My Department places a high priority on information security and cyber defence. In line with best practice and guidance from Ireland’s National Cyber Security Centre, my Department has implemented a defence-in-depth cybersecurity strategy that includes people, processes and market leading technologies to mitigate the risk of cyber breach as effectively as possible.
In addition, my Department staff are aware that their obligations under the General Data Protection Regulation and Data Protection Acts 1988 to 2018 are not confined to the work premises. They apply equally when working remotely in any location.
Furthermore, my Department staff are alive to the risks associated with processing personal date while carrying out their duties within the remote environment. Data Protection training is compulsorily completed by all staff and this training encompasses the operation of data protection in the remote environment. Arrangements for remote working in my Department comply with the organisation's data protection policies. Additional measures are taken as necessary by all staff to ensure the security of confidential, personal and sensitive data when working remotely. Where the removal of files or documents from the workplace is necessary this can only be carried out in accordance with my Department’s Records’ Management Policy. Secure storage boxes must be used, and these are provided to staff for this purpose.
As part of the ergonomic assessments that all staff must carry out from their remote setting before being facilitated with remote working it must be determined that the workstation allows compliance with data security and applicable confidentiality standards.