Merge branch 'master' of github.com:DataMigrators/datamigrators.github.io

Author: johnmckeever

.github/workflows/publish-to-github-pages.yml

@@ -9,11 +9,17 @@ on:
       - master
 
 jobs:
-  build:
+  Build_And_Publish:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
           node-version: 16
-      - run: yarn install && yarn run deploy
+      - name: Build Gatsby Pages
+        run: yarn install && yarn run build 
+      - name: Publish 
+        run: git remote set-url origin https://git:${GITHUB_TOKEN}@github.com/DataMigrators/datamigrators.github.io.git && npx gh-pages -d public -u "github-actions-bot <support+actions@github.com>" -b main
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+

.travis.yml

@@ -0,0 +1 @@
+docs.datamigrators.com

CNAME

@@ -9,8 +9,7 @@
     "build": "gatsby build",
     "build:clean": "yarn clean && gatsby build",
     "serve": "gatsby serve",
-    "clean": "gatsby clean",
-    "deploy": "gatsby build && gh-pages -d public -b main"
+    "clean": "gatsby clean"
   },
   "dependencies": {
     "gatsby": "^4.20.0",

package.json

@@ -16,8 +16,6 @@
       path: /licenses/license-WTFPL
 - title: Policies
   pages:
-    - title: John Test
-      path: /john_test
     - title: Acceptable Encryption Policy
       path: /policies/acceptable_encryption_policy
     - title: Acceptable Use Policy
@@ -56,6 +54,8 @@
       path: /policies/end_user_encryption_key_protection_policy
     - title: Ethics Policy
       path: /policies/ethics_policy
+    - title: Information Governance Policy
+      path: /policies/information_governance_policy
     - title: Information Lifecycle Management Policy
       path: /policies/information_lifecycle_management_policy
     - title: Internet Usage Policy
@@ -82,6 +82,8 @@
       path: /policies/removable_media_policy
     - title: Risk Assessment Policy
       path: /policies/risk_assessment_policy
+    - title: Risk Management Policy
+      path: /policies/risk_management_policy
     - title: Secure Software Delivery Lifecycle
       path: /policies/secure_software_delivery_lifecycle
     - title: Security Response Plan Policy
@@ -98,5 +100,7 @@
       path: /policies/software_installation_policy
     - title: Technology Equipment Disposal Policy
       path: /policies/technology_equipment_disposal_policy
+    - title: Vendor Management Policy
+      path: /policies/vendor_management_policy
     - title: Workstation Security for HIPPA Policy
       path: /policies/workstation_security_for_hipaa_policy

src/data/nav-items.yaml

@@ -34,7 +34,7 @@ The Cyber Security Policy is structured as a set of related documents covering e
 - [Cloud Computing Policy](cloud_computing_policy)
 - [Code Of Conduct Policy](code_of_conduct_policy)
 - [Communications Equipment Policy](communications_equipment_policy)
-- [Cybersecurity Executive Summary](cybersecurity_executive_summary.md)
+- [Cybersecurity Executive Summary](cybersecurity_executive_summary)
 - [Data Breach Response](data_breach_response)
 - [Database Credentials Policy](database_credentials_policy)
 - [Data Protection Policy](data_protection_policy)

src/pages/john_test.md

@@ -78,16 +78,16 @@ Remove the user's access to the following platforms and services:
   - Delete account pending review
 - Delete accounts from SaaS ALM systems
   - GitHub
-  - Azure DevOps (covered previously)
-- Delete accounts from self-hosted ALM systems (dm-demo-alm.*)
-  - Azure Server (if relevant)
-  - GitHub Server :question_mark:
-  - GitLab
-  - Jenkins
+  - Azure DevOps
+- Delete accounts from self-hosted ALM systems (`dm-demo-alm.*`)
+  - Azure Server (self-hosted)
+  - GitHub Server (self-hosted)
+  - GitLab (self-hosted)
+  - Jenkins (self-hosted)
 - Verify then remove user’s objects on the AWS dm-sandbox account
-- Remove any user-specific accounts on dm-demo-alm and dm-demo-datastage environments
-- Do whatever we have to do in Xero :question_mark:
-- Do whatever we have to do in Harvest :question_mark:
+- Remove any user-specific accounts on `dm-demo-alm` and `dm-demo-datastage` environments
+- Offboard in Xero
+- Offboard in Harvest
 Remove any relevant account from the following services: 
 - Bitdefender
 - Box

src/pages/policies/cybersecurity_executive_summary.md

@@ -0,0 +1,140 @@
+---
+title: Information Governance Policy
+description: Data Migrators; Information Governance Policy
+keywords: 'information,data,governance,retention,policy'
+---
+
+<PageDescription>
+
+This page describes Data Migrators’ policy on information governance.
+
+</PageDescription>
+
+<AnchorLinks>
+  <AnchorLink>Overview</AnchorLink>
+  <AnchorLink>Purpose</AnchorLink>
+  <AnchorLink>Scope</AnchorLink>
+  <AnchorLink>Policy</AnchorLink>
+  <AnchorLink>Compliance</AnchorLink>
+  <AnchorLink>Exceptions</AnchorLink>
+  <AnchorLink>Non-compliance</AnchorLink>
+  <AnchorLink>Related Documents</AnchorLink>
+  <AnchorLink>Definitions and Terms</AnchorLink>
+</AnchorLinks>
+
+## Overview
+
+Data Migrators is committed to managing Information as an organisational asset that is created, used and shared effectively while meeting legislative requirements.
+
+Information governance provides the framework, strategic objectives, policies and standards to manage Information as an asset. This policy, supporting procedures and associated resources support effective Information governance to optimise the integrity, security, availability and quality of DM Information.
+
+## Purpose
+
+This policy establishes the framework and principles for effective data and information (Information) governance which supports the functions and activities of DM.
+
+
+## Scope
+
+This policy applies to all individuals who manage, handle or process DM Information, including DM staff, contractors, visitors and partners. This also includes third parties (suppliers) and agents of the organisation who are bound to DM policy where their contract of engagement with the organisation specifically provides for this.
+
+This policy applies to the creation, storage, management, control, access, transfer and destruction of Information throughout its lifecycle in all its forms: both in digital and non-electronic formats.
+
+## Policy
+
+### Principles
+
+Data Quality from creation - DM implements procedures and practices to ensure that Information is captured accurately and completely, and that the quality of Information is monitored, managed and continuously improved throughout its lifecycle.
+
+**Information is discoverable** - DM Information classification is applied to enable appropriate management of Information, to ensure Information is easy to find and to promote its re-use. 
+
+**DM supports openness and collaboration** - DM Information is accessible and transparent. Access to Information should only be restricted when required by legislation, policy or contract. 
+
+**Information is protected from unauthorised access, use and disclosure** - DM Information is managed in accordance with procedures and resources established by this policy, the Privacy Policy, and the Information Technology and Security Policy.
+
+**Information is retained, managed and disposed of lawfully and ethically** – DM Information collection, creation, use, re-use and exchange is performed according to ethical practices, applicable laws and with due consideration for individual privacy. 
+
+**DM is a digital organisation** - Information is created and retained in a digital format unless otherwise required by legislation.
+
+**A data-literate workforce** - DM is committed to ensuring that staff have the knowledge, competencies and ability to interact with Information in their roles.
+
+### Information Governance Framework
+
+The Information Governance Board provides advice and recommendations for strategy, policy and risk-related matters impacting DM's Information.
+
+Information Governance priorities are guided by the value of Information to DM, government and the community over time, considering the risks of improper management of Information.
+
+DM is the custodian of all Information managed by DM. No individual function or group own any part of Information.
+
+An individual assumes the role of Information Custodian when DM Information is in their possession.
+
+Information Governance controls are defined in consultation with Information Stewards. The Information Stewards Group is established to provide operational support and recommendations to the Information Governance Board.
+
+### Responsibilities
+
+All individuals who manage, handle or process DM Group Information as set out in the scope of this policy are responsible for:
+
+ - ensuring that they understand and adhere to the framework and principles established by this policy
+ - managing DM’s Information in accordance with procedures and resources under this policy, the Privacy Policy and Information Technology and Security Policy
+ - supporting a culture that promotes good Information governance practices and reporting any identified compliance breaches or incidents.
+
+Information Custodians are:
+
+ - responsible for ensuring that appropriate controls and processes are in place for the protection of Information under their custodianship in accordance with all applicable policies, legislation and contractual agreements
+ - accountable for decisions and implications of access to Information under their custodianship. This includes Information sharing and access, movement of Information, physical protection and integration between systems.
+
+The Information Governance Board and its members are responsible for:
+
+ - providing strategic direction and advocating for Information governance in the best interests of DM.
+
+Information Trustees are:
+
+ - accountable for Information governance decisions that impact how Information is managed in their Information Domain
+ - responsible for nominating Information Stewards for their Information Domain.
+
+Information Stewards are responsible for:
+
+ - providing operational support to Information Trustees and relevant stakeholders for Information within their respective domains as set out in the Information Domain Register
+ - taking steps to improve the quality and compliance of Information identified as high-priority to DM.
+
+The Chief Data and Analytics Officer is responsible for:
+
+ - overseeing Information governance at DM to ensure effectiveness and fitness for purpose
+ - establishing an Information Governance Network comprised of Information Stewards and Information Trustees
+ - promoting a data-driven culture and encouraging DM staff to develop capability, competency and knowledge to interact with Information in their roles.
+
+The Chief Information Officer is responsible for:
+
+ - providing Information Technology services for storage, processing, safekeeping and the integrity of Information in digital formats under the custodianship of DM
+ - implementing appropriate safeguards without creating unjustified obstacles to the conduct of DM operations and the provision of services, as specified in the Information Technology and Security Policy. 
+
+The Chief Information Security Officer is responsible for:
+
+ - implementing appropriate Information and Information security controls, processes and technologies to protect DM from cybersecurity threats
+monitoring and improving the effectiveness of security controls for Information in digital formats under the custodianship of DM.
+
+The Privacy Office is the first point of contact for privacy matters within DM and is responsible for:
+
+ - overseeing responsible handling of personal, sensitive and health information in all its forms, consistent with relevant legislation, as specified in the DM Privacy Policy.
+
+## Exceptions
+
+Any exception to the policy must be approved by the DM directors in advance.
+
+## Non-Compliance
+
+An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
+
+## Related Documents
+
+This policy is to be read in conjunction with existing University policy documents which include but are not limited to the following:
+
+ - Research Policy
+ - Privacy Policy
+ - Information Technology and Security Policy
+ - Intellectual Property Policy
+
+
+## Definitions and Terms
+
+n/a
+

src/pages/policies/employee_off_boarding_policy.md

@@ -134,16 +134,9 @@ An employee found to have violated this policy may be subject to disciplinary ac
 ## Related Documents
 
 - [Encryption Policy](acceptable_encryption_policy)
-
-- Information Governance Policy
-- Confidentiality & Data Protection Act Policy
-- Information Sharing Policy
+- [Information Governance Policy](information_governance_policy)
+- [Data Protection Policy](data_protection_policy)
 - [Security Response Plan Policy](security_response_plan_policy)
--  Information Security Policy
- Subject Access Request Policy & Procedure
- Information Risk Policy
- Freedom of Information Policy
-
 
 
 ## Definitions and Terms