Network
Version: V3
Ratified by:
Finance and Risk Committee
Date ratified: 02/04/2025
Job Title of author:
This Policy has been drafted by SBC Solutions in conjunction with the Technology Team as part of the ISO27001 engagement
Reviewed by Committee or Expert Group Technology Programme Board
Equality Impact Assessed by:
Related procedural documents
Assistant Director IT & Systems
IGPOL53 Information Security Policy, Malicious Software (Malware) Protection Policy
ITPOL08 Patch Management Policy
Review date: 02/04/2028
It is the responsibility of users to ensure that you are using the most up to date document template – i.e. obtained via the intranet
In developing/reviewing this policy Provide Community has had regard to the principles of the NHS Constitution.
Version Control Sheet
Version Date
Author Status Comment
V1 26/11/18 This Policy has been drafted by SBC Solutions in conjunction with the Technology Team as part of the ISO27001 engagement Ratified
V2
V3
27/04/22 This Policy has been drafted by SBC Solutions in conjunction with the Technology Team as part of the ISO27001 engagement RatifiedbyFIC
27/02/2025 Director of Technology Reviewed and aligned with ISO27001 2023
1. Introduction
The objective of this Policy is to protect the integrity of the Organisation’s information systems by the regular monitoring of network events (unusual network activity) and consistent updating of software (for example where a new version of a software package is made available due to a security vulnerability)
2. Responsibilities
The Technology Operations Manager is responsible for administrating and updating the individual event log monitoring procedures as necessary.
The Technology Operations Manager is responsible for the monitoring duties as required by this policy, and for escalating incident reports without delay to the Information Security Management System (ISMS).
3. Log Monitoring
The organisation will implement an automated Security Information and Event Management (SIEM) solution to collect, analyse, and correlate log data in real-time. Alerts must be generated for:
• Failed login attempts exceeding defined thresholds
• Multiple authentication failures from a single source
• Unusual data transfer patterns (data exfiltration attempts)
• Unexpected changes to system configurations or user privileges
The Head of Infrastructure and Cyber Security will arrange for the following to be monitored on a daily basis:
• All servers and services are up and working efficiently
• E-mail is working
• Backups were successful (monthly, daily etc.)
The Head of Infrastructure and Cyber Security will arrange for the following to be monitored on a regular basis:
• All Server event logs
• Antivirus logs
• Firewall event logs
When a serious event is noted, it must be escalated to the Technology Operations Manager and in their absence the Assistant Director for IT & Systems.
In addition to monitoring server event logs, firewall logs, and antivirus logs, the following logs must also be captured and monitored regularly:
• User authentication & access logs (Active Directory, Single Sign-On, Privileged Access Management).
• Cloud security logs (where applicable, including SaaS & PaaS monitoring).
• Database logs (for systems storing sensitive information).
• Network traffic analysis logs (e.g., NetFlow, IDS/IPS event logs).
• *Failed login attempts, privilege escalations, and unauthorised access attempts.
3.1 Security incidents identified through log monitoring must follow a structured response process.
The escalation path is as follows:
1. Head of Infrastructure and Cyber Security – First point of contact for investigating anomalies and assessing potential threats.
2. Director of Technology – If an incident is critical or affects core infrastructure, escalate immediately for strategic oversight.
3. Incident Response Team (IRT) – If the event is deemed a potential security breach, the IRT must coordinate containment and remediation efforts.
4. Data Protection Officer (DPO) – If the incident involves a personal data breach, the DPO must assess regulatory reporting obligations, including potential ICO notification within 72 hours.
5. Senior Information Risk Owner (SIRO) – If the incident poses a significant organisational risk, the SIRO must be informed to oversee risk mitigation and compliance measures
3.2 Monitoring processes will be regularly reviewed alongside related policies, including:
• Patch Management Policy (ITPOL08) for timely vulnerability mitigation
• Incident Management Policy (QSPOL01) for structured incident response
• Access Control Policy for privileged access monitoring.
Updating of antivirus software is automatic and is covered in IGPOL53 Information Security Policy.
4. Cloud Hosting Vulnerability Testing
To ensure the security of the Organisation’s data, our cloud hosting environment is scanned daily using a vulnerability assessment tool.
5. Log Retention & Integrity
All event logs must be retained for a minimum of 90 Days to support incident investigations and regulatory compliance. Logs must be securely stored in a tamperproof system, such as a Security Information and Event Management (SIEM) solution, ensuring real-time monitoring, anomaly detection, and forensic analysis.
6. Automated Threat Response
When a security anomaly is detected, the following response actions must be taken:
1. Automated alerts must be sent to the Head of Infrastructure and Cyber Security and security team.
2. High-risk events must trigger immediate investigation by the infrastructure Team.
3. Affected systems must be isolated where necessary to prevent further compromise.
4. For confirmed security incidents, follow the Incident Response Plan (QSPOL01 Incident Reporting and Management Policy).
EQUALITY IMPACT ASSESSMENT TEMPLATE: Stage 1: ‘Screening’
Name of project/policy/strategy (hereafter referred to as “initiative”):
Network Systems Monitoring Policy
Provide a brief summary (bullet points) of the aims of the initiative and main activities: To support a good level of network security
Project/Policy Manager: Assistant Director IT & Systems Date: 27/04/22
This stage establishes whether a proposed initiative will have an impact from an equality perspective on any particular group of people or community – i.e. on the grounds of race (incl. religion/faith), gender (incl. sexual orientation), age, disability, or whether it is “equality neutral” (i.e. have no effect either positive or negative). In the case of gender, consider whether men and women are affected differently.
Q1. Who will benefit from this initiative? Is there likely to be a positive impact on specific groups/communities (whether or not they are the intended beneficiaries), and if so, how? Or is it clear at this stage that it will be equality “neutral”? i.e. will have no particular effect on any group.
Neutral
Q2. Is there likely to be an adverse impact on one or more minority/under-represented or community groups as a result of this initiative? If so, who may be affected and why? Or is it clear at this stage that it will be equality “neutral”?
Neutral
Q3. Is the impact of the initiative – whether positive or negative - significant enough to warrant a more detailed assessment (Stage 2 – see guidance)? If not, will there be monitoring and review to assess the impact over a period time? Briefly (bullet points) give reasons for your answer and any steps you are taking to address particular issues, including any consultation with staff or external groups/agencies.
Neutral
Guidelines: Things to consider
• Equality impact assessments at Provide take account of relevant equality legislation and include age, (i.e. young and old,); race and ethnicity, gender, disability, religion and faith, and sexual orientation.
• The initiative may have a positive, negative or neutral impact, i.e. have no particular effect on the group/community.
• Where a negative (i.e. adverse) impact is identified, it may be appropriate to make a more detailed EIA (see Stage 2), or, as important, take early action to redress this – e.g. by abandoning or modifying the initiative. NB: If the initiative contravenes equality legislation, it must be abandoned or modified.
• Where an initiative has a positive impact on groups/community relations, the EIA should make this explicit, to enable the outcomes to be monitored over its lifespan.
• Where there is a positive impact on particular groups does this mean there could be an adverse impact on others, and if so can this be justified? - e.g. are there other existing or planned initiatives which redress this?
• It may not be possible to provide detailed answers to some of these questions at the start of the initiative. The EIA may identify a lack of relevant data, and that data-gathering is a specific action required to inform the initiative as it develops, and also to form part of a continuing evaluation and review process.
• It is envisaged that it will be relatively rare for full impact assessments to be carried out at Provide. Usually, where there are particular problems identified in the screening stage, it is envisaged that the approach will be amended at this stage, and/or setting up a monitoring/evaluation system to review a policy’s impact over time.
EQUALITY IMPACT ASSESSMENT TEMPLATE: Stage 2:
(To be used where the ‘screening phase has identified a substantial problem/concern)
This stage examines the initiative in more detail in order to obtain further information where required about its potential adverse or positive impact from an equality perspective. It will help inform whether any action needs to be taken and may form part of a continuing assessment framework as the initiative develops.
Q1. What data/information is there on the target beneficiary groups/communities? Are any of these groups under- or over-represented? Do they have access to the same resources? What are your sources of data and are there any gaps?
N/A
Q2. Is there a potential for this initiative to have a positive impact, such as tackling discrimination, promoting equality of opportunity and good community relations? If yes, how? Which are the main groups it will have an impact on?
Q3. Will the initiative have an adverse impact on any particular group or community/community relations? If yes, in what way? Will the impact be different for different groups – e.g. men and women?
Q4. Has there been consultation/is consultation planned with stakeholders/ beneficiaries/ staff who will be affected by the initiative? Summarise (bullet points) any important issues arising from the consultation.
Q5. Given your answers to the previous questions, how will your plans be revised to reduce/eliminate negative impact or enhance positive impact? Are there specific factors which need to be taken into account?
Q6. How will the initiative continue to be monitored and evaluated, including its impact on particular groups/ improving community relations? Where appropriate, identify any additional data that will be required.
Guidelines: Things to consider
• An initiative may have a positive impact on some sectors of the community but leave others excluded or feeling they are excluded. Consideration should be given to how this can be tackled or minimised.
• It is important to ensure that relevant groups/communities are identified who should be consulted. This may require taking positive action to engage with those groups who are traditionally less likely to respond to consultations, and could form a specific part of the initiative.
• The consultation process should form a meaningful part of the initiative as it develops, and help inform any future action.
• If the EIA shows an adverse impact, is this because it contravenes any equality legislation? If so, the initiative must be modified or abandoned. There may be another way to meet the objective(s) of the initiative.
Further information:
Useful Websites
www.equalityhumanrights.com Website for new Equality agency www.employers-forum.co.uk – Employers forum on disability www.disabilitynow.org.uk – online disability related newspaper www.efa.org.uk – Employers forum on age
© MDA 2007 EQUALITY IMPACT ASSESSMENT TEMPLATE: Stage One: ‘Screening’