UNCLASSIFIED. ISO27002 Organising Information Security. Restrictions? If Y please give the reason for the restriction below.
|
|
- Vivian Mathews
- 6 years ago
- Views:
Transcription
1 Meeting Paper title Executive Team Date 18/06/12 ISO27002 Organising Information Security Agenda item 3 Discussion time Purpose of paper Decision 15 mins Restrictions on public access including staff Restrictions? N If Y please give the reason for the restriction below. Presenter ET sponsor Lesley Bett, Charlotte Powell, Simon Ebbitt Daniel Benjamin Corporate Plan aim 7.9 Continuing to review and improve the ICO s Corporate Governance and its own compliance with information rights legislation. Summary Who has been consulted? SIRO, Information Security Manager UNCLASSIFIED 1
2 ISO27002 Organising Information Security Introduction / Aim of the paper The ICO has committed to compliance with the information security code of practice ISO The Information Governance Department has been assessing compliance against the code of practice s eleven modules and their individual security controls. The aim of this paper is to provide information concerning ICO s organisation of information security and for agreement on 3 recommendations. Decisions needed and recommendations made 1. A review of the ICO s security policy should be undertaken to ensure that it clearly communicates the Executive Team s and Management Board s commitment to information security. It is recommended that this identifies the Accounting Officer (CG) and the ICO s Senior Information Risk Owner SIRO (DB). 2. That ET commits to the role, the training and development of the ICO s Information Asset Owners (IAO s). 3. That ET agrees to, and supports the pilot of an IAO assurance reporting process within Corporate Services. Background An assessment has been undertaken against the ten controls within the Organisation of Information Security IS module. This paper will only consider ICO s compliance with the following three controls. Management should actively support security within the organisation through clear direction, demonstrated commitment, and acknowledgement of information security responsibilities. All information security responsibilities should be clearly defined. Information security should be co-ordinated by representatives from different parts of the organisation with relevant roles and job functions providing an annual written assurance to the SIRO. UNCLASSIFIED 2
3 1. Management Commitment. Whilst it is clear that there is management commitment to information security, compliance with the code of practice requires evidence of compliance and commitment. The ICO has in place a security policy which is published on the website. The published policy is signed by the Commissioner, albeit in It is recommended that this is reviewed, updated and signed off by the Executive Team. The current policy is a single side of A4 and is a high level statement of our commitment to information security. The review will take account of changes in the threat environment since it was last reviewed. It is envisaged that this review will not be time consuming and result in a new draft for comments and sign off. The review will be undertaken by a member of the Information Governance Department and comments provided by the Executive Team. 2. Information Security Roles and Responsibilities As a result of the Data Handling Review (full report published in 2008) the role of Senior Information Risk Owner (SIRO) and Information Asset Owners (IAO s) were established as the structure for managing information risk throughout government. In short, the SIRO responsibilities are to lead a culture of good information management, own the overall information risk policy and procedures and advise the Accounting Officer on information risk. This role is currently filled by the Director of Corporate Services but does not form part of the job description. An IAO s role is to understand what information is held within their area of responsibility, what is created or added, how information is moved, who has access to it and why. As a result they should be able to understand and address risks to the information and also ensure that the information available is fully utilised. There is currently a page within the security manual, headed management responsibilities, which briefly sets out the role of the SIRO and the IAO s. It also lists the responsibilities of an IAO but records them as business delivery group members (now obsolete). It provides no further details about how these responsibilities should be fulfilled. UNCLASSIFIED 3
4 It is recommended that the list of IAO s should be reviewed to reflect current responsibilities within ICO, that the role and responsibilities of the IAO are clearly defined and that the IAO responsibilities are added to job descriptions. This work will be led by a member of the Information Governance Department however time will be required from the IAO s and SIRO to gain a full understanding of the requirements of the role. IAO and SIRO time will also be required for any necessary training. 3. Reporting and Assurance. A fundamental part of the IAO s role is to provide formal assurance concerning their information assets to the SIRO. This should provide the SIRO with a clear understanding of any information risks so that ET can be fully updated and seek resolution where necessary. This form of reporting does not currently take place and therefore information security risks may not always be visible and the appropriate risk treatment may not be implemented. A reporting system or process should be developed to ensure that IAO s regularly report to the SIRO to enable him to provide assurance to ET that information risk is being properly managed. It is recommended that an information risk register forms part of the regularly reporting and this can be used to report to ET and MB. After consultation with the SIRO it is recommended that a reporting process is developed in Human Resources as the holder of a number of sensitive records and then run as a pilot more widely in the Corporate Services Directorate before rolling it out to the rest of the office. This will involve the development of the information risk register and a template for the mandatory reporting to the SIRO. This work will be led by a member of the Information Governance Department. Time will be required by the Head of Organisational Development for the development of the reporting process. Subsequently time will be required from all IAO s on an ongoing basis when the reporting process is fully rolled out. Options considered Other options have not been considered as the ISO controls are clear and ICO has committed to ISO27002 Information Security Code of Practice. UNCLASSIFIED 4
5 Risks and opportunities This is an opportunity for ICO to lead in this area and demonstrate best practice in terms of its information security management and compliance with ISO It is also an opportunity to provide regular assurance and visibility to ET about current information risks and appropriate risk treatment. Financial issues IAO training options will be considered as part of this work. Some options may incur a cost. This requirement will be flagged to Learning and Development so that some budget provision can be made. Currently the Information Governance Department are reviewing a free on line training solution which could be used as training for the SIRO and IAO s. If this is not suitable an estimated cost of 5000 should be considered. Staffing issues New IAOS will be identified during this process. Amendments to job descriptions new or existing should only be considered after consultation with the Head of HR. Devolved office issues Information security risks will differ between locations and any processes put into place will need to reflect this. Accommodation issues Environmental issues Privacy issues Equality and diversity issues UNCLASSIFIED 5
6 Conclusion ET are asked to consider each of the recommendations and commit to their implementation. Annexes Author Charlotte Powell Filepath Status and version v0.1 Date last updated and reason Distribution UNCLASSIFIED 6
7 Appendix A ISO27002 ISO27002 is code of practice for information security. It outlines a number of potential controls and control mechanisms to address information security risks. ET have already agreed and committed to ensuring compliance with this code of practice. The code is broken down into 11 modules which are: Security Policy Organisation of Information Security Asset Management Human Resources Security Physical Security Communications and Ops Management Access Control Information Systems Acquisition, Development, Maintenance Information Security Incident Management Business Continuity Compliance The Information Governance Department are currently assessing the ICO compliance on all eleven modules. An update on progress with this project will provided with the next Information Governance Quarterly Report. This paper is concerned with the work related to the Organisation of Information Security module. UNCLASSIFIED 7
East Riding of Yorkshire Council Data protection audit report. Executive summary March 2014
East Riding of Yorkshire Council Data protection audit report Executive summary March 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data
More informationRecords Management Policy
Records Management Policy Page 1 of 7 Document Control Document name Author Department Policy Nicki Hargreaves (Lead Officer) Good Practice Document status V1.0 Approval Information Governance Steering
More informationINFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION
INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION Policy approved by: Joint Audit and Governance Committee Date: December 2016 Next Review Date: October 2018 Version: 2.0 Information Governance Strategy
More informationInformation Risk Policy
Information Risk Policy Version 1_0 Responsible Person Information Governance Manager Lead Director Director of Performance and Corporate Services Consultation Route Information Governance Steering Group
More informationInformation Governance Policy
Information Governance Policy Policy Number IG001 Target Audience CCG/ GMSS Staff Approving Committee CCG Chief Officer Date Approved February 2018 Last Review Date February 2018 Next Review Date February
More informationInformation Asset Management Policy
Information Asset Management Policy 1.0 Purpose 1.1 The purpose of this policy is to outline the management of the Fund s information asset register and the actions that will be taken to provide sufficient
More informationHeart of England NHS Foundation Trust
Heart of England NHS Foundation Trust Data protection audit report Executive summary February 2017 1. Background 1. Background The Information Commissioner is responsible for enforcing and promoting compliance
More informationDyfed Powys Police ICO Reference: COM , COM and COM
Data Protection Act 1998 Undertaking follow-up Dyfed Powys Police ICO Reference: COM0666484, COM0672404 and COM0677576 On 29 March 2018, the Information Commissioner s Office (ICO) conducted a follow-up
More informationINFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN
INFORMATION GOVERNANCE STRATEGY & IMPLEMENTATION PLAN 2015-2018 Disclaimer The latest version of this document is located on PTHB intranet. Please check the review date and if there are any doubts contact
More informationBusiness Continuity. Example Policy. Author: A Heathcote Date: 24/05/2017 Version: 1.0
Example Policy Author: A Heathcote Date: 24/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationInformation Governance Management Framework
Information Governance Management Framework November 2014 Author: Responsibility: Lynda Harris, Head of Information Governance All Staff Effective Date: November 2014 Review Date: November 2015 Reviewing/Endorsing
More informationNOT PROTECTIVELY MARKED
Meeting Audit Committee Public Session Date and Time Location Pacific Quay, Glasgow Title of Paper General Data Protection Regulation (GDPR) SPA Preparedness Item Number 9.4 Presented By Catherine Topley
More informationPROCEDURE (Essex) / Linked SOP (Kent) Information Sharing Agreements. Number: W 1014 Date Published: 23 June 2017
1.0 Summary of Changes 1.1 The following minor changes have been made to this procedure/sop on 23 June 2017: Paragraph 3.3.7 link created to Privacy Impact Assessment; Paragraph 3.4 Legal Services replaced
More informationInformation Governance Policy
Information Governance Policy Owner Author Information Team Information Governance Manager Reviewed by Approved by and date Council/Committee/EMT Board - Date approved Effective from 24 April 2017 Review
More informationFindings from ICO audits of 16 local authorities
Data protection Findings from ICO audits of 16 local authorities January to December 2013 Introduction This report is based on ICO audits of 16 local authorities between January and December 2013. This
More informationInformation governance strategy
Information governance strategy January 2018 Version 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment V 1.0 Trevor Duplessis 22/01/18 Due for review Dec
More informationInformation Governance Policy
Information Governance Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 19 th September 2017 Name of originator /author (s):
More informationJOB TITLE: Head of Risk and Governance and Data Protection Officer. REPORTS TO: Director of Corporate Affairs and Governance
JOB DESCRIPTION AND PERSON SPECIFICATION JOB TITLE: Head of Risk and Governance and Data Protection Officer REPORTS TO: Director of Corporate Affairs and Governance SALARY: Level G HOURS: 37 per week PURPOSE
More informationInformation Security Risk Management Programme and Strategy
Information Security Risk Management Programme and Strategy Table of Contents 1. Introduction... 3 2. Purpose... 3 3. Definitions... 3 4. Roles and Responsibilities... 4 4.1. Accountable Officer... 4 4.2.
More informationINFORMATION GOVERNANCE COMMUNICATION STRATEGY
INFORMATION GOVERNANCE COMMUNICATION STRATEGY 20-2017 Summary This document sets out the steps to be taken during the next two years to maintain and improve communication of the strategic Information Governance
More informationInformation Governance Management Framework Version 6 December 2017
Information Governance Management Framework Version 6 December 2017 Page 1 of 8 Introduction Robust information governance requires clear and effective management and accountability structures, governance
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Operational Owner: Executive Owner: James Newby Data Protection Officer Sarah Litchfield Senior Information Risk Officer Effective date: 25 th May 2018 Review date: May 2021 Related
More informationIG01 Information Governance Management Framework
IG01 Information Governance Management Framework 1 INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG01 Document Purpose: The document compliments all other Information
More informationSecurity Operations. BS EN ISO 9001: 2008 Issue 1.2: 21/10/2016. Quality Manual. Managing Director. Controlled / Uncontrolled when printed
of Security Operations BS EN ISO 9001: 2008 : 21/10/2016 Manual No. 1 Issued to Managing Director Authorised By Date Issued 21/10/2016 Controlled / Uncontrolled when printed SECTION: 0 Index Page 2 Note
More informationOFFICIAL. Date 18 April 2018 Pacific Quay, Glasgow General Data Protection Regulation (GDPR) Police Scotland Preparedness Item Number 11.
Meeting Date Location Pacific Quay, Glasgow Title of Paper General Data Protection Regulation (GDPR) Police Scotland Preparedness Item Number 11.2 Presented By ACC Alan Speirs Recommendation to Members
More informationInformation Governance Policy and Management Framework
Putting Barnsley People First Information Governance Policy and Management Framework Version: 2.0 Approved By: Governing Body Date Approved: February 2014 Name of originator / author: Richard Walker Name
More informationINFORMATION GOVERNANCE ASSURANCE FRAMEWORK
INFORMATION GOVERNANCE ASSURANCE FRAMEWORK Summary This document sets out an overarching framework for the strategic Information Governance agenda in the Business Services Organisation. In particular,
More informationINFORMATION GOVERNANCE MANAGEMENT FRAMEWORK
INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG33 Document Purpose: The document complements all other Information Governance policies and sets out the management arrangements
More informationInformation Governance Strategy and Management Framework
Information Governance Strategy and Management Framework Summary: This strategy sets out the framework, structure, system and accountabilities for Information Governance Management within NHS Eastbourne,
More informationNHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY
NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY Version Control Version: 2.0 dated 17 July 2015 DATE VERSION CONTROL 04/06/2013 1.0 First draft of new policy
More informationIGPr002 - Information Governance Management Framework
IGPr002 - Information Governance Management Framework Page 1 of 10 Table of Contents Information Governance Management Framework... 1 Why we need this Framework... 3 What the Framework is trying to do...
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY 1. CONSULTATION AND RATIFICATION SCHEDULE 1.2. Document Name: Governance Policy 1.4. Policy Number/Version: V4.0 1.6. Name of originator/author: Midlands & Lancashire CSU
More informationArrangements for complying with Welsh Language Standards: Auditor General for Wales and Wales Audit Office
Date published: January 2017 Arrangements for complying with Welsh Language Standards: Auditor General for Wales and Wales Audit Office Welsh Language Standards 1 The Wales Audit Office and the Auditor
More informationField/Mobile Working Policy
Field/Mobile Working Policy Management Guidance This document sets out UKRI Field/Mobile Working Policy, which is contractual. It also provides additional guidance for managers, employees and HR in the
More informationBurton Hospitals NHS Foundation Trust. On: 22 January Review Date: December Corporate / Directorate. Department Responsible for Review:
POLICY DOCUMENT Burton Hospitals NHS Foundation Trust DATA QUALITY POLICY Approved by: Trust Management Team On: 22 January 2016 Review Date: December 2018 Corporate / Directorate Clinical / Non Clinical
More informationHealth and Safety Policy STATEMENT OF INTENT
Health and Safety Policy STATEMENT OF INTENT East Kent Housing is committed to achieving a high standard of health and safety compliance in all service areas through effective, proactive management and
More informationJoint Information Management Strategy
Joint Information Management Strategy 2014-2017 Version Control Version Changes By who Date Draft V0.3 Format & H Youngs 10 Sept 2014 Document/Version Control Inclusion of paragraphs 1.5, 2.2 H Youngs
More informationINFORMATION GOVERNANCE MANAGEMENT FRAMEWORK
NHS South West Lincolnshire Clinical Commissioning Group (CCG) INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History: Document Reference: Document Purpose: IG01 Date Ratified: January 2015 Ratified
More informationINFORMATION COMMISSIONER S OFFICE FOLLOW UP DATA PROTECTION AUDIT REPORT. Information Governance Manager. This paper supports:
FOR DISCUSSION INFORMATION GOVERNANCE COMMITTEE 28 APRIL 2015 AGENDA ITEM 2.6 INFORMATION COMMISSIONER S OFFICE FOLLOW UP DATA PROTECTION AUDIT REPORT Report of Paper prepared by Director of Therapies
More informationAgenda item AOB Time Choose an item. Minutes. Internal publication A revised approach to Probation Right of appeal
Meeting Executive Team Date 15/09/2014 Agenda item AOB Time Choose an item. Minutes Proactive publication Title Presenter ICO Plan aim Information rights strategy aim Issue Decision Financial impact Risks
More informationThis Policy supersedes the following Policy, which must now be destroyed:
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn Executive Director of Performance and Assurance Sue Proud Information
More informationHealth, Safety and Wellbeing Policy
Health, Safety and Wellbeing Policy An overview of how Staffordshire County Council delivers its commitment to the health, safety and wellbeing of employees and stakeholders Staffordshire County Council
More informationStephen Wheeler, Non Executive Director Lynn Vaughan, Director of Human. 1 Non Clinical Risk Committee (NCRC)
Report to: Public Trust Board Date of Meeting: 8 July 2009 Agenda item: 4.1 Title of Report: Status: Board Sponsor: Author: Appendices Non Clinical Risk Committee (NCRC) Report Information Stephen Wheeler,
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY CONSULTATION AND RATIFICATION SCHEDULE Document Name: Governance Policy Policy Number/Version: 2.0 Name of originator/author: Midlands & Lancashire CSU Governance Team Ratified
More informationMetropolitan Police Service (MPS) Health and Safety Policy Version 4.1 Summary
Freedom of Information Act Publication Scheme Protective Marking Official Publication Scheme Y/N Yes Title Metropolitan Police Service (MPS) Health and Safety Policy Version 4.1 Summary MPS Health & Safety
More informationTraining and Development Policy
Training and Development Policy Author(s) (name and post): Alison Smith, Executive Lead Governance and Performance Version No.: Version 1 Draft Approval Date: 14 th January 2014 Review Date: January 2017
More informationESSEX POLICE, FIRE AND CRIME COMMISSIONER, FIRE AND RESCUE AUTHORITY
ESSEX POLICE, FIRE AND CRIME COMMISSIONER, FIRE AND RESCUE AUTHORITY DRAFT Internal Audit Strategy 2018/19 Presented at the audit committee meeting of: 15 December 2017 This report is solely for the use
More informationUn-classified. Date Monday 22 August 2011 Clearance of internal audit recommendations
Meeting Paper title Executive Team Date Monday 22 August 2011 Clearance of internal audit recommendations Agenda item 5.0 Discussion time Purpose of paper Discussion / information [If a decision you must
More informationWest Kent Clinical Commissioning Group
West Kent Clinical Commissioning Group Information Governance Strategy 2017-18 Release: Final Approved Date: 27/10/2016 Author: Jamie Sheldrake Senior Associate - Information Governance Owner: SOUTH EAST
More informationThe Information Commissioner s Office, the Information Governance Alliance and several other organisations are issuing guidance on an on-going basis.
MARCH 2017 GENERAL DATA PROTECTION REGULATION ROTHERHAM CCG ACTION PLAN Themes of the GDPR: Refining/tightening up of existing concepts Standardised law across the EU New concepts in regulation; accountability,
More informationThis Policy supersedes the following Policy, which must now be destroyed:
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn, Executive Director of Commissioning and Quality Assurance Angela
More informationPOSITION STATEMENTS FOR CHAIRPERSON OF THE BOARD MANAGING DIRECTOR COMPANY SECRETARY
POSITION STATEMENTS FOR CHAIRPERSON OF THE BOARD MANAGING DIRECTOR COMPANY SECRETARY CONTENTS CHAIRPERSON OF THE BOARD OF MCB FACTORS LIMITED 3 MANAGING DIRECTOR 4 COMPANY SECRETARY 5 CHAIRPERSON OF THE
More informationGOVERNANCE COMMITTEE CHARTER AND TERMS OF REFERENCE
GOVERNANCE COMMITTEE CHARTER AND TERMS OF REFERENCE DIVISION: AREA/TEAM: Board Governance Committee LAST REVIEWED: 16/06/14 DUE TO BE REVIEWED: 16/06/16 1. CHARTER The role of the Governance Committee
More informationAgile Working Policy for EMIS Community Health Services
Agile Working Policy for EMIS Community Health Services DOCUMENT NUMBER POL/001/077 DATE RATIFIED May 2017 DATE IMPLEMENTED May 2017 NEXT REVIEW DATE May 2019 ACCOUNTABLE DIRECTOR POLICY AUTHOR Director
More informationPolicy Number: 056 Staff Recruitment and Selection August 2015
Policy Number: 056 Staff Recruitment and Selection August 2015 Trim Ref: TD15/1150 Policy Details 1. Owner Manager, Business Operations 2. Compliance is required by Staff and contractors 3. Approved by
More informationWelsh Language Scheme
Welsh Language Scheme April 2014 1. This document reviews progress towards achieving the recommendations adopted following the review of the Welsh Language Scheme. 2. It takes into account the response
More informationPolicies, Procedures, Guidelines and Protocols. Document Details
Policies, Procedures, Guidelines and Protocols Document Details Title Security Management Strategy Trust Ref No 2038-38676 Local Ref (optional) Main points the document The Strategy intends to reinforce
More informationSandwell Metropolitan Borough Council
Sandwell Metropolitan Borough Council 17 April 2018 Agenda Item 12 Subject: Director: Contribution towards Vision 2030: Contact Officer(s): Appointment of Statutory Officers: Senior Information Risk Owner,
More informationReport Title: Trust Board Assurance Committees, Quality Assurance Framework and Assurance Mapping
Summary Report Trust Board Meeting Date: 27 th March 2013 (Part 1) Report Title: Trust Board Assurance s, Quality Assurance Framework and Assurance Mapping Agenda Item: 09 Enclosures: Sponsor; Medical
More informationMeeting Date 15 March 2018 Agenda Item 2b
Meeting Date 15 March 2018 Agenda Item 2b Report Title Stocktake Report Author Pam Wenger, Report Sponsor Pam Wenger, Presented by Pam Wenger, Freedom of Open Information Purpose of the Report The purpose
More informationInformation Governance Management Framework 2016/17
Information Governance Management Framework 2016/17 Reference: IG12 Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy
More informationHEALTH AND SAFETY POLICY
HEALTH AND SAFETY POLICY April 2018 NERC H&S Policy Page 1 of 8 April 2018 Part 1: Statement of Intent Natural Environment Research Centre (NERC) UKRI through the NERC Executive Chair, management and staff
More informationPrivacy Impact Assessment Policy and Procedure
Privacy Impact Assessment Policy and Procedure This document outlines the Trust s approach and methodology for conducting Privacy Impact Assessments in line with the Information Risk Policy Key Words:
More informationF: Compliance Audit Checklists: Organisational & Management Issues
Page 1 F.1.1 Data Protection Policy (Good Practice Observations Only) a) Does the organisation have a clearly documented statement of Data Protection Policy? b) Does this policy specify the organisation's
More informationINFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY
INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY Version: 1.4 Approved by: Date approved: 19 January 2017 Name of Originator/Author: Name of Responsible Committee/Individual: Date issued: Information
More informationRoles and Responsibilities Matrix
Roles and Responsibilities Matrix Status Approved Consultation with Executive Committee 16 th August 2016 Trustee Board Approval 29 th August 2016 Document Location S:\Common\Governance\Roles and Responsibilities
More informationDevelopment of Bracknell Adult Social Care Quality Assurance Framework
Development of Bracknell Adult Social Care Quality Assurance Framework Outline of Proposals Principles 1. Our working definition for the Quality Assurance Framework (QAF), is a set of principles, structures
More informationChief Executive. Group Manager: People, Performance and Policy
JOB DESCRIPTION Job Title Reports to Line Management responsibilities Organisational chart Director of Resources Chief Executive Financial Services Manager Legal and Democratic Services Manager IT Manager
More informationData Protection Impact Assessment Policy
Data Protection Impact Assessment Policy Version 0.1 1 VERSION CONTROL Version Date Author Reason for Change 0.1 16.07.18 Debby Jones New policy 2 EQUALITY IMPACT ASSESSMENT Section 4 of the Equality Act
More informationIFMS Scope: Modules SCM. Financial. Management (GL) Inventory. Management. Asset. Payroll. Management HRM. Procurement Management Catalogue Management
Status of IFMS IFMS Background The IFMS project is aimed at replacing aging and fragmented financial (including Payroll), supply chain and human resource (HR) management systems, and associated ageing
More informationGDPR Compliance Services. Data Privacy and Security Management Services
GDPR Compliance Services About Data Privacy Services Data Privacy Services is a dedicated consultancy covering a range of professional services relating to the European Union s General Data Protection
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY 1 AUTHOR/ APPROVAL DETAILS Document Author Written By: Phil Hartwell Authorised Signature Authorised By: Helen Shields Date: 06
More informationHEALTH AND SAFETY PLAN April 2016 to March 2017
Annex B 2016/17 Health and Safety Plan HEALTH AND SAFETY PLAN April 2016 to March 2017 INTRODUCTION 1. Since the formation of the CCGs, health and safety matters have been managed locally. This paper draws
More informationC22(12) COUNCIL. GOC Business Plan KPIs and Core Activity Performance Indicators. Lead responsibility: Samantha Peters Chief Executive and Registrar
C22(12) COUNCIL GOC Business Plan KPIs and Core Activity Performance Indicators Meeting: Public 25 April 2012 Lead responsibility: Samantha Peters Chief Executive and Registrar Status: for decision Contact
More informationROLES AND RESPONSIBILITIES
ROLES AND RESPONSIBILITIES This policy is a mandatory policy for all trustees to ensure that trustees at all times, act with integrity, in a forthright and ethical manner and in accordance with the Active
More informationProject Management Framework. ITS Project Advisory Board. Project Advisory Board. DATE: 29/04/2016 RELEASE: Final. Sasenka Abeysooriya VERSION: V 2.
Project Management Framework PROJECT NAME: Project Management Framework DATE: 29/04/2016 RELEASE: Final AUTHOR: OWNER: Sasenka Abeysooriya Project Advisory Board VERSION: V 2.02 Information Technology
More informationUnited Lincolnshire Hospitals NHS Trust. Governance Statement 2015/16. Scope of responsibility. The governance framework of the organisation
United Lincolnshire Hospitals NHS Trust Governance Statement 2015/16 Scope of responsibility As Accountable Officer, and Chief Executive of this Board, I have responsibility for maintaining a sound system
More informationInitiative: Information Governance Management
Royal Devon & Exeter Information Governance Information Governance (IG) Toolkit Action Plan Key Requirements Reporting Date 18/03/2011 Programme Manager Sharon Collingwood Project Start Date 30/07/2010
More informationFIRBANK GRAMMAR SCHOOL
FIRBANK GRAMMAR SCHOOL Last updated: June 2018 POSITION DESCRIPTION: RISK AND C OMPLIANCE ANALYST VISION STATEMENT: The vision of Firbank Grammar School is to provide all students with an exceptional education
More informationBob Alexander, Executive Director of Resources and deputy Chief Executive
To: The Board For meeting on: 30 November 2017 Agenda item: 8 Report by: Bob Alexander, Executive Director of Resources and deputy Chief Executive Report on: Deregulation and data duplication Introduction
More informationLeicestershire Police CCTV on Police Premises Policy
Leicestershire Police CCTV on Police Premises Policy Policy Owner: Department Responsible: Chief Officer Approval: Deputy Chief Constable Corporate Services Directorate Deputy Chief Constable Date of Next
More informationInformation Governance Assurance Framework
Document Reference POL008 Document Status Approved Version: V4.0 DOCUMENT CHANGE HISTORY Initiated by Date Author IG Toolkit Requirements November 2010 IG Manager Version Date Comments (i.e. viewed, or
More informationDATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead
DATA QUALITY POLICY Version: 1.2 Approved by: Date approved: 02 February 2016 Name of Originator/Author: Name of Responsible Committee/Individual: Information Governance, Records Management and Caldicott
More informationCONTROLLED DOCUMENT. Study Leave Policy
Study Leave Policy CONTROLLED DOCUMENT CATEGORY: CLASSIFICATION: PURPOSE Controlled Document Number: Version Number: 2 Controlled Document Sponsor: Controlled Document Lead: Approved By: Policy Learning
More informationData Quality Policy
Cambridgeshire and Peterborough Clinical Commissioning Group (CCG) Data Quality Policy 2017-2019 Ratification Process Lead Author(s): Reviewed / Developed by: Approved by: Ratified by: Associate Director
More informationFIRECONTROL PROJECT. Transition Governance, Roles & Responsibilities. Release: Version 1.0. Release Date: DRAFT
FIRECONTROL PROJECT Transition Governance, Roles & Release: Version 1.0 Release Date: DRAFT Doc Ref: RPT0697 User Division: FRD Created by: Christophe Halcrow, national transition workstream Approved by:
More informationHealth and Safety Policy
Health and Safety Policy Policy Version 1.10 Date for Review December 2016 Approved by The Board of Governors Date: 12 th December 2013 December 2013 Health and Safety Policy Page 1 Contents Section 1
More informationNOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Head of Protective Services Specialist Operations. Business Continuity Manager
POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services Policy owner
More informationInformation Rights Committee minutes 23 April 2013
Information Rights Committee minutes 23 April 2013 Members and other attendees present Paul Arnold Jonathan Bamford Lesley Bett Steve Eckersley Simon Entwisle Christopher Graham Anne Jones Ken Macdonald.
More informationappointing the chair and, if the Company has one, the deputy chair and/or senior independent director;
Alta Zinc Limited ABN 63 078 510 988 (Company) 1 Role and responsibilities of the Board The role of the Board is to provide leadership for, and supervision of, the Company s management. The Board sets
More informationGREATER MANCHESTER HEALTH AND SOCIAL CARE STRATEGIC PARTNERSHIP BOARD EXECUTIVE. Establishing Leadership and Accountability in Shadow Form
5a GREATER MANCHESTER HEALTH AND SOCIAL CARE STRATEGIC PARTNERSHIP BOARD EXECUTIVE Date: 13 th November 2015 Subject: Report of: Establishing Leadership and Accountability in Shadow Form Liz Treacy PURPOSE
More informationControlled Document Number: Version Number: 7 Controlled Document Sponsor: Controlled Document Lead:
Policy for the Development and Management of Controlled Documents CONTROLLED DOCUMENT CATEGORY: CLASSIFICATION: PURPOSE: Controlled Document Number: Version Number: 7 Controlled Document Sponsor: Controlled
More informationRecords Management Plan
Records Management Plan October 2014 1 2 Document control Title The Scottish Funding Council Records Management Plan Prepared by Information Management and Security Officer Approved internally by Martin
More information(Non-legislative acts) REGULATIONS
11.12.2010 Official Journal of the European Union L 327/13 II (Non-legislative acts) REGULATIONS COMMISSION REGULATION (EU) No 1169/2010 of 10 December 2010 on a common safety method for assessing conformity
More informationInformation Assets: Security and Risk Management Policy. Choice, Responsiveness, Integration & Shared Care
s: Security and Risk Management Policy Choice, Responsiveness, Integration & Shared Care Worcestershire Mental Health Partnership NHS Trust Reader Box Document Type: Document Purpose: Unique identifier:
More informationRecalling the core functions of the regional associations established in Article 18 of the Convention.
312 ABRIDGED FINAL REPORT OF THE SEVENTIETH SESSION OF THE EXECUTIVE COUNCIL Recognizing that establishment of infrastructures and the implementation of science activities and provision of services are
More informationHealth, Safety, Environment and Quality (HSEQ) Manager. HSEQ Management System Advisor
Position description Title: Health, Safety, Environment and Quality (HSEQ) Manager July 2016 Reporting to: Chief Executive Officer Direct Reports: HSEQ Advisors (x2) HSEQ Management System Advisor PURPOSE
More informationData Access Request Backlog
Author: Simon Croker Date: 14/01/15 1 Copyright 2014, Health and Social Care Information Centre. Contents Contents 2 Background 3 Progress 3 Progress on Data Request Numbers... 4 Clearance of the backlog
More informationInformation Governance Policy
Information Governance Policy Applicable to All employees Version1.0 Last Updated March 2014 CONFIDENTIAL Page 2 of 6 Contents 1. Objectives 3 2. Scope 3 3. Principles 3 4. Information Governance Policy
More informationReplaces document (if applicable) PS 024 Attendance Management Policy 2008
PS 147 Type of Document: ATTENDANCE MANAGEMENT Policy Version: 1.0 Registered Owner: Author: Effective Date: Oct 2012 Review Date: Oct 2014 Replaces document (if applicable) PS 024 Attendance Management
More information