DFID, in common with other Government Departments, is responsible for assessing its own security risks and setting appropriate policies and procedures to mitigate these in the context of its business objectives and in line with central government rules and guidance.
All UK based staff are bound by the provisions of the Official Secrets Act governing the disclosure of information.
All staff are bound by the departmental security rules and procedures. Staff should ensure they are familiar with and apply these rules. Line Managers are responsible for ensuring compliance in their work areas. Heads of Office/Department are accountable to Directors for ensuring security policies and procedures are adapted to local environments and implemented. Directors, supported by Heads of Office, are accountable for ensuring that duty of care is fulfilled for all staff working in their Division.
The Departmental Security Officer (DSO) and Security Section have overall responsibility for promulgating security policy, guidance dissemination and monitoring compliance. The Security Committee reviews and assesses security policies.
DFID security procedures are informed by the rules and guidance contained in the Cabinet Office Security Policy Framework (replacing the Manual of Protective Security). DFID's Security Manual and other guidance on the Security web-page on Insight summarises key security rules, processes and responsibilities. Heads of Office, Cabinets and Overseas Security Managers also have access to detailed overseas security guidance on the Security Managers Team Site.
Unless otherwise specified all security compliance matters apply equally to all DFID offices, whether in the UK or overseas, and are equally as relevant to UK based and Staff Appointed In Country (SAIC) staff, as well as temporary, casual or consultancy staff working in our offices.
Failure to comply with security policies and procedures may be recorded as a security breach and may be subject to disciplinary action taken. Unauthorised disclosure of official information may be regarded as a leak and be subject to disciplinary action.
1. Staff must wear building access photo passes visibly at all times while on DFID premises. However passes should not be worn outside of the office. The loss of a pass should be immediately reported to Security Section. Visitors to the office must be escorted at all times.
2. All information (whether in hard copy, on computer systems or on storage media) must be assessed and appropriately classified in line with the government protective marking system by the originator of the information. Information should be communicated, stored and (when necessary) destroyed in accordance with security management procedures related to the classification of the information involved. Access to Restricted and more highly classified material is governed by the "need-to- know" principle.
3. Equipment and physical assets must be recorded in the DFID asset register and suitably secured both in and out of the office (eg. laptops when travelling) to safeguard from theft and/or misuse.
4. DFID buildings in the UK and overseas must have physical security measures, procedures and rules in place commensurate with the perceived threat. Security Section directly manages physical security aspects in UK buildings. Each Head of Office is responsible for ensuring that overseas offices maintain appropriate protective security measures, drawing on advice and recommendations from the FCO Overseas Security Advisers (OSA). OSA recommendations must be implemented fully and promptly unless a Director agrees a waiver
5. All staff posted overseas (and frequent travellers) must attend or receive an appropriate overseas security awareness briefing before posting/travelling
6. Staff posted to or travelling to particularly dangerous locations (e.g.. currently Iraq, Afghanistan) must attend specific security protection courses before posting. Training will be specified and organised by the relevant Section/Department after consultation with Security Section
7. All staff posted overseas and visitors must receive a local in-country security briefing at Post on (or before) arrival
8. All breaches of security procedure, thefts and losses must be reported to Line Management and Security Section immediately on detection
9. All DFID staff (including SAIC) and other personnel working in a DFID office or accessing a DFID e-mail account (consultants, contractors, temps etc.) must as a minimum be cleared to the "Baseline Standard". Baseline Standard checks will also apply to staff DFID is recruiting on behalf of others.
10. National Security Vetting (CTC, SC or DV level) is required where staff and other personnel working for DFID require access to higher level classified information. Departments must submit a case to Security Section setting out the rationale for higher level clearance. The level of security clearance is specific to the post rather than individual and must be related to the actual requirements of the job. Security Section oversees and manages clearance procedures in line with Cabinet Office guidance.
11. Every department in the UK must have a Departmental Security Co-ordinator (DSC). They and their deputies are responsible for co-ordinating security within their departments and providing a first line response on some security issues e.g. re-setting combination locks. Security Section provide overall advice and co-ordination of DSCs.
12. Every DFID overseas office must have a Security Manager who will report to the Head of Office on all security issues. The nature of this post will vary from office to office and may be a part- or full-time job
13. Overseas Offices must report Security Incidents, including near misses, to Security Section
14. Directors will produce an annual security assurance statement for each of their overseas offices.
Bookmark with:
What are Bookmarks?