NR NR/L1/INF/02232 ISSUE 2 PDF

This policy applies to all Users who have access to Network Rail information and information systems.

This policy describes the framework for governance management and of security requirements for information and information systems.

It applies to Network Rail information that is accessed, processed, used or handled in both electronic and non-electronic format.

NOTE: Failure to comply with this policy might constitute a breach of terms and conditions of employment or contract and can lead to legal or disciplinary action including dismissal or termination of contract. In instances where disciplinary action is required this will be in accordance with the Network Rail Fair Culture process.

Purpose

The purpose of this policy is to set Network Rail’s priorities for Information Security.

Information Security supports Network Rail business objectives by protecting the information it requires to achieve these.

Through consistent identification, understanding and assessment of information security risks Network Rail is able to apply appropriate controls in order to manage information security risks at the appropriate level for the company.