT TLB1 office area and the Enlli and Tanybwlch machine rooms. Access to Enlli and Tanybwlch is set out in the Data Centre Policy and Enlli and Tanybwlch Procedures Contractors who wish to access ICT areas and machine rooms must be accompanied by ICT staff. A few regular contractors do have additional access and where necessary access to machine rooms such as Enlli and Tanybwlch is included in their security card. A list will be provided to the ICT department and these contractors will be reviewed and approved by the Head of ICT or the Operations Manager. Access to the Librarys Technical Infrastructure ICT contractors that have been allowed either on-site or external access to Library systems and networks must comply with the seventh data protection principle and provide a GDPR Privacy Statement. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Contractors must observe the confidentiality of the NLW, its staff and the information held in Library IT systems. Contractors must only access those areas of the Librarys technical infrastructure that are necessary to their work. Any technical access given will be logged in the central register (4.1.4) and authorised by a permanent ICT staff member. Access will then be removed at the end of the contracted work. Vetting New contractors are vetted once before they are allowed to work in the Library. 5. Monitoring and review of the policy The Contractor Security Policy shall be monitored regularly and reviewed as part of the Information Security Policy which is to be approved by the ICC. End. 6. Declaration I have read and understood the terms and conditions set out in the Contractor Security Policy. Contractor Name and Company: Signed: Date: Authorising ICT staff members name: Signed: Date:      PAGE \* MERGEFORMAT 2 !#ABLUZ[\]^ghƼƨơoj`jS`j`j}hUjhU hjhbh0J Uhbh0J jhbh0J UjhUh h$b\aJhOJQJ^Jhl%OJQJ^Jh7OJQJ^Jh$bOJQJ^Jh$bCJ aJ h$bh$bCJ,aJ,h|yCJ,aJ,hbbCJ,aJ,h$b5OJQJ^J  !"#ABCDEFGHIJKL[\]^gxgd]-xgd]- $xa$gd]- $xa$gd]- $xa$gd]-  # $ % & ' ( ) * + G H I J W X Y s t u v w x y z { ռՕռxռjhbh0J UjqhUjhbh0J UjwhUjhU hjhbh0J Uhhbh0J 'hhOJQJ\^JmHnHsH jhbh0J U,) y % v ; xdd7$8$H$[$\$gdj dd[$\$gdjxgd]- Lh      ! " # $ % & ' C D E F I ׺׺ÆxoxYx*jhbh0J UmHnHuhmHnHuhbh0J mHnHu$jhbh0J UmHnHujehUjhbh0J Uhhbh0J 'hhOJQJ\^JmHnHsH jhbh0J U hjhUjkhUI J { | }     + , - . ֵǢტqǢ[*jhbh0J UmHnHu#jYhUmHnHu*jhbh0J UmHnHuhmHnHu$jhbh0J UmHnHu#j_hUmHnHujhUmHnHuhmHnHuhbh0J mHnHuhhPJmHnHtH u#. 1 2 T U V p q r s t u v w x ֵǢxfǢT"Hh/#jh9;0J mHnHu#jMhUmHnHu*jhbh0J UmHnHuhmHnHuh0J mHnHu$jhbh0J UmHnHu#jShUmHnHujhUmHnHuhmHnHuhhPJmHnHtH uhbh0J mHnHu       5 6 7 8 9 : ; < = Y Z [ \ 񭞭ȸvrvbv]S]FSjA hUjhU hj hbh0J Uhhbh0J jhbh0J U#jG hUmHnHujhUmHnHuhmHnHuhhPJmHnHtH u$jhbh0J UmHnHu*jhbh0J UmHnHuhbh0J mHnHu wxnƲϔ{uld`hKhjhU5hUhe^J h|y^J hjhUh$bOJQJ^Jh"Vh|y jh5U\mHnHuj; hUj hbh0J Uhhbh0J 'hhOJQJ\^JmHnHsH jhbh0J UjhU h"o}0:lT9c= & Fdx7$8$H$[$^`gdj & Fx7$8$H$^`gdj & F^`gdd  & Fdx[$gdi8 dd[$\$gdj dd[$\$gdjno|})5<ORfvw!$,.H/03ƺƺƴƴƫ|hUhb^J hj^J h^J hl%^J h4&b^J hjhK hhhhhUhh^J h[T^J h7J^J h1w^J h*.Z^J hv.s^J h^Jh[fh|y^J hbb^J h|y^Jhjhh5h"V hjh"V039:I{  T_ho9HWbc+,<=Suy}ʾʾʷ hl%^J h9h^J hj^J h|y^Jh9h|y^J hjh|yhbb hZqh|yhthkh[/$h6h9hhr hv.shv.shyhv.shLhZ; hZqhZ;hjh|y5hh6%&'8IJ~UVX]dwNOWX岬嚬唋uhih#5^J h^J hl"^Jh9hl"^J h|y^J hQ^J hr?^J hbb^J h1w^J hl%^J hNW^J hj^J hR^J hjh|y hZqh|yh, h9hh9h^Jh9h|y^J ho^J h6^J h9h^J.='JXLyhxx7$8$H$^gd+C & Fxx7$8$H$^`gdu & Fdx7$8$H$[$gdi8 & Fdx7$8$H$[$^`gdj & Fxx7$8$H$^`gdu  & Fdx[$gdi8 & Fdx7$8$H$[$^`gd9h Y~KL34W^u}~۳ۭۧ{{{qjc hjh|y hZqh|yh+Ch5^J hr^J h^J h6^J h^Jhh+C5^Jh+Chwg5^J h+C^J h%QT^J h\0^Jh+Ch+C6h^_h^_0J!6h^_hwg5^J h*.Z^J hwg^Jhihwg5^Jhih@;5^Jhih, 5^J#L4El _ | } x$IfgdTgdT\xgdY dd[$\$gdj & F xx^`gdu  & Fdx[$gdi8 & Fxx7$8$H$^`gd+C & Fxx7$8$H$^`gd^_CDEHklp _ ſŹvj^OHv hThYhTh EXCJOJQJaJh EXCJOJQJaJhYCJOJQJaJhThYCJOJQJaJ"hThY56CJOJQJaJ hYhYhT\hT\hT\5mHRsHRhT\hT\mHRsHR hT\^J h^Jh lh"V^J hjh"V h lh"Vh"V!hjh"V5\^JmHnHu h|y^Jh9h|y^J }vtvtvtdd[$gdnkd $$Ifl#$ t0644 lap ytT x$IfgdT hThYCJOJQJaJjh gZU*h9;jh gZUmHRnH uh gZCJOJQJ^Jh gZhjhU d[$gd$a$$a$d,1h. A!"#$% / 01h. A!"#$% ,1h. A!"#$% ,1h. A!"#$% }DyK _Toc520451707}DyK _Toc520451707}DyK _Toc520451708}DyK _Toc520451708}DyK _Toc520451709}DyK _Toc520451709}DyK _Toc520451710}DyK _Toc520451710}DyK _Toc520451711}DyK _Toc520451711}DyK _Toc520451712}DyK _Toc520451712}DyK _Toc520451713}DyK _Toc520451713}DyK _Toc520451714}DyK _Toc520451714}DyK _Toc520451714}DyK _Toc520451714}DyK _Toc520451715}DyK _Toc520451715}DyK _Toc520451716}DyK _Toc520451716}DyK _Toc520451717}DyK _Toc520451717$$If!vh#v$:V l t065$p ytT )s666666666~~~vvvvvv666666>6666666666666666666666666666666666666666666666666hH6666666666666666666666666666666666666666666666666666666666666666662 0@P`p2( 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ OJPJQJ_HmH nH sH tH J`J Normal dCJ_HaJmH sH tH ^@^ "V Heading 1$<@&"5CJ KH OJPJQJ\^JaJ @$b Heading 2b$d%d&d'd-D@&M NOPQ;@PJmHnHsHRtH uR@R "V Heading 3$<@&5OJPJQJ\aJr@r$b Heading 5,&d@&PO';@ B*PJmHnHph6_sHRtH ur@r$b Heading 6,&d@&PO';@ B*PJmHnHph6_sHRtH uDA D Default Paragraph FontRi@R 0 Table Normal4 l4a (k ( 0No List h/h$bHeading 2 Char3;@CJPJaJfHmHnHq sHRu`/`$bHeading 5 Char+;@ B*CJPJaJmHnHph6_sHRu`/`$bHeading 6 Char+;@ B*CJPJaJmHnHph6_sHRuX@"X$b0Header 9r OJPJQJaJmHnHsHRuR/1R$b0 Header Char#CJOJPJQJmHnHsHRtH uT @BT$b0Footer 9r CJPJaJmHnHsHRuF/QF$b0 Footer CharPJmHnHsHRtH u`@`$bpTOC 2 h x&OJPJQJ\^JmHnHsHRtH uNN$bpTOC 1#OJPJQJaJmHnHsHRtH unOn U Text bodydx*$1$8$9D(CJKHOJPJQJ^J_H9aJnHtHR/R "VHeading 3 Char5CJOJPJQJ\aJtH RR 0 Balloon Text dCJOJQJ^JaJR/R 0Balloon Text CharCJOJQJ^JaJtH BB "V No Spacing dPJtH Z/Z "VHeading 1 Char&5CJ KH OJPJQJ\^JaJ tH f Af "Vp TOC Heading$@& %B*CJKHaJmH nHph6_sH tH.@. "VpTOC 3 ^6U`6 "V0 Hyperlink >*B*ph"o" ^_legdsj#j Y Table Grid7:V"0"D 2D0Revision#CJ_HaJmH sH tH B' AB bb0Comment ReferenceCJaJ<R< &bb0 Comment Text%CJaJ>/a> %bb0Comment Text ChartH @jQR@ (bb0Comment Subject'5\J/J 'bb0Comment Subject Char 5\tH PK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭Vc:E3v@P~Ds |w<v ]^J.J_JJ 55799999999999999< I . n3 !#=L  "$g$&')IXtvwy "#%E|   -Uqstv 689;[ X%X%X%X%X%X%X%X%X%ĕX%X%X%̕/1<!@ @H 0(  0(  B S  ?A _Hlt520451822 _Toc346797833 _Toc346797879 _Toc405293487 _Toc520451451 _Toc520451707 _Toc346797834 _Toc346797880 _Toc405293488 _Toc520451452 _Toc520451708 _Toc346010578 _Toc346010688 _Toc346797835 _Toc346797881 _Toc405293489 _Toc520451453 _Toc520451709 _Toc346797796 _Toc346797836 _Toc346797882 _Toc405293490 _Toc520451454 _Toc520451710 _Toc346797797 _Toc346797837 _Toc346797883 _Toc405293491 _Toc520451455 _Toc520451711 _Toc345669056 _Toc345670100 _Toc346010692 _Toc346010712 _Toc405293492 _Toc520451456 _Toc520451712 _Toc520451457 _Toc520451713 _Toc345669051 _Toc345670098 _Toc345681046 _Toc345681450 _Toc346010583 _Toc346010693 _Toc346010713 _Toc405293493 _Toc520451458 _Toc520451714 _Toc345669052 _Toc345670099 _Toc345681047 _Toc345681451 _Toc346010584 _Toc346010694 _Toc346010714 _Toc405293494 _Toc520451459 _Toc520451715 _Toc346797801 _Toc346797841 _Toc346797887 _Toc405293495 _Toc520451460 _Toc520451716xxxxxooooo0 0 0 0 0 0 9 9 9 9 : : : 9 9 &&&&&'''''EEEEEE@ 9: !"#$%&'()*+,-./012345678;<=>?@     nn|||||      9 9 9 9 9 9 k k b b b b b ''''IIIIIIkkkkkkkky ~ qv{ xo| 0 9 Ekl3LU[['Xw#| Ut9OOl l _ h o  8 8 9 9 &&''W^~kkklliifq1s>X8~eƨ> S>FX}p BO Dt%J BϼB,$BO{(NJ$C0gڨIB7IlAZAwHPUTM rH@d5gM*^N.3b8.jT^®nUxV0ºzfZpcCx"hfh ^`o(hH4.2.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.^`CJOJQJo(^`CJOJQJo(pp^p`CJOJQJo(@ @ ^@ `CJOJQJo(^`CJOJQJo(^`CJOJQJo(^`CJOJQJo(^`CJOJQJo(PP^P`CJOJQJo(h ^`o(hH4.2.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h^`5o(hH4.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h^`5o(hH4.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h5^5`5o(hH4.4.h ^`hH.h  L^ `LhH.h  ^ `hH.h u^u`hH.h EL^E`LhH.h ^`hH.h ^`hH.h L^`LhH. OJPJQJ"  OJPJQJ% OJPJQJ% OJPJQJ"  OJPJQJ% OJPJQJ% OJPJQJ"  OJPJQJ% OJPJQJ%h^`5o(hH4.h ^`hH.h L^`LhH.h m ^m `hH.h =^=`hH.h  L^ `LhH.h ^`hH.h ^`hH.h }L^}`LhH.h^`5o(hH4.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.^`o(. ^`hH. pL^p`LhH. @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PL^P`LhH.h^`5o(hH4.5.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.^`5o(hH4. ^`hH. pL^p`LhH. @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PL^P`LhH.^`CJOJQJo(^`CJOJQJo(pp^p`CJOJQJo(@ @ ^@ `CJOJQJo(^`CJOJQJo(^`CJOJQJo(^`CJOJQJo(^`CJOJQJo(PP^P`CJOJQJo(h ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h^h`o(h^h`o(.0^`0o(..0^`0o(... 8^8`o( .... 8^8`o( ..... `^``o( ...... `^``o(....... ^`o(........h^`5o(hH4.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h^`5o(hH4.3.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.^`5o(hH4. ^`hH. pL^p`LhH. @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PL^P`LhH.^`5o(hH4. ^`hH. pL^p`LhH. @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PL^P`LhH.h^`5o(hH4.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h ^`o(hH4.1.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.5^5`5o(hH4. ^`hH. pL^p`LhH. @ ^@ `hH. ^`hH. L^`LhH. ^`hH. ^`hH. PL^P`LhH.ZA1sUTMJ O{(*^N~e$C0> S}p V$nUO IB7BCxH8.jTfZpd5gMBK        BK        =        =        $r{        =        =                 J         #.x                 =        ~        J*        j^        =         J        n>v         qkZ?eD o ) A+ |B An i8,)q)XbqZ*]~SZ.YLhjLtmU!R"#ZU#[/$l%9:(F~(/)@*e*6j*++N#,2C,D,]-<-c./S/\0,2=75kC6e7i8!94:@;Z;-l;B <r?l @j|A+CPCEvEXGCH7JxJ+K>K vO9Q[QwQ/S0@S%QTTTU"VNW|W$X EXSX*.ZRVZ gZB\E]5`Nacabbb$b4&bicuf(g'Rgwg$m;pu'p.pK=pq r"tr su$sv.sttz7uyv1w7Q# ,7^^_/q?PtoRRTo!#6g->z6%7Z1s)$K, !mb 9;Xa[9huMN(I!LT_YQ&_D]ab.59 ?T\P~-A@@UnknownKathleen Matthews G.[x Times New Roman5Symbol3. .Cx Arial7.*{$ Calibri7@CambriaiLiberation SerifTimes New Roman_ Lohit HindiTimes New Roman5. .[`)Tahoma=OpenSymbolA$BCambria Math"1hi'/#jpJg , ,!0 JqHP  $P$b2! xxg4  Dafydd TudurKathleen Matthewsd                 Oh+'0|   , 8 D P\dltDafydd TudurNormalKathleen Matthews7Microsoft Office Word@캃@hN@"MS@[ ?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghjklmnoprstuvwx{|Root Entry F =S~Data &1Table.tWordDocument JSummaryInformation(iDocumentSummaryInformation8dMsoDataStore  =S =S1B0UUKWHWHA==2 =S =SItem  PropertiesCompObj rK4JA5VEKQWDE05XA==2  =S =S  !"#$%&'()*+,-./012385679:;<=> sion="1.0" encoding="UTF-8" standalone="no"?> temID="{51954E4C-11F3-4FA7-9FB7-21B5C778B371}" xml  F Microsoft Word 97-2003 Document MSWordDocWord.Document.89q This value indicates the number of saves or revisions. The application is responsible for updating this value after each revision. tomXml"/>repoint/v3/contenttype/forms">DocumentLibraryFDocumentLibraryFormDocumentLibraryFormDocumentLibraryFormBD0-C023-49B7-9839-9C87B0C2665C}" xml w>ffice/2006/metadata/longProperties"/> ՜.+,D՜.+,H hp   Llyfrgell Genedlaethol Cymru,   Title(`lx       _PID_HLINKS7display_urn:schemas-microsoft-com:office:office#EditorOrder7display_urn:schemas-microsoft-com:office:office#Author xd_SignatureComplianceAssetId TemplateUrl xd_ProgID _ExtendedDescription ContentTypeId TriggerFlowInfo _SourceUrl_SharedFileIndexAH7D_Toc5204517177>_Toc52045171678_Toc52045171572_Toc5204517147,_Toc5204517147&_Toc5204517137 _Toc5204517127_Toc5204517117_Toc5204517107_Toc5204517097_Toc520451708