Joint Information Management Strategy

Transcription

1 Joint Information Management Strategy

2 Version Control Version Changes By who Date Draft V0.3 Format & H Youngs 10 Sept 2014 Document/Version Control Inclusion of paragraphs 1.5, 2.2 H Youngs 10 Sept 2014 Final V1.0 Review of paragraph 2.6 Approved at Joint Information Management Strategic Board H Youngs 10 Sept 2014 Chair 26 Sept 2014 Document Control Role Name Signature Owner Chief Constable Norfolk Chief Constable Suffolk Senior Information Risk Owner Deputy Chief Constable Norfolk Deputy Chief Constable Suffolk Author Head of Information Management Reviewer

3 Contents 1. Introduction 2. Scope and purpose 3. Vision for effective information management 4. Leadership and Governance 5. Role 6. Strategic Objectives Priority Activities Appendix A - Strategic Objectives mapped against the Constabularies Joint Vision and Mission Appendix B - Information Management Strategy Implementation Plan Appendix C - Terms of reference, Joint Information Management Strategy Board Appendix D - Specific Roles and Responsibilities

4 1. Introduction 1.1. Information is critical to every part of Norfolk and Suffolk Constabularies business and operations an important asset to be valued, protected, managed effectively and exploited to deliver improved services Information can also be a liability if inappropriately used and disclosed, and ineffectively managed, recorded, and interpreted Effective information management, i.e. the means by which an organisation collects, organises, uses, controls, disseminates and disposes of its information, ensures that the value of information is identified and used to its best ability and that any associated risks are properly managed to instil public confidence and trust The Joint Information Management Strategy (IMS) acknowledges that the current financial challenges require the Constabularies to deliver long-term effectiveness and compliance in regards the management of information by operating within a culture that strives to deliver better for less and in doing so, maximises effective use of resources through collaboration and partnership opportunities The IMS is a high-level document (required by Home Office (2005) Code of Practice on the Management of Police Information) 2. Scope and purpose 2.1. The IMS sets out how Suffolk and Norfolk Constabularies will create, utilise, control and maintain its information assets from It details the Constabulary s vision, mission, roles, leadership and governance, and sets strategic objectives to deliver effective information management to meet the requirements of legislation, national and local standards The Strategic Objectives are mapped against the Constabularies Joint Vision and Mission at Appendix A The IMS sets out a framework for addressing the risks and opportunities around the effective use of information. As it is intrinsic to how the Forces manage police information and corporate records, it needs to inform, and be informed by other strategies. It is particularly inter-dependent on the Joint Forces' ICT strategy The IMS is supported by an Implementation Plan to help achieve continual progress towards delivery. This is shown at Appendix B The IMS covers information held by both Forces, regardless of its physical or electronic format. This includes (but is not limited to) text, data, images, voice and video recordings.

5 2.6. The IMS covers all information obtained and recorded for the effective running of the organisation, and that required for a policing purpose, as set out by the Management of Police Information (MoPI) Code of Practice: - Protecting life and property Preserving order Preventing the commission of offences Bringing offenders to justice Any duty or responsibility arising from common law or statute law. 3. Vision for effective Information Management 3.1. The Forces' vision for information management is to enhance a culture where information is: Valued and recognised as an important business and operational asset, Fit for purpose, held responsibly and shared lawfully, Used to its full potential to support the policing purpose and enable effective business and operational working, Available to the right people at the right time for the right purpose, and Securely protected through proper governance and control. 4. Leadership and Governance 4.1. The Joint Information Management Strategic Board (JIMSB) will provide co-ordination, leadership and governance of all information assets owned by Norfolk and Suffolk Constabularies. The Board is led by the Force Senior Information Risk Owner (SIRO) The terms of reference of the JIMPB are shown at Appendix C The JIMSB will oversee the delivery of the IMS and monitor progress through regular review of the supporting IMS Implementation Plan, shown at Appendix B.

6 5. Roles 5.1. Specific roles and responsibilities for addressing information management are shown at Appendix D. 6. Strategic Objectives 6.1. To achieve its purpose, the joint IMS has the following strategic objectives: Develop information systems and processes to meet business and operational needs, and enable good Information Management (IM) practice, Demonstrate that appropriate safeguards are in place to manage information responsibly and lawfully, Demonstrate openness and transparency through proactively making information available where appropriate, Raise staff understanding and awareness of the importance of good information management and improve governance and ownership, and Develop the Joint Information Management Department (JIMD) and deliver the benefits of collaboration. 7. Priority Activities 7.1. The following activities will support the delivery of the IMS. Implementation will be led by the, working in partnership with other Force business areas. Progress against them will be monitored and reported to the JIMSB:- (1) Develop information systems and processes to meet business and operational needs, and enable good Information Management practice: Develop a joint approach for effectively managing unstructured information (e.g. documents, s, social media exchanges), Develop a joint approach for data reuse, including searching or combining multiple data sets, Develop and implement a joint approach for improving data quality and disposing or migrating legacy data,

7 Align Review, Retention and Disposal (RRD) processes and ensure they deliver operational benefits, and Ensure that information management considerations are built into every project stage. (2) Demonstrate that appropriate safeguards are in place to manage information responsibly and lawfully: Ensure that the Annual Submissions to the Home Office are undertaken on an annual basis, meeting the requirements of the Community Security Policy (CSP). Achieve Level 2 of the Information Assurance Maturity Model, Rationalise Information Sharing Agreements and ensure they are fit for purpose, Ensure that appropriate arrangements are in place for the secure transfer of data to partners and to enable remote and mobile working, Improve use of information security incident management and reporting to monitor and address issues and trends, Ensure Information security processes are agile and able to respond appropriately to rapid changes in the use of technology, and Respond in a timely manner to those exercising their Information rights under relevant legislation. (3) Demonstrate openness and transparency through proactively making information available where appropriate: Develop and implement a joint approach to the Transparency and Open Data agendas, Ensure Freedom of Information (FOI) Publication Schemes and disclosure logs are up to date, Analyse FOI requests and identify and address recurring themes, and Continue to achieve information compliance targets

8 (4) Raise staff understanding and awareness of the importance of good information management and improve governance and ownership: Improve the information management culture Develop targeted communications, training, guidance and self-help, with a particular focus on social media, new ways of working, asset management and the importance of improving data quality (accurate and adequate data input at the outset), Review training and awareness requirements, monitor completion rates for mandatory training and action accordingly, Create clear, joint, streamlined, common sense Information Management policies/procedures (exploiting the use of self-service technology), Align governance structures, information risk management and reporting, and Assign accountability for high-risk assets through identifying and supporting Information Asset Owners in understanding their responsibilities and accountabilities. (5) Develop the Joint Information Management Department and deliver the benefits of collaboration: Streamline JIMD processes and systems, align them as far as possible and exploit the use of self-service technology, Develop and implement a joint case manager system to manage requests, Develop and implement a joint approach to long term records storage, cataloguing and management of information, Further develop JIMD staff knowledge and skills, and Identify and exploit opportunities for cost recovery.

9