1 Information security
When accessing the facility the user is responsible for the security of the information they access and distribute. Information is an asset which, like other important business assets, has value to an organisation and consequently needs to be suitably protected. Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post, shared verbally or using electronic means. Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected. Information Security can be defined as protecting confidentiality, integrity and availability of data and information.
Confidentiality: Access to information is confined only to those with specified authority to view that data
Integrity: Safeguarding the accuracy and completeness of information by protecting against unauthorised changes or deletions, whether deliberate or accidental.
Availability: Information is delivered in a controlled fashion to the right person, when it is needed.
Where a breach of information security either accidental or deliberate has caused loss or damage to the information held, including the disclosure of information to someone not authorised to see it should be reported to Yunus Gajra (Business Development Manager) via e-mail at: yunus.gajra@wypf.org.uk as soon as practical following the event.
2 Data protection
The Data Protection Act controls how personal information is used by organisations, businesses or the government. Every who is responsible for using data has to follow strict rules called the “data protection principles”.
They must make sure the information is:
Used fairly and lawfully
Used for limited, specifically stated purposes
Used in a way that is adequate, relevant and not excessive
Accurate
Kept for no longer than is absolutely necessary
Handled according to people’s data protection rights
Kept safe and secure
Not transferred outside the UK without adequate protection
The user needs to understand their responsibilities in complying with the Data Protection Act 1998 (the Act) and all users must be aware of the potentially far-reaching effects of this legislation and should ensure that they are aware of the legislation that affects them at work. The Data Protection Act is part of this. The user should know that they are operating in a legal framework i.e that the data they work with is notified; they should generally know who they can and cannot disclose information to.
The user should be aware that members have the right of Subject Access and must only record information which is properly expressed and accurate. Gossip, innuendo and rumour must be avoided.
3 Registering for an account
WYPF will issue a login name and password upon request from the employer. To obtain a login name someone from your organisation must complete the Main Contacts Registration Form and each nominated user must complete the Secure administration agreement. Each user must log on to the Civica Employer Portal immediately using their unique username and password and change their password. Passwords should comply with the information set out in the"passwords for controlled access" section.
4 Cancelling your account
The user must inform WYPF when they are leaving or no longer require access to the secure administration facility. Where the user is unable to notify WYPF it is the responsibility of the main contacts at the employer to send the notification. Accounts should be deactivated as soon as possible after it is known that the account is no longer required.
5 Passwords for controlled access
The user must change their password immediately if they think that it has been compromised and should routinely change their password every 60 days, even if the system does not force them to change their password.
Passwords must meet the following minimum standard:
Password length of 8 characters or more
Contain characters from at least three of the following four categories:
Upper case characters (A…Z)
Lower case characters (a…z)
Numbers (0…9)
Special characters (eg. !,@,$,*)
Must not contain all or part of your user name
Do not reuse the same password within 20 password changes
5.1 Avoid common password pitfalls
Cyber criminals use sophisticated tools that can rapidly decipher passwords.
Avoid creating passwords that use:
Dictionary words in any language.
Words spelled backwards, common misspellings, and abbreviations.
Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
Personal information. The users name, birthday, driver's license, passport number, or similar information.
5.2 Protecting Passwords
It is of utmost importance that the user protects their password at all times:
Never reveal their passwords to anyone.
Never use the 'remember password' function.
Never write their passwords down or store them where they are open to discovery or theft.
Never store their passwords in a computer system without encryption.
Do not use the same password to access different systems.
Do not use the same password for systems inside and outside of work.
5.3 Changing Passwords
All user passwords must be changed at a maximum of every 60 days, or whenever a system prompts the user to change it. If the user is given a new password for a new system or following a password re-set, they must change it immediately so that they know no one else knows it. If they become aware, or suspect, that their password has become known to someone else, they must change it immediately and report it to the helpdesk immediately.
6 Availability
WYPF will use all reasonable endeavours to ensure that this facility is fully operational at all times and that transmissions will be error-free. However, access to this facility may be interrupted or restricted by us at any time in order to allow for emergency or routine repairs or maintenance to be carried out or for the introduction of new facilities or services. We will attempt to limit the frequency and duration of any such suspension or restriction.
We will do our best to correct any errors and omissions as quickly as is practicable after being notified of them.
While we shall use our best endeavours to try and ensure at all times that this facility shall be free from any viruses or contaminating or destructive properties, WYPF does not make any warranty that this facility is free from infection by viruses or anything else that has contaminating or destructive properties, and the user should ensure that they have appropriate and adequate safeguards in place on their own computer to detect such viruses or contamination or destructive properties.
7. Copyright
The site, the layout, design, structure and all its content are the property of WYPF.
Written permission should be requested and obtained beforehand for any commercial use by emailing us at wypf@bradford.gov.uk
Some of the website is the intellectual property of Civica plc.
8. Accessibility
WYPF is committed to ensuring that this facility is accessible to the widest possible range of people. We endeavour to continually assist users to access the facility in accordance with the Disability Discrimination Act 1995. If the users has any questions or suggestions regarding the accessibility of this facility, or if they have difficulty using any part of it, please contact us on telephone number 01274 434999 or email pensions@wypf.org.uk
9. Revision of terms and conditions
WYPF may at any time revise these terms and conditions without notice by posting changes online. It is the responsibility of users to review all information posted online. These changes will be effective and binding from when they appear on this site.
10. Complaints and Comments
If you have any complaints or comments about our website please contact us as at:
WYPF
PO Box 67
Bradford BD1 1UP
E-mail: pensions@wypf.org.uk
Phone: 01274 434999
11. Disclaimer
Whilst every care has been taken to ensure the accuracy of the information on this facility we cannot guarantee that inaccuracies will not occur. No responsibility will be assumed by WYPF for any direct or consequential loss, financial or otherwise, damage or inconvenience, or any other obligation or liability incurred by users of the facility.
The information on this facility is for general use only and does not cover every personal circumstance. If there is any disagreement over pension benefits due under the Local Government Pension Scheme, the appropriate legislation will apply. This facilty does not give the user or their members any contractual or legal rights, and is provided for information purposes only.
WYPF reserves the right to make changes to this facility without notice. In no event shall WYPF be liable for damages arising out of or related to the information contained within pages on this facility.
