How does an organisation keep its people, property and information secure, and what does data protection legislation require?
Methods of keeping people, property and information secure in an organisation (visitor sign-in, ID badges, CCTV, alarms, passwords, backups and access rights), and the main requirements of data protection legislation for handling personal information.
A focused answer to the SQA National 5 Administration and IT content on the security of people, property and information, covering physical and electronic security methods (sign-in, badges, CCTV, passwords, backups) and the main requirements of data protection legislation.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
The SQA wants you to describe how an organisation keeps its people, property and information secure, and to outline what data protection legislation requires when handling personal information. Group your answer into physical methods (people and property) and electronic methods (information), and learn the main data-protection rules.
Three things to keep secure
The course groups security into people, property and information. A strong answer names the right method for each.
A strong exam habit is to deal with all three in order, because a question may ask about any one of them. Notice that some methods, such as CCTV, protect both people and property at once, but a password or backup only ever protects information. Matching the method to the right group is where easy marks are won or lost.
Keeping information secure
Because administrators handle a great deal of personal and business data, information security is the most heavily examined part of this topic. A single lost laptop, weak password or unattended screen can expose thousands of records, so organisations layer several methods together rather than relying on just one.
Data protection legislation
Organisations that hold personal information about staff, customers or pupils must follow data protection law. You should be able to outline its main requirements.
Try this
Q1. State two methods of keeping property secure. [2 marks]
- Cue. Any two of: locks, alarms, CCTV, security marking, swipe-card entry.
Q2. Describe two ways of keeping electronic information secure. [2 marks]
- Cue. Any two of: passwords, access rights, backups, anti-virus or firewall software, encryption.
Q3. Outline one requirement of data protection legislation. [1 mark]
- Cue. Personal data must be accurate, secure, used only for its stated purpose, or not kept longer than necessary.
Exam-style practice questions
Practice questions written in the style of SQA exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
SQA-style Describe4 marksDescribe methods an organisation can use to keep information secure.Show worked answer →
Award 1 mark for each method described, up to 4. Use passwords on computers and files so only authorised staff can open them (1). Set access rights so staff can only see the information they need for their job (1). Take regular backups of data so it can be recovered if it is lost or corrupted (1). Install anti-virus and firewall software to keep out malware and hackers (1). Lock paper files in cabinets and shred confidential documents that are no longer needed (1). Encrypt sensitive data so it cannot be read if it is intercepted (1). Markers reward a described method, not a one-word list.
SQA-style Outline3 marksOutline the requirements an organisation must follow under data protection legislation.Show worked answer →
Award 1 mark for each requirement outlined, up to 3. Personal data must be kept accurate and up to date (1). It must be kept secure and protected from loss or unauthorised access (1). It must only be used for the purpose it was collected for (1). It must not be kept for longer than necessary (1). Individuals have the right to see the data held about them (1). Only the data that is actually needed should be collected (1). Markers reward an outlined requirement with a little detail.
Related dot points
- The main health and safety legislation affecting an office (the Health and Safety at Work etc. Act and the Display Screen Equipment Regulations), the responsibilities of employers and employees, and common office hazards and ways to reduce them.
A focused answer to the SQA National 5 Administration and IT content on health and safety, covering the Health and Safety at Work Act and Display Screen Equipment Regulations, the responsibilities of employers and employees, and common office hazards and how to reduce them.
- Good electronic file-management practice (clear folder structures, sensible file naming, version control, regular backups) and the use of an electronic diary (e-diary) to schedule appointments, set reminders and manage time.
A focused answer to the SQA National 5 Administration and IT content on electronic file management and electronic diaries, covering folder structures, file naming, version control and backups, and how an e-diary is used to schedule appointments and manage time.
- The skills (such as IT, communication, numeracy and organisational skills), qualities and personal attributes (such as accuracy, reliability, confidentiality, working to deadlines and good time management) of an effective administrator, and how each contributes to the smooth running of an organisation.
A focused answer to the SQA National 5 Administration and IT content on the skills, qualities and attributes of an effective administrator, covering IT, communication, numeracy and organisational skills alongside qualities such as accuracy, reliability and confidentiality, and why each matters at work.
- The range of tasks carried out by an administrator (managing diaries and appointments, arranging meetings and travel, handling mail and records, supporting events), and the use of time-management and task-management techniques such as to-do lists, prioritising, e-diaries and gathering resources in advance.
A focused answer to the SQA National 5 Administration and IT content on the tasks of an administrator, covering the typical duties they carry out and the time-management and task-management techniques (to-do lists, prioritising, e-diaries) that keep an organisation running smoothly.
Sources & how we know this
- National 5 Administration and IT Course Specification — SQA (2024)
- National 5 Administration and IT - Course overview — SQA (2024)