Information Asset Management Procedure
|
|
- Kelley Shaw
- 6 years ago
- Views:
Transcription
1 Procedure Number: IG02 Version: 2.0 Approved by: Information Governance Working Group Date approved: July 2016 Ratified by: Audit and Risk Committee Date ratified: September 2016 Name of originator/author: Name of responsible individual: Review date: April 2018 Target audience: All Staff Louise Chatwyn Information Governance Manager Stuart Dalton Deputy Director of Governance Page 1 of 16
2 Version Control Sheet Version Date Who Change /12 G Lawrence First Version /13 Minor amendments following IGSG review /13 Amendment to reflect changes in the NHS structure on April 1 st /13 M Griffiths Reviewed for CCG ownership /13 Changes made from feedback from Audit & Risk August /16 L Chatwyn Review and update to current Summary of changes in Version 2 The old policy was transferred onto a new template to ensure consistency across IG documents Purpose defined to outline the objectives of the document. Now incorporates Mobile Working/Devices previously (stand alone documents) Roles and Responsibilities have been standardised. Training and awareness updated links Distribution now includes reference to documents being on the intranet Legislation and Related documents updated to reflect updated policies and legislation Appendices forms updated to currently in use documents Page 2 of 16
3 Contents 1. Introduction Purpose Scope Key Roles and Responsibilities Information Assessment Management Processes New IT Asset requirements IT Asset Movements Disposal of Assets Information Asset Management When Working Remotely Information Asset Registers Business Continuity Planning Failure to Comply Monitoring and Review Training Distribution and Implementation Associated Legislation and Documents References Appendices Appendix 1 VPN Request Form Appendix 2 Asset types and processes Page 3 of 16
4 1. Introduction Robust Information Governance requires clear and effective management and accountability structures, governance processes, documented policies and procedures, trained staff and adequate resources. Nene CCG is a public body, with information processing as a fundamental part of its purpose. It is important, therefore, that the organisation has clear and relevant Information Asset Management procedures and practices which are implemented throughout the CCG for the current and future management of information to ensure compliance with all appropriate legislation, and standards. Nene CCG is assessed against its Information Asset Management procedures and practices within the IG Toolkit Return. This document provides guidance about the appropriate actions required to ensure the safe management including the secure disposal of any CCG electronic data processing assets and all associated data held upon it 2. Purpose By its own nature IT equipment is constantly evolving and therefore the following list is not exhaustive however physical assets (some of which would be classified as mobile devices can be summarised as follows: Personal Computer (PC) or Workstation Laptop or Notebook Computer Local or Networked Data Server Backup Device and Tapes Local or Network Printer Local or Network Scanner USB Removable Device or Portable Hard Disk Still or Video Camera (used for work purposes) ipad Network Device (such as a switch, router or firewall) This document is a statement of the approach and intentions for Nene CCG to fulfil its statutory and organisational responsibilities. It will enable management and staff to make correct decisions, work effectively and comply with relevant legislation and the organisations aims and objectives. A commissioning Support Unit CSU provide a managed security service to Nene CCG for Information Management & Technology (IM&T). This includes support to the Senior Information Risk Officer on security and asset and risk management. The CSU will manage security along current best practice guidelines as provided by DH and in accordance with applicable legislation. Page 4 of 16
5 The CCG acknowledges that information is a valuable asset, therefore it is within its interest to ensure that the information processing systems, and electronic or paper based information held is suitably processed The CCG will ensure all information is dealt with legally, securely, efficiently and effectively in the best interests of its employees and all third parties with whom information is shared in order to support the delivery of high quality patient care, service planning and operational management. 3. Scope This document applies to all staff, whether permanent, temporary or contracted. They are responsible for ensuring that they are aware of all relevant requirements and that they comply with them on a day to day basis. Furthermore, the principles of this document apply to all third parties and others authorised to undertake work on behalf of Nene CCG. This document covers all aspects of handling information, in both paper and electronic format 4. Key Roles and Responsibilities Role Accountable Officer Senior Information Risk Officer Responsibility The Accountable Officer and the Board have ultimate accountability for actions and inactions in relation to this document The CCG s SIRO is responsible for having overall accountability for Information Governance; this includes the Data Protection and Confidentiality function. The role includes briefing the Board and providing assurance through the Audit and Risk Committee that the IG approach is effective in terms of resource, commitment and execution. Caldicott Guardian Deputy Director of Governance The SIRO for Nene CCG is the Chief Finance Officer The Caldicott Guardian has responsibility for ensuring that there are adequate standards for protecting patient information and that all data transfers are undertaken in accordance with Safe Haven guidelines and the Caldicott principles. The Caldicott Guardian for Nene CCG is the GP Chair The Deputy Director of Governance has overall day to day responsibility for the Information Governance in the CCG. The role includes briefing the Board, including the SIRO Page 5 of 16
6 Information Governance Lead Information Security Lead and Caldicott Guardian of information risks and information incidents The Information Governance Manager has day to day responsibility for implementing and monitoring procedures to ensure compliance with relevant information legislation The Information Governance Manager is responsible for completion of the IG Toolkit, actions arising to ensure compliance and subsequent workplans for continuing improvement CSU provide a managed security service to Nene CCG for Information Management & Technology (IM&T) The Information Security Lead will work closely with the CCG Information Governance Team Business Manager Information Asset Owners Managers All staff IT Helpdesk The CCG Business Manager will be the initial contact for all IT asset movements, new amend or disposals Information Asset Owners (IAO) will act as nominated owner of CCG information assets. Their responsibilities will include: Identify Information Asset Administrators to assist them with their duties, where this is appropriate and necessary. Document, understand and monitor what information assets are held, and for what purpose, how information is created, amended or added to, who has access to the information and why Managers and supervisors are responsible for ensuring that staff who report to them have suitable access to this document and it s supporting policies and procedures and that they are implemented in their area of authority. Managers are also responsible for ensuring the initial training compliance of all staff reporting to them Have a responsibility to: Be aware of the Information Governance requirements Support the CCG to achieve Toolkit Compliance Complete annual IG training Report information Incidents appropriately Will provide support to CCG users 5. Information Assessment Management Processes Page 6 of 16
7 Management of computers and networks shall be controlled through CSU IM&T standard documented policies and procedures The CCG recognises that the aim of information risk management is not to eliminate risk, but rather to provide the structural means to identify prioritise and manage the risks involved in all the CCG s information activities. The CCG is not willing to accept information risks in most circumstances that may result in reputation damage, financial loss or exposure, major breakdown in information system or information integrity, significant incidents(s) of regulatory noncompliance, potential risk of injury or harm to staff, service users and other relevant stakeholders. 5.1 New IT Asset requirements All new requirements for IT assets must be requested via the CCG Business Manager. Access to and Novell for new starters to the CCG must also be requested via the CCG Business Manager A flow chart of asset types and processes can be found at Appendix 2 When assets are not available from current CCG resources, new IT assets shall be procured from the CSU IM&T Team on behalf of the CCG All requests are to be made through the CCG Business Manager by to maintain an auditable approval and budget process 5.2 IT Asset Movements Prior to an IT asset being moved, the user and/or line manager responsible for the asset must contact the CCG Business Manager to advise of the move The CCG Business Manager will liaise with CSU IM&T Team Notice of at least five working days must be given to the CSU IM&T Team prior to the movement of any asset. Only the CSU IM&T Team staff are permitted to move IT assets. The CCG Business Manager will adjust the asset register once the asset has been moved 5.3 Disposal of Assets Great care must be exercised when disposing of any equipment which has been used in the processing of information if there is any possibility that some information may remain in/on it Page 7 of 16
8 At the termination of employment, employees shall return all data processing equipment, tokens, smartcards & data stored on devices supplied for that purpose All computers and electronic media must be disposed of through the CSU IM&T Team. This includes computer disks Authorisation for disposals can only be granted by the Chief Finance Officer and must be processed via the CCG Business Manager In cases where the information is held electronically, reference must be made to the CSU IM&T Team for the appropriate action to be taken (Note formatting a disk and/or overwriting a tape does not necessarily destroy the information held on it). The CSU IM&T Team will arrange for the physical destruction of the media. CSU IM&T Team will dispose of media containing personally identifiable or organisationally sensitive information on the CCG s behalf. They will dispose of the equipment in an authorised, appropriate, legal and environmentally sound manner adhering to the WEEE (The Waste Electrical and Electronic Equipment Directive) standard and provide the CCG with a certificate of disposal. Non sensitive information may be disposed of offsite Removable media may only be used to store and share NHS information that is required for a specific business purpose. When the business purpose has been satisfied, the contents of removable media must be removed from that media through a destruction method that makes recovery of the data impossible. Alternatively the removable media and its data should be destroyed and disposed of beyond its potential reuse. In all cases, a record of the action to remove data from or to destroy data will be recorded by the CSU IM&T Team In cases where confidential information is held on hard copy (paper, film, etc.), when no longer required the media must be disposed of via the Confidential Waste process. Shredding machines and Confidential Waste sacks are made available throughout the unit and there are regular collections whereby confidential data is disposed of appropriately 5.4 Information Asset Management When Working Remotely This section aims to support staff who use organisation supplied mobile data devices or paper records at any site other than their normal place of work or at home, by ensuring that they are aware of the information security issues. In order to protect staff and other people, organisational assets and systems, staff who work at home or other sites must take appropriate security measures Staff are responsible for ensuring that unauthorised individuals are not able to see information, access systems or remove equipment or information. If equipment is Page 8 of 16
9 being used outside of its normal location and might be left unattended, the user must secure it by other means (such as security cable, locked cabinet or room) Equipment in use will not be left unattended at any time Any equipment supplied for remote access to NHS resources must be stored securely when not in use. Where a system requires a PIN number and a VPN security token these must be stored separately A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. A VPN enables users to send data between two computers across a shared or public internet work in a manner that emulates the properties of a point-to-point private link. The act of configuring and creating a virtual private network is known as virtual private networking A VPN request form can be found at Appendix 1 and a VPN guidance document is available from CSU IM&T Team CCG equipment must not be connected to any phone line, internet connection or network via a secure remote link (VPN) other than to access NHS resources Equipment, and paper files must be kept out of sight (in car boots) whilst in transit, locked away and ideally not be left unattended at any time. Equipment and paperwork must not be left in a vehicle overnight Any member of staff allowing access by an unauthorised person, deliberately or inadvertently may be subject to the CCGs disciplinary proceedings. The CSU IM&T Team is responsible for ensuring that access to supplied equipment requires a username and password and that anti-virus software is installed Portable device users must regularly connect to the network to ensure that the antivirus software remains updated. Failure to do so could result in unnecessary virus outbreaks Information Asset Registers The CCG will maintain an asset register of key Information Technology (IT) assets; this will include all IT hardware and software The CCG will maintain an asset register of information systems, use risk management procedures to estimate threat probability, including security risks, their vulnerability to damage, and impact of any damage caused. Each IT asset, (hardware, software, application or data) shall have a named custodian who shall be responsible for the information security of that asset 1 Source: Arden & GEM CSU Anti Virus Policy v1.11 DP-IT-PCM-4 Page 9 of 16
10 Measures will be taken to ensure that each system is secured to an appropriate and cost effective level and that data protection principles are implemented The Information Asset Register will be reviewed regularly to ensure it remains current and accurate and will be subject to internal audit and annual assessment in line with completion of the Information Governance Toolkit The Information Assurance Plan is detailed within the Information Security Policy 5.6 Data Flow Mapping Within the NHS, numerous urgent and routine transfers of patient and staff information take place each day for the purposes of healthcare and administration of healthcare services e.g. communications to patients, s to job candidates, patient notes made during a home visit, moving case notes. It has long been recognised that this information is more vulnerable to loss or compromise when outside the organisation i.e. being carried around or sent / copied from one location to another. Information mapping is essential as it will help to understand how data is transferred to and from the organisation, and give assurance that measures are in place to ensure data is secure in transit and that it reaches its destination promptly and safely. The requirement to map information flows has been included in organisational confidentiality audits since 2001 e.g. Version 6 of the Information Governance Toolkit (IGT) Information Governance Toolkit Requirement 350 To adequately protect personal information, organisations need to know how the information is transferred into and out of the organisation, risk assess the transfer methods and consider the sensitivity of the information being transferred. Transfers of all personal and sensitive information must comply with professional standards and relevant legislation (e.g. Principle 7 of the Data Protection Act 1998 which requires appropriate technical and organisational measures to be taken against unauthorised or unlawful processing of, and accidental loss or destruction of, or damage, to personal data). Information Governance Toolkit Requirement 236 Organisations are responsible for the security and confidentiality of personal information they process. Processing may include the transfer of that information to countries outside of the UK, and where person identifiable information is transferred, organisations must comply with both the Data Protection Act 1998 and the Department of Health guidelines. Page 10 of 16
11 The CCG will undertake a periodic data flow mapping exercise and from this exercise determine the information risks regarding its data flows within the CCG and/or with it delivery partners. 6. Business Continuity Planning The CCG shall ensure that business impact assessment, business continuity and disaster recovery plans are produced for all mission critical information, applications, systems and networks In the event of a major incident or disaster, the Organisation may recall all equipment on loan to provide core services 7. Failure to Comply Any failure to comply and/or breaches of this document and associated policies, procedures and guidelines will be investigated thoroughly in accordance with the organisation s disciplinary policies. 8. Monitoring and Review Performance against key performance indicators will be reviewed on an annual basis through the IG Toolkit submission (requirements 236 and 350) and used to inform the development of future documents. Unless there is major legislation or policy changes, this document will be reviewed every two years 9. Training Appropriate training will be provided to all Staff commensurate with their role profile as necessary. Training is available through the HSCIC Information Governance Training Tool which can be found here: Distribution and Implementation A full set of policy and procedural documents to support Information Governance will be made available via the Nene CCG staff intranet. Staff will be made aware of procedural updates as they occur via team briefs, management communications and notification via the CCG staff intranet. 11. Associated Legislation and Documents To include but not limited to: Information Governance Policy and Management Framework Page 11 of 16
12 Nene & Corby Serious Incident Policy Information Governance Incidents, Cyber Security Incidents and Near Misses Reporting Procedure Confidentiality Data Protection Policy Information Security Policy Information Sharing Procedure Information Disclosure Procedure The following references and areas of legislation should be adhered to. Confidentiality NHS Code of Practice Data Protection Act 1998 Caldicott Guardian principles Freedom of Information Act 2000 Environmental Information Regulations 2004 Access to Health Records 1990 Records Management NHS Code of Practice Computer Misuse Act 1990 Electronic Communications Act 2000 Regulation of Investigatory Powers Act References The IG Toolkit Data Protection Act Freedom of Information Act Checklist Guidance for Reporting, Managing and Investigating Information Governance and Cyber Security Serious Incidents Requiring Investigation 20Checklist%20Guidance.pdf The NHS Constitution for England NHS Code of Confidentiality NHS Care Record Guarantee Page 12 of 16
13 NHS Information Risk Management The Caldicott Review: Information Governance in the Health and Social Care System / _InfoGovernance_accv2.pdf Access to Health Records Act Appendices Appendix 1 VPN Request Form Page 13 of 16
14 REQUEST FOR NEW SOFTVPN TOKEN GEM Service Desk Tel: This form is to be used to request a new VPN token in order to access the Trust s network remotely. In order to connect remotely you must have an NHS laptop with either a Broadband or a 3G Connection. Should you require either a laptop and/or a 3G SIM card, these must be requested separately via your IM&T Purchasing Procedure Please accurately complete all sections using capital letters Name Department Contact Number Request Date (Use the format dd/mm/yy) Reason for Requesting a SOFTVPN to New User Details Title Location Mobile No: Request Details Laptop Asset Laptop Model Laptop Details Laptop Make Connection Details Do you have a 3G connection? (If you require a 3G SIM card and/or USB Dongle this must be requested separately via your IM&T Purchaseprocedure) Yes No Do you have a Broadband connection? Yes No Do you have access to the configuration of your modem/router? Yes No If No, who configured your modem/router? What is your mobile number Please note that you will not be able to print work information on your home network printer Please sign to confirm you have read the following Provide Services Security Policy: IM&T 21 Use of Mobile Computing Devices* Policy Agreement (New User s Signature) I confirm I have read the Policy Budget Approval (To be completed by the Budget Holder) Budget Holders Name Budget Code The form must be sent from the budget holders account or their delegated representative to confirm agreement to these on-going costs. Monthly Cost for texting will be based on usage at standard(budget Holder s Signature) tariff Approximately 4p per text (price accurate as at May 2011 but may vary) (IM&T are liaising with Vodafone to re-negotiate tariff for Soft VPN texts) Annual Cost (Budget Holder s Signature) Form to be completed fully and ed to the itservicedesk@gemcsu.nhs.uk Forms submitted with inaccurate details will be rejected; forms will then need to be resubmitted Page 14 of 16
15 Appendix 2 Asset types and processes Page 15 of 16
16 Employee requests laptop Employee requests VPN Employee requests mobile phone Employee may require remote working and needs access to Nene Server Employee has laptop Employee may be required to work remotely and needs a mobile phone to undertake their role effectively Employee is a lone worker and personal safety could be compromised YES NO YES NO Director and Budget holder to agree budget available Request not supported by Director and budget holder Request supported by Director and budget holder Request not supported by Director and budget holder Employee has a personal mobile phone Employee does not have a personal mobile phone Executive Management Team approve request Business Manager to procure equipment No equipment provided VPN procured via Service Desk VPN not provided No handset issued If band 8c or above eligible for ipad Director and Budget holder to agree budget available Request sent to Service Desk 16 P a g e
Information Governance Policy
Information Governance Policy Policy Number IG001 Target Audience CCG/ GMSS Staff Approving Committee CCG Chief Officer Date Approved February 2018 Last Review Date February 2018 Next Review Date February
More informationInformation Governance Policy
Information Governance Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 19 th September 2017 Name of originator /author (s):
More informationIG01 Information Governance Management Framework
IG01 Information Governance Management Framework 1 INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG01 Document Purpose: The document compliments all other Information
More informationInformation Governance Policy and Management Framework
Putting Barnsley People First Information Governance Policy and Management Framework Version: 2.0 Approved By: Governing Body Date Approved: February 2014 Name of originator / author: Richard Walker Name
More informationInformation Security Risk Management Programme and Strategy
Information Security Risk Management Programme and Strategy Table of Contents 1. Introduction... 3 2. Purpose... 3 3. Definitions... 3 4. Roles and Responsibilities... 4 4.1. Accountable Officer... 4 4.2.
More informationINFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION
INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION Policy approved by: Joint Audit and Governance Committee Date: December 2016 Next Review Date: October 2018 Version: 2.0 Information Governance Strategy
More informationInformation Governance Strategy and Management Framework
Information Governance Strategy and Management Framework Summary: This strategy sets out the framework, structure, system and accountabilities for Information Governance Management within NHS Eastbourne,
More informationINFORMATION GOVERNANCE MANAGEMENT FRAMEWORK
NHS South West Lincolnshire Clinical Commissioning Group (CCG) INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History: Document Reference: Document Purpose: IG01 Date Ratified: January 2015 Ratified
More informationInformation Governance Management Framework
Management Framework Summary: This document sets out the framework, structure, system and accountabilities for Management within West Kent CCG Clinical Commissioning Group. APPROVED BY: Chief Finance Officer
More informationIGPr002 - Information Governance Management Framework
IGPr002 - Information Governance Management Framework Page 1 of 10 Table of Contents Information Governance Management Framework... 1 Why we need this Framework... 3 What the Framework is trying to do...
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 20/04/2016 HSCIC Audit of Data Sharing
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date June 2017 Approving Body Audit Committee Date of
More informationInformation Governance Strategic Management Framework
Information Governance Strategic Management Framework 2016-2018 Susan Meakin Information Governance Manager June 2016 Information Governance DOCUMENT CONTROL: Version: 2 Ratified by: Health Informatics
More informationINFORMATION GOVERNANCE MANAGEMENT FRAMEWORK
INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG33 Document Purpose: The document complements all other Information Governance policies and sets out the management arrangements
More informationPHWIGC framework that addresses the issues raised by the Francis Report. Author: John Morley & Jane Evans Information Governance Managers
PHWIGC 17 03 Information Governance Audits Purpose of Document: To describe the process that Public Health Wales Information Governance Managers will follow when undertaking announced and unannounced Information
More informationInformation governance strategy
Information governance strategy January 2018 Version 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment V 1.0 Trevor Duplessis 22/01/18 Due for review Dec
More informationNHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY
NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY Version Control Version: 2.0 dated 17 July 2015 DATE VERSION CONTROL 04/06/2013 1.0 First draft of new policy
More informationHumber Information Sharing Charter
External Ref: HIG 01 Review date November 2016 Version No. V07 Internal Ref: NELC 16.60.01 Humber Information Sharing Charter This Charter may be an uncontrolled copy, please check the source of this document
More informationInformation Governance Clauses Clinical and Non Clinical Contracts
Information Governance Clauses Clinical and Non Clinical Contracts Policy Number Target Audience Approving Committee Date Approved Last Review Date Next Review Date Policy Author Version Number IG014 All
More informationMOBILE AND REMOTE WORKING POLICY
Policy reference number : IG/21 MOBILE AND REMOTE WORKING POLICY Purpose of document The purpose of this policy is to provide NHS Birmingham Cross City CCG (BCCCG) staff with a framework for mobile and
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY CONSULTATION AND RATIFICATION SCHEDULE Document Name: Governance Policy Policy Number/Version: 2.0 Name of originator/author: Midlands & Lancashire CSU Governance Team Ratified
More informationThis Policy supersedes the following Policy, which must now be destroyed:
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn, Executive Director of Commissioning and Quality Assurance Angela
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 21/04/2016 HSCIC Audit of Data Sharing
More informationData Quality Policy
Cambridgeshire and Peterborough Clinical Commissioning Group (CCG) Data Quality Policy 2017-2019 Ratification Process Lead Author(s): Reviewed / Developed by: Approved by: Ratified by: Associate Director
More informationPRIVACY IMPACT ASSESSMENT (PIA) TEMPLATE
PRIVACY IMPACT ASSESSMENT (PIA) TEMPLATE Reference No: IG40 Version: 1.2 Purpose of Document: Ratified by: Date ratified: 27 th September 2013 Review Date September 2014 Name of originator/author: Contact
More informationMinor adjustments from IG Steering Group 0.3 Neil Taylor September 2013
Author(s) Andrew Thomas Version 0.3 Version Date 21 August 2013 Implementation/approval Date Review Date August 2014 Review Body Governing Body Policy Reference Number 014 Version Author Date Reason for
More informationThis Policy supersedes the following Policy, which must now be destroyed:
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn Executive Director of Performance and Assurance Sue Proud Information
More informationINFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY
INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY Version: 1.4 Approved by: Date approved: 19 January 2017 Name of Originator/Author: Name of Responsible Committee/Individual: Date issued: Information
More informationDATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead
DATA QUALITY POLICY Version: 1.2 Approved by: Date approved: 02 February 2016 Name of Originator/Author: Name of Responsible Committee/Individual: Information Governance, Records Management and Caldicott
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Unique Reference / Version Primary Intranet Location Information Management & Governance Secondary Intranet Location Policy Name Information Governance Policy Version Number
More informationAgile Working Policy for EMIS Community Health Services
Agile Working Policy for EMIS Community Health Services DOCUMENT NUMBER POL/001/077 DATE RATIFIED May 2017 DATE IMPLEMENTED May 2017 NEXT REVIEW DATE May 2019 ACCOUNTABLE DIRECTOR POLICY AUTHOR Director
More informationNHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17
NHS Sunderland Clinical Commissioning Group Information Governance Strategy 2016/17 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Executive Committee Governing
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 20/04/2016 HSCIC Audit of Data Sharing
More informationInformation Governance Management Framework
Information Governance Management Framework November 2014 Author: Responsibility: Lynda Harris, Head of Information Governance All Staff Effective Date: November 2014 Review Date: November 2015 Reviewing/Endorsing
More informationInformation Governance Assurance Framework
Document Reference POL008 Document Status Approved Version: V4.0 DOCUMENT CHANGE HISTORY Initiated by Date Author IG Toolkit Requirements November 2010 IG Manager Version Date Comments (i.e. viewed, or
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Page 1 of 13 INFORMATION GOVERNANCE POLICY EXECUTIVE SUMMARY Key Messages Principles of Information Governance Openness Confidentiality and Legal Compliance Information Security
More informationHumber Information Sharing Charter
External Ref: HIG 01 Insert here the logo of the signatory organisation Review date November 2016 Version No. V07 Internal Ref: ERYC CFS ILS 02 Humber Information Sharing Charter This Charter may be an
More informationInformation Governance User Handbook
Information Governance User Handbook Version: 2.0 Ratified by: NHS Bury CCG Information Governance Operational Group Date ratified: 15 th December 2016 Name of originator /author (s): Responsible Committee
More informationINFORMATION GOVERNANCE ASSURANCE FRAMEWORK
INFORMATION GOVERNANCE ASSURANCE FRAMEWORK Summary This document sets out an overarching framework for the strategic Information Governance agenda in the Business Services Organisation. In particular,
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY 1. CONSULTATION AND RATIFICATION SCHEDULE 1.2. Document Name: Governance Policy 1.4. Policy Number/Version: V4.0 1.6. Name of originator/author: Midlands & Lancashire CSU
More informationInformation Sharing Policy
Information Sharing Policy DOCUMENT CONTROL: Version: 1 Ratified by: Risk Management Sub Group Date ratified: 19 December 2012 Name of originator/author: Information Governance Manager Name of responsible
More informationInformation Governance Policy
Information Governance Policy Date completed: February 2016 Responsible Director: Approved by/ date: Director of Compliance Review date: October 2017 Amended: Author: Ben Westmancott Information Governance
More informationOverarching Information Governance Policy
Document Information Board Library Reference Document Type Document Subject Original Document Author Reviewed By Review Cycle IM&T_01 Policy Information Information IGMG 3 Years Note: This document is
More informationInformation Security Policy
Information Security Policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 NHS Business Services Authority Information Security policy Head of Security
More informationINFORMATION GOVERNANCE STRATEGY. Documentation control
INFORMATION GOVERNANCE STRATEGY Documentation control Reference Date Approved Approving Body Version Supersedes Consultation Undertaken Target Audience Supporting procedures GG/INF/01 TRUST BOARD Information
More informationSERVICE EQUIPMENT DISPOSAL POLICY
SERVICE EQUIPMENT DISPOSAL POLICY Version 2.1 IT Equipment Disposal Policy COR/047/V2.01 December 2016 updated January 2018 Version 2.1 1 Subject and version number of document: Serial number: Service
More informationInformation Governance Policy
Information Governance Policy Applicable to All employees Version1.0 Last Updated March 2014 CONFIDENTIAL Page 2 of 6 Contents 1. Objectives 3 2. Scope 3 3. Principles 3 4. Information Governance Policy
More informationWest Kent Clinical Commissioning Group
West Kent Clinical Commissioning Group Information Governance Strategy 2017-18 Release: Final Approved Date: 27/10/2016 Author: Jamie Sheldrake Senior Associate - Information Governance Owner: SOUTH EAST
More informationProject Title. Project Number. Privacy Impact Assessment
Project Title Project Number Privacy Impact Assessment This document is classified as Official and is disclosable under the terms of the Freedom of Information Act. No part of the report should be disseminated
More informationPrivacy Impact Assessment Policy and Procedure
Privacy Impact Assessment Policy and Procedure This document outlines the Trust s approach and methodology for conducting Privacy Impact Assessments in line with the Information Risk Policy Key Words:
More informationINFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN
INFORMATION GOVERNANCE STRATEGY & IMPLEMENTATION PLAN 2015-2018 Disclaimer The latest version of this document is located on PTHB intranet. Please check the review date and if there are any doubts contact
More informationData Protection Policy
Data Protection Policy StCH Data Protection Policy - POL 53 vs1 - July 2016 1 Document Control Table Document Title: Data Protection Policy Document Ref: POL 53 Author (name and job title): Karen Anderson,
More informationBusiness Continuity Policy
Putting Barnsley People First Business Continuity Policy Version:.0 Approved By: Governing Body Date Approved: August 015 Reviewed October 016 Name of originator / author: Jamie Wike, Head of Planning,
More informationInformation Governance Management Framework Version 6 December 2017
Information Governance Management Framework Version 6 December 2017 Page 1 of 8 Introduction Robust information governance requires clear and effective management and accountability structures, governance
More informationInformation Governance Management Framework 2016/17
Information Governance Management Framework 2016/17 Reference: IG12 Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy
More informationRecords Management Plan
Records Management Plan October 2014 1 2 Document control Title The Scottish Funding Council Records Management Plan Prepared by Information Management and Security Officer Approved internally by Martin
More informationInformation Governance Policy
Author Darren Rigg Head of Information Governance Corporate Lead Bryan Machin Executive Director of Finance and Resources Document Version 1 Date ratified by Quality Committee 24 th October 2014 Date issued
More informationInformation Governance Policy
Information Governance Policy Owner Author Information Team Information Governance Manager Reviewed by Approved by and date Council/Committee/EMT Board - Date approved Effective from 24 April 2017 Review
More informationData protection (GDPR) policy
Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL
More informationGuidelines for Information Asset Management: Roles and Responsibilities
Guidelines for Information Asset Management: Roles and Responsibilities Document Version: 1.0 Document Classification: Public Published Date: April 2017 P a g e 1 Contents 1. Overview:... 3 2. Audience...
More informationInformation Governance Management Framework 2017/18 Reference: IG12
Information Governance Management Framework 2017/18 Reference: IG12 Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy
More informationDATA PROTECTION POLICY 2016
DATA PROTECTION POLICY 2016 ADOPTED FROM BRADFORD METROPOLITAIN COUNCIL MODEL POLICY AUTUMN 2016 To be agreed by Governors on; 17/10/16 Signed by Chair of Governors: Statutory policy: Yes Frequency of
More informationControlled Document Number: Version Number: 7 Controlled Document Sponsor: Controlled Document Lead:
Policy for the Development and Management of Controlled Documents CONTROLLED DOCUMENT CATEGORY: CLASSIFICATION: PURPOSE: Controlled Document Number: Version Number: 7 Controlled Document Sponsor: Controlled
More informationDate: INFORMATION GOVERNANCE POLICY
Date: INFORMATION GOVERNANCE POLICY Information Governance Policy IGPOL/01 Information Systems Corporate Services Division March 2017 1 Revision History Version Date Author(s) Comments 0.1 12/12/2012 Helen
More informationThe Royal Wolverhampton NHS Trust
The Royal Wolverhampton NHS Trust Trust Board Report Meeting Date: Monday 30 March, 2015 Title: Information Governance Toolkit Submission V12 2014/15 Executive Summary: Action Requested: Report of: Author:
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2017/18
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2017/18 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Quality, Safety & Risk
More informationPolicy for the Development, Approval, Management and Dissemination of Trust Controlled Documents
J Policy for the Development, Approval, Management and Dissemination of Trust Controlled Documents Reference Number Version Status Executive Lead(s) Name and Job Title Author(s) Name and Job Title 55 6
More informationIdentifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk
Title Description of document The sets out the process by which the Trust identifies, manages, reduces and mitigates risks to achieving the organisational objectives. It sets out the framework required
More informationData Protection/ Information Security Policy
Data Protection/ Information Security Policy Date Policy Reviewed 27 th April 2016 Date Passed to Governors: 27 th April 2016 Approved by Governors: 7 th June 2016 Date of Next Review: June 2018 Data Protection
More informationSTAFF APPRAISAL AND MANAGEMENT SUPERVISION POLICY
STAFF APPRAISAL AND MANAGEMENT SUPERVISION POLICY Version: 6 Ratified by: Date ratified: March 2016 Title of originator/author: Title of responsible committee/group: Date issued: March 2016 Review date:
More informationRecords Management Policy and Strategy
Records Management Policy and Strategy Ratified Status Approved Final Issued November 2017 Approved By Governance and Risk Committee Consultation Governance and Risk Committee Equality Impact Assessment
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Version FINAL 1.0 Ratified by Dudley CCG Audit Committee Date ratified 17/03/16 Name of originator(s) / author(s) David Morris, Midlands and Lancashire CSU/ Sue Johnson,
More informationINFORMATION GOVERNANCE POLICY AND FRAMEWORK
INFORMATION GOVERNANCE POLICY AND FRAMEWORK Policy approved by: Audit and Governance Committees Date: 9 th October 2017 Next Review Date: September 2018 Version: 4.0 Information Governance Policy & Framework
More informationExternal Supplier Control Obligations. Information Security
External Supplier Control Obligations Information Security Version 8.0 March 2018 Control Area / Title Control Description Why this is important 1. Roles and Responsibilities The Supplier must define and
More informationINSERT TITLE AND BRANDING Dr A Gill s signature and front cover to be placed on policy when received from Communications. (Policy fully ratified)
Disciplinary Policy INSERT TITLE AND BRANDING Dr A Gill s signature and front cover to be placed on policy when received from Communications. (Policy fully ratified) Consultation Staff Forum August 2014
More informationRISK MANAGEMENT COMMITTEE TERMS OF REFERENCE
RISK MANAGEMENT COMMITTEE TERMS OF REFERENCE Terms of Reference Agreed by the Committee Signed by the Chair on Behalf of the Committee Print Signature Date 16 th December 2011 Review Date December 2012
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Document Number 2009/49/V2 Document Title Information Governance Strategy Author Phil Cottis Author s Job Title Information Governance & RA Manager Department IM&T Ratifying
More informationThe UK legislation is wholly retrospective and applies to all information held by public authorities regardless of its date.
FREEDOM OF INFORMATION POLICY INTRODUCTION The Freedom of Information (FOI) Act was passed in 2000 and replaces the Open Government Code of Practice that has been in place since 1994. The Act gives the
More informationProcurement and Asset Management
Standard Operating Procedure 3 (SOP 3) Procurement and Asset Management Why we have a procedure? This document is applicable to any ICT related asset. An ICT asset is any piece of equipment that can be
More informationHuman Resources. Data Protection Policy IMS HRD 012. Version: 1.00
Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed
More informationFixed Term Staffing Policy
Fixed Term Staffing Policy Who Should Read This Policy Target Audience All Trust Staff Version 1.0 October 2015 Ref. Contents Page 1.0 Introduction 4 2.0 Purpose 4 3.0 Objectives 4 4.0 Process 4 4.1 Recruitment
More informationInformation Governance, Management & Technology Committee Terms of Reference
Information Governance, Management & Technology Committee Terms of Reference 1. Introduction The Information Governance, Management and Technology (IGM&T) Committee is established on behalf of NHS Rushcliffe
More informationNHS BARNSLEY CCG DATA QUALITY POLICY SEPTEMBER 2016
Putting Barnsley People First NHS BARNSLEY CCG DATA QUALITY POLICY SEPTEMBER 2016 Version: 1.0 Approved By: Governing Body Date Approved: 8 September 2016 Name of originator / author: Name of responsible
More informationRegistration Authority (RA) Smartcards Policy
Registration Authority (RA) Smartcards Policy Purpose of Agreement Document Type Reference Number This policy applies to all directly and indirectly employed staff who are involved in the RA Process and
More informationJob Description. Operations Manager. Scheduled Care. Band 8A. Centre Manager. Centre Manager
Job Description Job Title: Clinical Group Base Band: Reports To: Accountable To: Key Working Relationships: Operations Manager Scheduled Care The Shrewsbury and Telford Hospital NHS Trust Band 8A Centre
More informationInformation Asset Management Policy
Information Asset Management Policy 1.0 Purpose 1.1 The purpose of this policy is to outline the management of the Fund s information asset register and the actions that will be taken to provide sufficient
More informationInformation Governance Training Plan
Information Governance Training Plan Page 1 of 10 Paper O2 - CCG_IG_Training_Plan_2017-18_V3.0 Final Paper O2 - CCG_IG_Training_Plan_2017-18_V3.0 Final Information Governance Training Plan Derbyshire Clinical
More informationSolihull Metropolitan Borough Council. Corporate Health and Safety Policy For Core Council Staff. September 2015
Solihull Metropolitan Borough Council Corporate Health and Safety Policy For Core Council Staff Version Control: September 2015 Version Date Author Sent to Reason 1.1 June 2015 Steve Dean ( Health and
More informationInformation Governance and Records Management Policy March 2014
Information Governance and Records Management Policy March 2014 Approving authority: Secretary s Board Consultation via: Secretary's Board Information Governance and Security Group Approval date: 4 March
More informationRegistration Authority Policy. (Smartcard Access to National Programme Systems)
Registration Authority Policy (Smartcard Access to National Programme Systems) Document Author Written By: Senior HR Manager Authorised Signature Authorised By: Chief Executive Date: November 2017 Date:
More informationDoncaster Council Data Quality Strategy
Doncaster Council Data Quality Strategy 2016/17-2020/21 Better Data, Better Services Approving Body Date of Approval Date of Implementation Next Review Date Review Responsibility Version Doncaster Council
More informationGeneral Optical Council. Data Protection Policy
General Optical Council Data Protection Policy Authors: Lisa Sparkes Version: 1.2 Status: Live Date: September 2013 Review Date: September 2014 Location: Internet / Intranet Document History Version Date
More informationTECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients
TECHNICAL RELEASE TECH 05/14BL Data Protection Handling information provided by clients ABOUT ICAEW ICAEW is a world leading professional membership organisation that promotes, develops and supports over
More informationGRIEVANCE AND DISPUTE POLICY
GRIEVANCE AND DISPUTE POLICY Last Review Date Adopted 2 nd April 2013 Approving Body Executive Committee Date of Approval 4 th October 2017 Date of Implementation 4 th October 2017 Next Review Date September
More informationHonorary Contracts Procedure
Honorary Contracts Procedure Version: 3.0 Bodies consulted: Approved by: Joint Staff Consultative Committee & WMT Executive Management Team Date Approved: 03 October 2017 Lead Manager: Responsible Director:
More informationExternal Supplier Control Obligations. Records Management
External Supplier Control Obligations Records Management Page 1 Governance and Roles and The Supplier must define and communicate roles and responsibilities for Records Records Management requires high-level
More informationThis Policy supersedes the following Policy which must now be destroyed:
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Environmental Sustainability Policy NTW(O)02 Paul McCabe, Head of Estates and Facilities (NTW Solutions Ltd) Sarah
More informationDate ratified June, Implementation Date August, Date of full Implementation August, Review Date Feb, Version number V02.
Document Title Reference Number Lead Officer Author(s) Ratified by Disputes Policy NTW(HR)07 Lisa Crichton-Jones Acting Executive Director of Workforce and Organisational Development Jacqueline Tate-Workforce
More informationStandard Operating Procedure 3 (SOP 3) Identity Management
Standard Operating Procedure 3 (SOP 3) Why we have a procedure? Identity Management The need for authorised access by employees, contractors and partners to information, at anytime from anywhere, creates
More informationField/Mobile Working Policy
Field/Mobile Working Policy Management Guidance This document sets out UKRI Field/Mobile Working Policy, which is contractual. It also provides additional guidance for managers, employees and HR in the
More information