Those of you who are working on public sector projects will probably be aware of the recent ban imposed on taking unencrypted laptops out of government facilities.
I've recently been passed some revised guidance (due for release today/tomorrow) that will be sent out to departments requiring them to ensure that all contractors/consultants confirm either that:
- they do not have any government data on their personal/company laptops
OR
- that they comply with the standards set out in the Data Protection Act, and in particular that their laptop hard disc drives are encrypted to FIP 140-2 standards
I do encrypt my hard disc at present (using PGP), but am no security expert. Can any of you wiser heads advise on...
- what products they've used/would recommend to encrypt a laptop to meet FIP 140-2
- what else they would recommend a one-person contracting company to do in order to comply with the Data Protection Act (in terms of written data protection policy, backup and archive procedures etc).
The current situation is a pain in the a**e, but there is a potential payoff. If I can get a standard set of policies/procedures for compliance, then it should be possible to start operating using only the one laptop (my company's) rather than having to lug around my client's laptop as well (may also help deal with some of the IR35 pointers that chase you around when doing government work....)
I've recently been passed some revised guidance (due for release today/tomorrow) that will be sent out to departments requiring them to ensure that all contractors/consultants confirm either that:
- they do not have any government data on their personal/company laptops
OR
- that they comply with the standards set out in the Data Protection Act, and in particular that their laptop hard disc drives are encrypted to FIP 140-2 standards
I do encrypt my hard disc at present (using PGP), but am no security expert. Can any of you wiser heads advise on...
- what products they've used/would recommend to encrypt a laptop to meet FIP 140-2
- what else they would recommend a one-person contracting company to do in order to comply with the Data Protection Act (in terms of written data protection policy, backup and archive procedures etc).
The current situation is a pain in the a**e, but there is a potential payoff. If I can get a standard set of policies/procedures for compliance, then it should be possible to start operating using only the one laptop (my company's) rather than having to lug around my client's laptop as well (may also help deal with some of the IR35 pointers that chase you around when doing government work....)
Comment