Information Security Policy
The National Portrait Gallery needs to ensure the security of all its information, whether as paper copies or computer data. The majority of information is either publicly available or not sensitive, but many members of staff do handle sensitive data (such as a new member’s bank account details or a confidential report). The Gallery follows the requirements of the Data Protection Act (see section 4) and this policy requires all employees to familiarise themselves with the Gallery’s information security requirements and adhere to them.
2. Security of Information at work
The security of information is important and is the responsibility of each employee. All staff, as well as volunteers, work experience students , interns, freelancers, and additionally any contractors who are permanently based on site and thus are given access to Gallery Information Technology (IT) systems (e.g. Searcy’s, Lorne Stewart), must read and sign the Use of National Portrait Gallery Information Systems document (Appendix 2). Signed confirmation of having read this document is retained for all employees, freelancers or contractors.
IT security is important, but in addition consideration must always be given to the security of paper-based information. The Gallery expects that:
- Any confidential or sensitive paperwork should be kept locked in a secure drawer or filing cabinet, and not left on a desk.
- If a document contains confidential material, it should be marked CONFIDENTIAL as a header on every page or as a watermark. An outline definition of Confidential or In Confidence is attached at Appendix 1.
- Anyone receiving a confidential document, whether internal or external, and who no longer needs it, should dispose of it securely by either placing it into a red confidential waste sack or by shredding it. Shredders are available in Personnel, Finance, Communications and Development, and the Curatorial Office.
3. Security of Information when travelling or at home
Staff may read work documents while travelling by public transport, either as hard copies or on a laptop or mobile phone. It is important to be aware in these circumstances that others could be reading your document over your shoulder. Confidential documents should not be read in vulnerable places.
If working at home, security of data still applies. Confidential Gallery information must not be stored on your personal computer. It is possible to access all work documents from home by following the directions in the Working from Home Procedures (Appendix 3). Transferring data on a pen drive/USB key creates unnecessary vulnerabilities as it could be lost. Wherever possible, if working from home staff should use the Remote Access Server as described in the attached procedures (Appendix 3).
4. Gallery Records
For the purposes of this policy, information includes records, in any format, that have been generated or received by the National Portrait Gallery in the course of its activities. Records can be held in any format including paper documents, photographs, e-mails, videos, slides, audio recordings, databases or any multimedia formats. The records of the National Portrait Gallery are public records and their management, including conditions of access, is governed by the Gallery’s Archive and Records Management Policy, Gallery records must not be removed from the premises.
5. Data Protection
Personal data is handled in many areas of the Gallery and is covered by the Data Protection Act. The Gallery’s Data Protection Policy is available on the website, in the About Us section under ‘Freedom of Information’. Every member of staff must attend a data protection briefing session or, for those handling personal data, data protection training, both of which are run in-house annually (or more frequently if the need arises). Advice can be provided by the Contracts and Procurement Adviser (ext 6672).
6. Anonymous Reporting of Security Incidents
Any concerns about security of data should be raised with a line manager or with the Head of Resources. However, an occasion might arise when there is a need to report a concern anonymously. The Gallery’s whistleblowing procedure (part of the Anti- Fraud Policy) states the procedure to follow.
7. Examples of Misuse of Gallery IT Systems
It is impossible to list every possible misuse that could compromise or threaten the Gallery’s IT systems. All employees are trusted, and examples are given in the Use of National Portrait Gallery Information Systems document (Appendix 2) of actions that are permitted and those that are not. If in doubt about any action that might be construed as misuse, a line manager’s advice or that of the Head of IT or Head of Resources should be sought. Please note that misuse of Gallery information systems can be a disciplinary offence. Misuse includes the following:
- Attempting to modify or remove computer equipment, software or accessories;
- Accessing without proper authorisation computers, software, information or networks to which the Gallery belongs, regardless of whether the resource is owned by the Gallery or the abuse takes place from a non-Gallery site;
- Any actions that interfere with the access of others to information systems;
- Disregarding security measures designed to protect the Gallery’s information systems;
- Installing any software without express approval of the IT department. This includes software downloaded from the Internet or received as an email attachment;
- Violating any software license or copyright, including copying or redistributing copyrighted software, without the written authorisation of the software owner;
- Reading other users’ information or files without permission;
- Using electronic communications to hoard, damage or otherwise interfere with the Gallery’s resources available electronically;
- Launching a computer virus or other rogue program;
- Downloading or posting illegal, proprietary or damaging material to a Gallery computer;
- Transporting illegal, proprietary or damaging material to a Gallery computer;
- Personal use of any Gallery information system to access, download, print, store forward, transmit or distribute obscene or offensive material;
- Any use which brings the Gallery into disrepute;
- Use of inappropriate websites, (chat rooms, online gambling etc);
- Violating any law or statutory regulation.
The Head of Resources, as the designated Senior Information Risk Owner (SIRO), is responsible for reporting to Trustees and DCMS on Information Security, supported by the Head of Visitor Services and Security, the Head of IT and their respective teams. The Head of IT is the designated Information Technology Security Officer (ITSO), responsible for the security of information in electronic form. In addition to this policy, physical security is covered in the Gallery’s Security Policy on the staff shared network.
Annually, or more frequently should the need arise, a report on security (including Information Security) is made to Senior Management Team and to Trustees.
This policy will next be reviewed by Trustees in 2015. Minor amendments may be made in the annual Security Report to the Senior Management Team.
Head of Resources
Definition of Confidential or In Confidence
‘Confidential Information’ refers to any information which has been designated as confidential by either Party in writing or that ought to be considered as confidential (however it is conveyed or on whatever media it is stored) including information which relates to the business, affairs, properties, assets, trading practices, developments, trade secrets, Intellectual Property Rights, know-how, personnel, customers and suppliers of either Party, all personal data and sensitive personal data within the meaning of the Data Protection Act 1998 and the Commercially Sensitive Information.
‘Commercially Sensitive Information’ means the subset of Confidential Information that is designated as commercially sensitive or constitutes a trade secret.
Use of National Portrait Gallery Information Systems
This document forms part of the Gallery’s Information Security Policy. It is given to all staff, volunteers, work experience pupils, interns, freelancers and contractors who use the Gallery’s Information Systems. Each user is required to read, note and follow the requirements of this document and to sign to confirm they will do so. A full copy of the Gallery’s Information Security Policy is available online.
Please read this document carefully and retain a copy.
Information Systems are defined as:
- Computers (laptops or desktops)
- Telephones (fixed or work mobile telephones)
- Photocopiers, printers and fax machines
- Paper records in files and in the archives
2. Permitted use
The Gallery has made a considerable investment in information systems and recognises their importance as a business tool. It therefore expects all those who use these systems to do so responsibly. The purpose of this guidance is to ensure consistency of approach across all departments and that all users are given the same core information.
All staff (including volunteers, work experience students, interns and freelancers), and some contractors who are permanently based here, are given access to the Gallery’s information systems. These systems are provided for business use - however, occasional and limited personal use is permitted provided:
- It does not interfere with Gallery operations or an employee’s performance of duties
- It is not for personal financial gain
- It conforms to this policy.
Examples of what the Gallery considers to be acceptable and unacceptable personal use of Information Systems are given within the following two subsections. Please note that very occasionally, in order to deal with business-related messages or to access information necessary to the operation of the Gallery, it could be necessary for the Gallery to access your computer files or telephone voicemail messages, should you unexpectedly be absent from work. This can only take place with senior management authorisation, but every user needs to be aware that this could happen.
Please note that repeated or serious breaches of permitted use may result in disciplinary action being taken.
3. Use of Computers
It is only possible to access the Gallery’s IT systems by following the IT Password procedures: O:\Information Technology\IT Admin\NPG Computer Password Policy February 2009.doc. These procedures were introduced to prevent unauthorised users from accessing the network and to protect the Gallery’s data. The policy requires an eight character password with a mixture of upper and lower case letters, numbers or symbols (such as !”£$). This password must be changed every 90 days. All computers automatically return to the log-in page if left untouched for 10 minutes. However, it is good practice if you are leaving your computer, even for a minute or two, to press control+alt+delete and select ‘Lock Computer’ to bring up this protective page.
You must not allow any other person to log on to the network with your account. Do not share your password with anyone at work or at home and if you need to write it down as a reminder for yourself, do so in a cryptic way (e.g. ‘cat’s name and age’) - never write down the actual password. If you forget your password, ring the IT helpdesk on ext 4318 to request for it to be reset. Unless it is possible to verify who you are over the telephone, you will need to report to the IT office with your ID card.
Each PC has a sophisticated anti-virus tool that constantly runs in the background. The IT Department monitors reports from PCs on a daily basis and responds to infected computers. However, staff need to be vigilant (e.g. occasionally spam e-mails carry a virus). Do not download software from the internet - always ask IT for permission (ext 4318). USB keys (pen drives or memory sticks) may carry viruses, so wherever possible do not use them. It is possible to access work documents from home using the RAS server (see section 5).
It is important to remember that e-mails should be worded with the same care as a letter sent on the Gallery’s behalf - assume that someone other than the addressee might read your e-mail. Copyright laws and licence agreements also apply to e-mails. A brief guide to the etiquette of e-mails is available on the staff shared network. The Gallery expects the Outlook Calendar function to be used to book meetings and appointments. Users should allow other staff to view their calendar; private appointments can be hidden by selecting the padlock symbol in an open appointment window.
The Gallery accepts that a limited number of personal e-mails may be sent from or received by an individual’s work e-mail account, but would prefer staff to log into and use their personal e-mail accounts in their breaks.
Document security is everyone’s responsibility. This ranges from basic expectations such as shredding hard copies of confidential documents to password-protecting sensitive data. Please contact the IT Helpdesk (ext 4318) if you need help with password-protecting a document.
The Gallery has a firewall and an e-mail spam filter which will block 90% of e-mail spam. You should be aware that the spam filter may occasionally block legitimate e-mails; contact the IT Helpdesk on ext 4318 if you think this may be happening.
Certain websites are blocked automatically by the Gallery’s filter. This includes MSN Messenger, which is not permitted for use at work as it presents an IT security risk. If you need to access a specific blocked website for a business purpose, please contact the IT Helpdesk on ext 4318. Also please note that the Gallery has the ability to track internet usage. The logging system records all websites visited and details include web address, date and time visited and PC and user details. Staff are not allowed to play computer games, even during lunch hours.
Disposal of IT equipment, including CDs and DVDs, is handled by IT. This is to ensure that no Gallery data leaks out and that all equipment is disposed of in an environmentally safe manner. You must send all such items to IT for safe and secure disposal. Please contact the IT helpdesk on ext 4318 for disposal requests.
The storage and backup of data represents a substantial cost to the Gallery. In particular, images, sound files and movies take up a lot of storage space. Please ensure that you do not store personal data on the system, including as attachments to your e-mails or within the ‘My documents’ folders. It is neither acceptable nor appropriate to store personal data (such as music files, holiday photos) on the Gallery’s system. Please regularly review your data and delete any items that are no longer needed.
Remember to save any document you are working on regularly. Any new file or document that you create is backed up that night and the Gallery IT back-up system allows for it to be retained for seven years. Therefore please regularly review whether items you have saved can now be deleted.
The Gallery provides regular IT training. If you have any specific needs, please notify your line manager. Requests for training can be raised at probation review meetings or annual performance reviews. For assistance with minor queries call IT Support on ext 4318.
All Gallery employees are required to comply with the Data Protection Act. The Gallery’s Data Protection Policy is available on the website.
Every member of staff must attend a data protection briefing, or for certain staff a half-day training session, both of which are run in-house annually (or more frequently as the need arises). If you are a new member of staff or have a specific question please contact the Contracts and Procurement Adviser (ext 6672) for advice.
4. Use of telephones and photocopiers/printers
Telephones (whether land lines or work mobile telephones) are provided for business use, not for personal use. Dial 9 for an outside line on the Gallery’s telephone system. Calling abroad is only permitted from specified phones. If you need to call abroad as part of your job, and your phone has not been enabled, please contact the Facilities Helpdesk on ext 6299.
Users should also be aware that the telephone records provided to the Gallery for billing purposes for landlines and work mobiles show the date and time of outgoing calls, the number from which the call was made, the dialled telephone number, and the duration and cost of the call.
Wherever possible please print or photocopy documents double-sided. Do not print in colour unless absolutely necessary, as the cost of one colour photocopy is ten times that of a black and white copy. Remember to use the Gallery font (Swiss721BT) in point size 11 for all written communication.
It is acceptable to use a Gallery telephone to ring home to say you will be late because an occurrence at work has delayed you, but not, for example, to book your holiday. If in doubt, please ask your line manager for advice/permission. Equally, it is acceptable to photocopy a three page document for personal use but not a thirty page document. Occasionally the Gallery may permit use of (for example) its photocopier for personal use, if you repay the Gallery the costs it will incur. Advice can be obtained from the Facilities Manager or Head of Resources.
5. Working from home
The Gallery recognises that many tasks can only be undertaken on site, but that occasionally for some staff, it is more efficient and effective to work at home. Working at Home Procedures are available on the staff shared network.
Please note that the purpose of working from home is not to work additional hours, but to allow uninterrupted work or for some other reason agreed in advance by your line manager.
In order to work from home, you may need to access your e-mails and documents. The Gallery has two methods for remote access, which are explained in the Working at Home Procedure - please read them and follow their instructions, the first of which is obtaining your line manager’s agreement to your request to work from home. There can be disadvantages to working at home, one of which is an element of IT security – people not employed by the Gallery may be able to read your material. This also applies if you are reading Gallery documents on public transport, be they in hard copy, on a laptop or on a mobile device. You must always be aware of this risk and take appropriate action to prevent any confidential documents being viewed by anyone else. Hard copies of confidential documents must be shredded or placed in red confidential waste sacks for disposal.
6. It Security Precautions
a) You must not allow another person to know your password and you must not log onto the network using another person’s user account. No one should use the password of another, nor should anyone provide his or her password to another. Do not leave your password written in an obvious place (such as under your keyboard). There are a limited number of generic log-ins throughout the Gallery, but wherever possible use your own log-in.
b) Do not visit illegal or inappropriate websites, including chat rooms. It is difficult to quantify inappropriate websites – for example, for the majority of employees, visiting the e-bay website is not appropriate at work, and could possibly become a disciplinary matter, but for some, who are using it as a mechanism to purchase an item on behalf of the Gallery, it is entirely appropriate.
c) Do not abuse your position at the Gallery by writing anything on a website or in an e-mail that is derogatory or untrue. The Gallery’s communication guidelines should be followed and are saved on the staff shared network.
d) A full list of activities regarded as misuse is contained in the Information Security Policy.
7. Further advice
The Gallery recognises that it is impossible to cover every possible use or misuse in a procedural or policy document. If you have any doubt about any action that you think might be construed as misuse, advice can be sought from the Head of Resources, Head of Personnel or Head of IT or from your line manager.
8. Notification and application
A copy of this policy is issued to each member of staff and there is reference to this policy in the staff handbook. Department Heads must ensure that any other users of Gallery information systems are given a copy of this policy. The purpose of this document is to advise and guide staff and other users of the Gallery’s systems, to ensure clarity and consistency in approach across the Gallery. Please note that it is a disciplinary offence deliberately to misuse the Gallery’s IT systems and that any contraventions will be dealt with under the disciplinary procedures set out in the staff handbook. Certain contraventions may be treated as gross misconduct.
I confirm I have read, understood and will abide by this document and have signed to confirm this:
Return one copy to IT if you are a contractor
Guideline for working from home
The Gallery recognises that, while the great majority of tasks can only be undertaken on site, occasionally for some staff it is more efficient and effective to work at home. The purpose of working from home is not to do additional hours but to allow uninterrupted work or for some other reason agreed in advance by your line manager, and is generally on an ad hoc basis or for a limited period of time. This is a non-contractual arrangement. The Gallery does not require any employee to work at home but recognises that on certain occasions, being able to do so may enable greater focus to be applied. To facilitate this, the following procedures have been developed.
2. In advance of working at home
In order to work at home on an ad hoc basis (e.g. to undertake a specific piece of work, not just to periodically read your emails) please follow the guidelines below. If you regularly work from home (i.e. more than 20% of your time averaged over a 3 month period) which is one day a week on average) please also see section 6.
- Your line manager must have agreed this in advance, including date(s) and appropriate time(s). This can be verbally or by e-mail.
- Specific (agreed) work activities must be undertaken and you must be prepared to show evidence of work done at home
- The level of performance and output expected would be no less than that expected in the workplace
- Ensure your line manager knows an appropriate telephone number on which to contact you
- Reasonable notice of a wish to work at home must be given and agreed by line management
- Make sure you plan in advance and take everything with you that you might need
- Once there is an agreement that an individual is to work at home for a part of a day, a given day, or given period of days, the arrangement should be respected as far as possible. However, employees working at home must be prepared to be telephoned and/or recalled to the office at short notice, should the need arise.
- While working at home, you are expected to read and respond to work e-mails, as appropriate
- Remember to leave an out-of-office message on your office telephone. In certain circumstances your work extension can be diverted to your mobile or home telephone (please contact the Facilities Helpdesk on ext 6299 to arrange this).
3. Practical aspects of working at home
Working at home will almost inevitably require the use of a PC or laptop. There is a limited number of Gallery laptops, which can be borrowed - please contact the IT Helpdesk on ext 4318 to check availability. Even if working at home for just a few hours, it is important to carry out a workstation assessment of the area in which you plan to work, and it is appropriate for your manager to check this with you - for example, if you plan to work at home sitting on the sofa with a laptop on your lap, your manager may legitimately not agree.
If you are using a laptop to work at home, whether borrowed from the Gallery or your own, please read and follow the guidelines Working with laptop computers (O:/ Information Technology/Policies/Working with Laptop Computers) and note that if you regularly work from home using your own laptop, the Gallery would prefer you to have a docking station for health and safety reasons.
Employees will need to have broadband internet in order to access documents and emails. Working at home is an option, not an obligation, and please note that the Gallery will not compensate any employee for energy use or installation of broadband.
It is important to read, note and follow the guidance in the section below dealing with IT security. In practical terms, in order to work from home, you need access to your e-mails and documents.
There are two methods of Remote Access. The first is standard Outlook web access (OWA), which gives access to your e-mail and calendar only. To access OWA type the following web address into your browser: https://owa.npg.org.uk/exchange, and enter your Windows username and password. The second method of access is via the Remote Access Server (RAS).
The RAS will give you access to all of your files and folders and applications as if you were in the office. All data is accessed and stored on the server in the Gallery, and no data is stored on your home PC or laptop, thereby improving security. If you want to use the RAS you must read the Remote Access Procedures and complete the Remote Access form saved on the staff shared network. As this form requires information about the computer you will be using, it is likely that you will need to take it home, and therefore it will take more than one day to complete. Often there are ongoing questions, and permission can take a week or longer. Therefore you should complete the form as far in advance as possible.
Finally, remember the need for regular breaks if using a computer for extended periods. Guidance from the Health and Safety Executive (HSE) suggests that it is better to take shorter breaks more often at your workstation than longer breaks and less often, e.g. a 5-10 minute break after 50-60 minutes continuous screen and/or keyboard work is likely to be better than a 15 minute break every two hours. The break can simply be doing something different, such as organising papers.
4. Information Security while working from Home
Employees working at home must ensure security of Gallery materials, equipment and information, both at home and on the journey to and from work. For security reasons, National Portrait Gallery information should not reside on home computers. When working on documents at home, they should only be accessed via the Remote Access Server (see information in section 3). In addition, please remember and abide by the following:
- Do not transfer documents from work to home and vice versa via a pen drive/USB key. This could be lost and data (which may be confidential) thus leak into other hands.
- All Gallery laptops are encrypted and require a password. If you forget the password, telephone the IT Department, who will carry out a procedure to reset the password. However, the IT Department will only do this if they can positively identify you over the telephone, so you may have to return to the Gallery for this to take place. DO NOT WRITE THE PASSWORD DOWN.
- Any confidential document/data that is printed at home should be shredded or brought back to work, where it can be shredded. It should not be left at home where others could read it and should not be placed into domestic waste/recycling.
- Remember, certain Gallery information, such as personnel files and data in the Archive and Library, cannot be removed from the Gallery.
5. Managerial Responsibilities
When a team member requests to work at home, please consider whether this is appropriate. Keep a record (perhaps on your Outlook calendar) of each occasion, which could be accessed should there be a need to confirm this at a future date. Remember, as a line manager, you do not have to agree to this request but should consider the needs of the department and of the individual. You must treat all staff members equally and if you have to turn down a request, explain the reasons.
The line manager will need to provide adequate supervision and support to employees working at home to ensure their employees adhere to all Gallery terms and conditions, policies and procedures including Health and Safety, Working Time Regulations, Data Protection and Security issues (including IT security). The level of supervision is a management decision which should be based on the level of risk involved (and based on findings of any formal risk assessment undertaken) in the member of staff working at home.
If a member of staff regularly works 20% or more of their hours from home (that is one day a week on average) over a three month period, they must complete a work station assessment of their home environment, which you must read and sign off. This form is available on the staff shared network.
Advice is available from the Gallery’s Health and Safety advisers at the Natural History Museum by e-mail on email@example.com. It is good practice to encourage all staff to undertake this risk assessment if they are working from home, no matter how infrequently.
There may be occasions when it is unclear whether a request to work from home should be granted, for example:
- The main reason the employee may request to work from home is to attend to a domestic situation, e.g. awaiting a delivery (although please remember that there are Gallery employees who cannot work from home and would have to take annual leave to accommodate this)
- The main reason the employee needs to work from home is to look after children or family. Working at home should not be seen as a substitute for child/family care. Instead the employee should, if appropriate, be encouraged to apply for exceptional leave or parental leave.
- A temporary physical disability (e.g. a broken leg) prevents an employee from travelling to work, but s/he is otherwise fit to undertake written work. In cases of doubt, medical advice must be sought, via Personnel, from the Gallery’s Occupational Health Adviser, as the Gallery must be confident that the employee is fit to work.
Individuals who are working at home must at all times be contactable by telephone and e-mail. If necessary, and it were in the Gallery’s best interests to do so, they could be asked to return to work at the Gallery.
Managers should periodically review as a matter of course a member of staff’s arrangements to work from home and in any event where there are significant changes in a member of staff’s working practice.
6. Regular working from home
For some employees, perhaps working on a particular project, it may be appropriate to work 20% or more of their time from home (this equates to one day a week). In addition to following the procedures in sections 2 and 3, anyone who is working this frequently from home for a three month period or more must complete the attached Risk Assessment of Premises form and return it to their line manager. This form is available on the staff shared network.
Occasional working from home can be beneficial to employees and to the organisation itself. It requires a working relationship that is based upon trust and encourages employees to manage their own work. Following these guidelines ensures that there are no negative effects on health and safety, information security or general well-being when working from home takes place.
National Portrait Gallery working at home - Risk assessment of premises
This risk assessment must be reviewed annually
- Do you anticipate spending more than 20% of your time working at your home base?
- In your home working environment are there any trip or slip hazards, (e.g. trailing cables)?
- Do you have first aid provision in the home to cover likely injuries or illnesses?
- Is there adequate ventilation, reasonable temperature, suitable and sufficient lighting within the home to perform the role effectively and in comfort?
- Will you be relying on natural lighting or room lighting (specify type eg Pendant, upright, fluorescent)?
- Is there sufficient task lighting (eg angle poise?) Is the lighting likely to cause a glare? Can blinds/curtains be drawn to prevent glare?
- Can room temperature be easily managed?
- Is your electricity supply suitable for home working? Are there sufficient sockets (13a single phase 240v AC supply) If not do you have a tested 4 gang trailing lead that can be used?
- Are there sufficient fuses/circuit Breakers? If not do you have a Residual Current Device?
Fire (not mandatory)
- Are the escape routes suitable?
- Are smoke detectors installed?
- Is an extinguisher available?
- Do you have a room at home which will be used specifically as an office base?
- If not, which room in the home will the work be undertaken in?
- How much space in this room will be required to carry out your role effectively? Size? (11cubic-metres suggested minimum)
- Is there safe access/egress?
- Are you likely to have to carry or move heavy loads in the home as part of your role?
- If yes, what manual handling activities will be undertaken in the home?
- Have you attended manual handling training?
- Will you be using your PC/laptop continuously for an hour or more at a time?
- If yes remember to take regular breaks
- Will you be using a laptop every day?
- If using a laptop, confirm you have read the Gallery’s guidance “Working with Laptop Computers” O:\Information Technology\Policies\Working with Laptop Computers Is the equipment set up correctly? (confirm you have read O/health & Safety/computer workstation use)
- Do you have the necessary office furniture to carry out your tasks, specifically desk/chair)? (e.g. are you using a desk or the kitchen table, is the chair adjustable?)
- Do you have any health condition we should be aware of?
I agree to the employee named above working from home
Please return one copy of this form to Personnel to be retained on the employee's personnel file.
The Gallery will not agree to incur cost for modifications
Failure to declare a fault relieves the Gallery of any liability
Failure to declare a fault could result in disciplinary action
Employees must complete a new risk assessment should your circumstances change at anytime
The completion and integrity of the risk assessment is the responsibility of the employee and line manager
If in doubt and for further advice and information on the risk assessment contact the Gallery’s Health and Safety Advisors at the Natural History Museum by e-mailing: firstname.lastname@example.org