East Riding of Yorkshire Council Data protection audit report. Executive summary March 2014
|
|
- Shana Summers
- 6 years ago
- Views:
Transcription
1 East Riding of Yorkshire Council Data protection audit report Executive summary March 2014
2 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act 1998 (the DPA). Section 51 (7) of the DPA contains a provision giving the Information Commissioner power to assess any organisation s processing of personal data for the following of good practice, with the agreement of the data controller. This is done through a consensual audit. The Information Commissioner s Office (ICO) sees auditing as a constructive process with real benefits for data controllers and so aims to establish a participative approach. The ICO was provided with reports of two separate incidents occurring during April/May 2012 when sensitive personal data was mistakenly released to the wrong party. As a consequence of this the ICO issued the East Riding of Yorkshire Council (the Council) with an Undertaking in March 2013 to improve data protection. The Council has agreed to a consensual audit by the ICO of its processing of personal data. An introductory teleconference was held on 10 October 2013 with representatives of the Council to identify and discuss the scope of the audit and after that through and telephone correspondence to agree the schedule of interviews. ICO data protection audit report executive summary 2 of 6
3 2. Scope of the audit Following pre-audit discussions with the Council it was agreed that the audit would focus on the following areas: Training and awareness The provision and monitoring of staff data protection training and the awareness of data protection requirements relating to their roles and responsibilities. Security of personal data The technical and organisational measures in place to ensure that there is adequate security over personal data held in manual or electronic form. Requests for personal data The processes in place to respond to any requests for personal data. This will include requests by individuals for copies of their data (subject access requests) as well as those made by third parties. ICO data protection audit report executive summary 3 of 6
4 3. Audit opinion The purpose of the audit is to provide the Information Commissioner and the Council with an independent assurance of the extent to which the Council within the scope of this agreed audit is complying with the DPA. The recommendations made are primarily around enhancing existing processes to facilitate compliance with the DPA. Overall Conclusion Reasonable assurance There is a reasonable level of assurance that processes and procedures are in place and delivering data protection compliance. The audit has identified some scope for improvement in existing arrangements to reduce the risk of non-compliance with the Data Protection Act. We have made two reasonable assurance and one limited assurance assessments where controls could be enhanced to address the issues which are summarised below. ICO data protection audit report executive summary 4 of 6
5 4. Summary of audit findings Areas of good practice There is an appropriate governance framework in place, approved at senior level, for overseeing information security. This comprises of the Information Governance Management Board (IGMB), a defined strategy, policies and procedures and assigned roles and responsibilities, including a Senior Information Risk Officer (SIRO) and a trained IT Security Officer (ITSO). Considerable resource and effort has been put into ensuring staff have adequate data protection training. All staff are required to complete a DP e-learning module and advanced DP training has been developed for staff identified through a training needs analysis. Take-up of training is monitored and reported monthly at the IGMB. A documented process and clear guidance is provided to staff to ensure the Council fulfils its obligation under the DPA s right of subject access. There are assigned officers in each department who liaise with the Subject Access Request Co-ordinator. Additional safeguards to the process have been developed by the Children and Young People s service to manage the complex nature of their requests. Areas for improvement Heads of Service have been designated as Information Asset Owners (IAOs) but they are not regularly assessing and reporting on the risk to information in their business areas. This may result in the SIRO not having an accurate overview of information risk across the Council. It is important that IAOs are clear about their role and responsibilities and regularly review the electronic and manual data they own to ensure they are clear about how it is being used and shared and who has access to it and why. There is no overarching Information Asset Register to ensure the Council has a mechanism for understanding and managing risks to their information. It should link assets to dependencies including risk assessments, retention schedules and owners. Risks should be monitored and responsibility for mitigating risk assigned to an owner. The register should be maintained and regularly updated, with a named owner responsible for overseeing this. Although the Council are aware of Privacy Impact Assessments (PIAs) they have not been used on any projects. The introduction of robust PIAs and embedding them into the Council s project development and system design processes will help provide assurance that personal data risks are ICO data protection audit report executive summary 5 of 6
6 being assessed in advance of new systems processing personal data being developed/implemented. The matters arising in this report are only those that came to our attention during the course of the audit and are not necessarily a comprehensive statement of all the areas requiring improvement. The responsibility for ensuring that there are adequate risk management, governance and internal control arrangements in place rest with the management of East Riding of Yorkshire Council. We take all reasonable care to ensure that our audit report is fair and accurate but cannot accept any liability to any person or organisation, including any third party, for any loss or damage suffered or costs incurred by it arising out of, or in connection with, the use of this report, however such loss or damage is caused. We cannot accept liability for loss occasioned to any person or organisation, including any third party, acting or refraining from acting as a result of any information contained in this report. ICO data protection audit report executive summary 6 of 6
Heart of England NHS Foundation Trust
Heart of England NHS Foundation Trust Data protection audit report Executive summary February 2017 1. Background 1. Background The Information Commissioner is responsible for enforcing and promoting compliance
More informationPolice Service of Scotland Data protection audit report. Executive summary
Police Service of Scotland Data protection audit report Executive summary September 2017 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection
More informationNeath Port Talbot County Borough Council. Data protection audit report
Neath Port Talbot County Borough Council Data protection audit report Executive summary January 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with
More informationParliamentary and Health Ombudsman. Data protection audit report
Parliamentary and Health Ombudsman Data protection audit report Executive summary March 2018 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data
More informationChelsea & Westminster Hospital NHS Foundation Trust. Data protection audit report
Chelsea & Westminster Hospital NHS Foundation Trust Data protection audit report Executive summary October 2017 1. Background The Information Commissioner is responsible for enforcing and promoting compliance
More informationStaffordshire Police. Data Protection Audit Report. Executive Summary
Staffordshire Police Data Protection Audit Report Executive Summary May 2018 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act
More informationUtility Warehouse. Privacy and Electronic Communications Regulations audit report
Utility Warehouse Privacy and Electronic Communications Regulations audit report Executive summary March 2018 1. Background and scope The Information Commissioner may audit the measures taken by the provider
More informationPost Office Limited. Privacy and Electronic Communications Regulations audit report
Post Office Limited Privacy and Electronic Communications Regulations audit report Executive summary February 2018 1. Background and scope The Information Commissioner may audit the measures taken by the
More informationINFORMATION COMMISSIONER S OFFICE FOLLOW UP DATA PROTECTION AUDIT REPORT. Information Governance Manager. This paper supports:
FOR DISCUSSION INFORMATION GOVERNANCE COMMITTEE 28 APRIL 2015 AGENDA ITEM 2.6 INFORMATION COMMISSIONER S OFFICE FOLLOW UP DATA PROTECTION AUDIT REPORT Report of Paper prepared by Director of Therapies
More informationThe review demonstrated that the Trust has taken appropriate steps and put plans in place to address the requirements of the Undertaking.
Data Protection Act 1998 Undertaking follow-up Pennine Care NHS Foundation Trust ICO Reference: COM0579293 & COM0641364 In the week beginning 15 January 2018 the Information Commissioner s Office (ICO)
More informationDyfed Powys Police ICO Reference: COM , COM and COM
Data Protection Act 1998 Undertaking follow-up Dyfed Powys Police ICO Reference: COM0666484, COM0672404 and COM0677576 On 29 March 2018, the Information Commissioner s Office (ICO) conducted a follow-up
More informationAuditing data protection
Data protection Auditing data protection a guide to ICO data protection audits 1 Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering
More informationFindings from ICO audits of 16 local authorities
Data protection Findings from ICO audits of 16 local authorities January to December 2013 Introduction This report is based on ICO audits of 16 local authorities between January and December 2013. This
More informationInformation Asset Management Policy
Information Asset Management Policy 1.0 Purpose 1.1 The purpose of this policy is to outline the management of the Fund s information asset register and the actions that will be taken to provide sufficient
More informationUNCLASSIFIED. ISO27002 Organising Information Security. Restrictions? If Y please give the reason for the restriction below.
Meeting Paper title Executive Team Date 18/06/12 ISO27002 Organising Information Security Agenda item 3 Discussion time Purpose of paper Decision 15 mins Restrictions on public access including staff Restrictions?
More informationInformation Commissioner's Office
Information Commissioner's Office Internal Audit 2014-15: Follow up Last updated 21 May 2015 Distribution For action Senior Corporate Governance Manager Timetable Fieldwork completed 15 May 2015 Draft
More informationNHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17
NHS Sunderland Clinical Commissioning Group Information Governance Strategy 2016/17 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Executive Committee Governing
More informationInformation Governance Policy and Management Framework
Putting Barnsley People First Information Governance Policy and Management Framework Version: 2.0 Approved By: Governing Body Date Approved: February 2014 Name of originator / author: Richard Walker Name
More informationINFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN
INFORMATION GOVERNANCE STRATEGY & IMPLEMENTATION PLAN 2015-2018 Disclaimer The latest version of this document is located on PTHB intranet. Please check the review date and if there are any doubts contact
More informationNOT PROTECTIVELY MARKED
Meeting Audit Committee Public Session Date and Time Location Pacific Quay, Glasgow Title of Paper General Data Protection Regulation (GDPR) SPA Preparedness Item Number 9.4 Presented By Catherine Topley
More informationLeicestershire Police CCTV on Police Premises Policy
Leicestershire Police CCTV on Police Premises Policy Policy Owner: Department Responsible: Chief Officer Approval: Deputy Chief Constable Corporate Services Directorate Deputy Chief Constable Date of Next
More informationRecords Management Policy
Records Management Policy Page 1 of 7 Document Control Document name Author Department Policy Nicki Hargreaves (Lead Officer) Good Practice Document status V1.0 Approval Information Governance Steering
More informationInformation Governance Policy
Information Governance Policy Policy Number IG001 Target Audience CCG/ GMSS Staff Approving Committee CCG Chief Officer Date Approved February 2018 Last Review Date February 2018 Next Review Date February
More informationInformation Security Risk Management Programme and Strategy
Information Security Risk Management Programme and Strategy Table of Contents 1. Introduction... 3 2. Purpose... 3 3. Definitions... 3 4. Roles and Responsibilities... 4 4.1. Accountable Officer... 4 4.2.
More informationInformation Governance Policy
Information Governance Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 19 th September 2017 Name of originator /author (s):
More informationInformation Governance Management Framework
Information Governance Management Framework November 2014 Author: Responsibility: Lynda Harris, Head of Information Governance All Staff Effective Date: November 2014 Review Date: November 2015 Reviewing/Endorsing
More informationPrivacy Impact Assessment Policy and Procedure
Privacy Impact Assessment Policy and Procedure This document outlines the Trust s approach and methodology for conducting Privacy Impact Assessments in line with the Information Risk Policy Key Words:
More informationWest Kent Clinical Commissioning Group
West Kent Clinical Commissioning Group Information Governance Strategy 2017-18 Release: Final Approved Date: 27/10/2016 Author: Jamie Sheldrake Senior Associate - Information Governance Owner: SOUTH EAST
More informationInformation Governance Policy
Information Governance Policy Owner Author Information Team Information Governance Manager Reviewed by Approved by and date Council/Committee/EMT Board - Date approved Effective from 24 April 2017 Review
More informationInformation governance strategy
Information governance strategy January 2018 Version 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment V 1.0 Trevor Duplessis 22/01/18 Due for review Dec
More informationInformation Governance Policy
Information Governance Policy Applicable to All employees Version1.0 Last Updated March 2014 CONFIDENTIAL Page 2 of 6 Contents 1. Objectives 3 2. Scope 3 3. Principles 3 4. Information Governance Policy
More informationNHS Digital Post Audit Review of Data Sharing Activities: University College London
Directorate / Programme Care Services Project Data Sharing Audits Status Approved Director Catherine O Keeffe Version 1.0 Owner Sean Walsh Version issue date 13/10/2017 NHS Digital Post Audit Review of
More informationIGPr002 - Information Governance Management Framework
IGPr002 - Information Governance Management Framework Page 1 of 10 Table of Contents Information Governance Management Framework... 1 Why we need this Framework... 3 What the Framework is trying to do...
More informationHuman Resources. Data Protection Policy IMS HRD 012. Version: 1.00
Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed
More informationGeneral Data Protection Regulation (GDPR) Key considerations and implications for brokers
General Data Protection Regulation () Key and implications for brokers Contents at at 03 - did you know? 05 How to handle 07 Considerations for Broker Directors 08 General Data Protection Regulation ()
More informationThe Information Commissioner s Office, the Information Governance Alliance and several other organisations are issuing guidance on an on-going basis.
MARCH 2017 GENERAL DATA PROTECTION REGULATION ROTHERHAM CCG ACTION PLAN Themes of the GDPR: Refining/tightening up of existing concepts Standardised law across the EU New concepts in regulation; accountability,
More informationJOB TITLE: Head of Risk and Governance and Data Protection Officer. REPORTS TO: Director of Corporate Affairs and Governance
JOB DESCRIPTION AND PERSON SPECIFICATION JOB TITLE: Head of Risk and Governance and Data Protection Officer REPORTS TO: Director of Corporate Affairs and Governance SALARY: Level G HOURS: 37 per week PURPOSE
More informationGeneral Data Protection Regulation (GDPR) Strategy
General Data Protection Regulation (GDPR) Strategy NHS Digital s Approach to Compliance Published October 2017 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information
More informationINFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION
INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION Policy approved by: Joint Audit and Governance Committee Date: December 2016 Next Review Date: October 2018 Version: 2.0 Information Governance Strategy
More informationSummary of General Data Regulation & Actions. Nationwide Coverage.
Nationwide Coverage M Group Services Head Office Abel Smith House, Gunnels Wood Road, Stevenage, Hertfordshire SG1 2ST Tel: 01438 743 744 Morrison Utility Services Head Office Abel Smith House, Gunnels
More informationSummary of General Data Regulation & Actions. Nationwide Coverage.
Nationwide Coverage M Group Services Head Office Abel Smith House, Gunnels Wood Road, Stevenage, Hertfordshire SG1 2ST Tel: 01438 743 744 Morrison Utility Services Head Office Abel Smith House, Gunnels
More informationIG01 Information Governance Management Framework
IG01 Information Governance Management Framework 1 INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG01 Document Purpose: The document compliments all other Information
More informationSir William Perkins s School Data Protection Policy
Sir William Perkins s School Data Protection Policy Introduction Sir William Perkins s School is a Charitable Company Limited by guarantee providing educational services for students of 11 to 18 years
More informationThis Policy supersedes the following Policy, which must now be destroyed:
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn Executive Director of Performance and Assurance Sue Proud Information
More informationChair Job Description and Person Specification
Chair Job Description and Person Specification Remuneration: 3,000 pa (excluding expenses) The Role of the Board The primary purpose of the Board is to maintain a strategic role in governing Healthwatch
More informationInformation Governance Management Framework Version 6 December 2017
Information Governance Management Framework Version 6 December 2017 Page 1 of 8 Introduction Robust information governance requires clear and effective management and accountability structures, governance
More informationData Protection Policy
Data Protection Policy Contents 1. Purpose and scope... 2 2. Background... 2 3. Principles... 2 4. Aims and commitments... 3 5. Roles and responsibilities... 3 6. Breaches of data privacy legislation...
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Operational Owner: Executive Owner: James Newby Data Protection Officer Sarah Litchfield Senior Information Risk Officer Effective date: 25 th May 2018 Review date: May 2021 Related
More informationGPEN Sweep 2018 Privacy Accountability
GPEN Sweep 2018 Privacy Accountability October 2018 Office of the Privacy Commissioner, New Zealand Information Commissioner s Office, UK Page 1 of 9 Background The 2018 GPEN Sweep aimed to consider how
More informationData Quality Policy
Cambridgeshire and Peterborough Clinical Commissioning Group (CCG) Data Quality Policy 2017-2019 Ratification Process Lead Author(s): Reviewed / Developed by: Approved by: Ratified by: Associate Director
More informationThis Policy supersedes the following Policy, which must now be destroyed:
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn, Executive Director of Commissioning and Quality Assurance Angela
More informationInformation Management Policy CCMT Sponsor Director of Information Department/Area Joint Information Management Unit
Policy Title Information Management Policy CCMT Sponsor Director of Information Department/Area Joint Information Management Unit CONTENTS: (All Force policies should incorporate the following) 1.0 Rationale
More informationData Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective:
Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective: 1 Policy Statement Objective 1.1 It is the policy of Penderels Trust to demonstrate compliance
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date June 2017 Approving Body Audit Committee Date of
More informationGrant Thornton s annual report on the HCPC s governance, risk management and internal control systems is attached.
Audit Committee, 14 June 2017 Internal Audit Annual Report 2016-17 Executive summary and recommendations Introduction Grant Thornton s annual report on the HCPC s governance, risk management and internal
More informationIdentifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk
Title Description of document The sets out the process by which the Trust identifies, manages, reduces and mitigates risks to achieving the organisational objectives. It sets out the framework required
More informationInternal Audit. Network Management. March 2018
Internal Audit Network Management March 2018 Internal Audit Assurance assessment: Objective Objective Objective Objective One Two Three Four Limited Timetable Date closing meeting held: 24 November 2017
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY CONSULTATION AND RATIFICATION SCHEDULE Document Name: Governance Policy Policy Number/Version: 2.0 Name of originator/author: Midlands & Lancashire CSU Governance Team Ratified
More informationData Protection Impact Assessment Policy
Data Protection Impact Assessment Policy Version 0.1 1 VERSION CONTROL Version Date Author Reason for Change 0.1 16.07.18 Debby Jones New policy 2 EQUALITY IMPACT ASSESSMENT Section 4 of the Equality Act
More informationBaptist Union of Scotland DATA PROTECTION POLICY
Baptist Union of Scotland DATA PROTECTION POLICY Adopted: May 2018 1 1.The Baptist Union of Scotland 48, Speirs Wharf, Glasgow G4 9TH (Charity Registration SC004960) is committed to protecting all information
More informationCorporate Governance Attestation Statement for Cancer Institute NSW NSW. 1 July June 2017 Health GOVERNMENT. Cover page
ta 1 July 2016-30 June 2017 Corporate Governance Attestation Statement for Cover page 1 July 2016 30 June 2017 41. ICKW CORPORATE GOVERNANCE ATTESTATION STATEMENT CANCER INSTITUTE The following corporate
More informationGDPR readiness for start-ups, technology businesses and professional practices Martin Cassey
www.nascenta.com GDPR readiness for start-ups, technology businesses and professional practices Martin Cassey Introduction GDPR Key Points GDPR/DPA Differences Start Up, Tech Business Professional Practice?
More informationQuality Assurance Framework for Safeguarding Children
Children s Services PO Box 3343, Bath BA1 2ZH Telephone: (01225) 477000 (main switchboard) Working together for health & well-being Quality Assurance Framework for Safeguarding Children Contents 1. Introduction
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY 1. CONSULTATION AND RATIFICATION SCHEDULE 1.2. Document Name: Governance Policy 1.4. Policy Number/Version: V4.0 1.6. Name of originator/author: Midlands & Lancashire CSU
More informationData Protection Officer
Data Protection Officer External Vacancy Post Ref: 5985. Part Time. 15 hours per week. Permanent. 29,146.30 to 31,845.48 per annum, pro rata. Attractive benefits for this post include 35 days holiday per
More informationJob Description: Finance Director Esteem Multi-Academy Trust
Job Description: Finance Director Esteem Multi-Academy Trust Post Title: Location: Finance Director TBC initially one of the MAT Academy sites Purpose: To act as the chief financial officer and company
More informationInformation Governance Strategic Management Framework
Information Governance Strategic Management Framework 2016-2018 Susan Meakin Information Governance Manager June 2016 Information Governance DOCUMENT CONTROL: Version: 2 Ratified by: Health Informatics
More informationData Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General
Data Protection Document Detail Type of Document (Stat Policy/Policy/Procedure) Policy Category of Document (Trust HR-Fin-FM-Gen/Academy) General Index reference number Approved 26/04/18 Approved by Trust
More informationTHE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER
THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER Contents 1 Introduction 2 2 Key messages 3 3 The requirement to appoint a Data Protection Officer 4 3.1 Public
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Document Number 2009/49/V2 Document Title Information Governance Strategy Author Phil Cottis Author s Job Title Information Governance & RA Manager Department IM&T Ratifying
More informationInformation Risk Policy
Information Risk Policy Version 1_0 Responsible Person Information Governance Manager Lead Director Director of Performance and Corporate Services Consultation Route Information Governance Steering Group
More informationJOB DESCRIPTION. Director of Finance and Corporate Services. Starting at 26,977 with progression to 31,576 per annum
JOB DESCRIPTION POST: DIVISION: RESPONSIBLE TO: SALARY: Information and Governance Officer Finance and Corporate Services Director of Finance and Corporate Services Starting at 26,977 with progression
More informationOFFICIAL. Date 18 April 2018 Pacific Quay, Glasgow General Data Protection Regulation (GDPR) Police Scotland Preparedness Item Number 11.
Meeting Date Location Pacific Quay, Glasgow Title of Paper General Data Protection Regulation (GDPR) Police Scotland Preparedness Item Number 11.2 Presented By ACC Alan Speirs Recommendation to Members
More informationInformation Governance and Assurance Framework
Information Governance and Assurance Framework Title: Information Governance and Assurance Framework Original author(s): Head of Business Technology Owner: SIRO Reviewed by: SIRO Group Approval body: SIRO
More informationDATA PROTECTION POLICY
Registered Address: Mountdale Gardens, Leigh-on-Sea, Essex SS9 4AW Executive Headteacher: Mrs. J. Mullan Telephone: (01702) 524193 Fax: (01702) 526761 DATA PROTECTION POLICY SEN TRUST SOUTHEND KINGSDOWN
More informationDATA PROTECTION POLICY
Registered Address: Mountdale Gardens, Leigh-on-Sea, Essex SS9 4AW Executive Headteacher: Mrs. J. Mullan Telephone: (01702) 524193 Fax: (01702) 526761 DATA PROTECTION POLICY SEN TRUST SOUTHEND KINGSDOWN
More informationDefence Health Governance Structure
Governance Structure November 2017 Defence Health Governance Structure The Board comprises eight non-executive Directors including a non-executive Chairman, and one associate Director. The Board has assessed
More informationJOB DESCRIPTION & PERSON SPECIFICATION. Director of Regulatory Assurance. REPORTS TO: Deputy Commissioner - Operations PURPOSE OF POST
JOB DESCRIPTION & PERSON SPECIFICATION JOB TITLE: Director of Regulatory Assurance REPORTS TO: Deputy Commissioner - Operations SALARY: HOURS: Level G2 37 per week PURPOSE OF POST The Operations executive
More informationPolicies, Procedures, Guidelines and Protocols. Document Details
Policies, Procedures, Guidelines and Protocols Document Details Title Security Management Strategy Trust Ref No 2038-38676 Local Ref (optional) Main points the document The Strategy intends to reinforce
More informationInformation Governance Strategy and Management Framework
Information Governance Strategy and Management Framework Summary: This strategy sets out the framework, structure, system and accountabilities for Information Governance Management within NHS Eastbourne,
More informationAlloa Gymnastics Club Data Protection Privacy Notice
Alloa Gymnastics Club Data Protection Privacy Notice The GDPR is Europe s new framework for data protection laws. It replaces the previous 1995 data protection directive, which current UK law is based
More informationProject Title. Project Number. Privacy Impact Assessment
Project Title Project Number Privacy Impact Assessment This document is classified as Official and is disclosable under the terms of the Freedom of Information Act. No part of the report should be disseminated
More informationInformation Governance Management Framework
Management Framework Summary: This document sets out the framework, structure, system and accountabilities for Management within West Kent CCG Clinical Commissioning Group. APPROVED BY: Chief Finance Officer
More informationINFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY
INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY Version: 1.4 Approved by: Date approved: 19 January 2017 Name of Originator/Author: Name of Responsible Committee/Individual: Date issued: Information
More informationUsing reported concerns to improve how organisations deal with information rights. Performance Improvement Business Plan 2015 / 16
Using reported concerns to improve how organisations deal with information rights Performance Improvement Business Plan 2015 / 16 Our 2015-18 corporate objectives The ICO has identified the following six
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2017/18
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2017/18 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Quality, Safety & Risk
More informationInitiative: Information Governance Management
Royal Devon & Exeter Information Governance Information Governance (IG) Toolkit Action Plan Key Requirements Reporting Date 18/03/2011 Programme Manager Sharon Collingwood Project Start Date 30/07/2010
More informationJoint Audit Plan for Devon and Cornwall Police and Crime Commissioner and Chief Constable
Joint Audit Plan for Devon and Cornwall Police and Crime Commissioner and Chief Constable. Year ended 31 March 2015 June 2015 Alex Walling Associate Director T 0117 3057804 E alex.j.walling@uk.gt.com Chris
More informationAchieve. Performance objectives
Achieve Performance objectives Performance objectives are benchmarks of effective performance that describe the types of work activities students and affiliates will be involved in as trainee accountants.
More informationBusiness Continuity. Example Policy. Author: A Heathcote Date: 24/05/2017 Version: 1.0
Example Policy Author: A Heathcote Date: 24/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationCorporate Governance Report
Corporate Governance Report 18 The Hong Kong Mortgage Corporation Limited Annual Report 2017 Corporate Governance Report Corporate Governance Practices The missions of the Corporation are to promote: stability
More informationEquality & Diversity- EDS2 Action Plan 2016/2017
Internal Grade External Grade Evidence for Rating Equality & Diversity- EDS2 Action 2016/2017 Continuous Incorporated Into Monitoring Group Better Health Outcomes 1.1 Services are commissioned, procured,
More informationTourettes Action Data Protection Policy
Tourettes Action Data Protection Policy Effective date: 01/01/2018 Review date: 01/01/2020 Approved: Suzanne Dobson, CEO Tourettes Action Author: Pippa McClounan, Office Manager Tourettes Action Version
More informationAGH SOLUTIONS LIMITED GOVERNANCE FRAMEWORK
AGH SOLUTIONS LIMITED GOVERNANCE FRAMEWORK 1 1. INTRODUCTION Sound corporate governance principles are the foundation upon which the company is built and AGH Solutions Limited ( AGHS ) endorses the primary
More informationInformation Asset Register IAR. Guidance for Schools
Information Asset Register IAR Guidance for Schools Contents 1. Introduction... 3 2. What is an Information Asset?... 4 3. What is an Information Asset Register?... 4 4. Why Do We Need an Information Asset
More informationCORPORATE GOVERNANCE FRAMEWORK
CORPORATE GOVERNANCE FRAMEWORK 1 P a g e TABLE OF CONTENTS Page 1. Introduction 3 2. Purpose 3 3. Scope 4 4. Governance Principles 4 4.1 Role Players 4 4.2 Combined Assurance 4 5. Governance Structure
More informationGDPR in Early Years and Childcare settings. What s the connection? Data Protection
GDPR in Early Years and Childcare settings What s the connection? Data Protection What is GDPR? Test your knowledge 10 minute quiz Think of GDPR as evolutionary, not revolutionary Why? GDPR legislation
More informationDoncaster Council Data Quality Strategy
Doncaster Council Data Quality Strategy 2016/17-2020/21 Better Data, Better Services Approving Body Date of Approval Date of Implementation Next Review Date Review Responsibility Version Doncaster Council
More informationSection a What this Policy is for Policy Statement. 2. Why this policy is important... 3
Norwich Central Baptist Church DATA PROTECTION POLICY Adopted: May.2018 Norwich Central Baptist Church (NCBC) is committed to protecting all information that we handle about people we support and work
More informationEAST SUSSEX FIRE AUTHORITY Job Description
EAST SUSSEX FIRE AUTHORITY Job Description Work Designation: Resources / Treasurer Location: Shared HQ Job Title ITG Manager Rank or Grade: Job Family 7 (subject to Job Evaluation) Responsible To: Assistant
More information