Date: INFORMATION GOVERNANCE POLICY
|
|
- Nora Powers
- 6 years ago
- Views:
Transcription
1 Date: INFORMATION GOVERNANCE POLICY Information Governance Policy IGPOL/01 Information Systems Corporate Services Division March
2 Revision History Version Date Author(s) Comments /12/2012 Helen Kerr (Records Manager) /03/2012 Helen Kerr (Records Manager) /04/2012 Helen Kerr (Records Manager) /04/2012 Helen Kerr (Records Manager) /04/2012 Helen Kerr (Records Manager) Review date: Biennially Approval: Information Governance Group and SMT Draft by Records Manager Minor amendments following meeting of the Information Governance Group Minor amendments by Julia O Sullivan Minor amendments by Louise Frayne Final- published /07/2014 Helen Dodd Review of Policy /10/2014 IGG Minor amendments made by the Information Governance Group /12/2016 Adele Picken (Information Governance Manager) Review and structural amendments /12/2016 Alan McMahon Minor amendments (Head of IS) /12/2016 AP Further amendments following AM comments /02/2017 AP Minor Amendments Name Date Version Comments Information 10/02/ Approved by Governance Group SMT 14/03/ Approved by Information Governance Group 2
3 Relevant Policies, Templates & Forms The following policies, procedures, and guidance should be used or referred to when necessary alongside this policy. All policies and templates will be made available on the intranet once finalised and approved. Reference Document Name Status IGPOL/01 Information Governance Final- Published Policy IGPOL/02 Information Security Policy Final-Published IGPOL/03 Data Protection Policy Final- Published IGPOL/04 Information Sharing Policy Final- Published IGPOL/06 IGPOL/07 IGPOL/09 IGPRO/01 IGPRO/02 IMNOTE/01 IMNOTE/02 IMNOTE/03 Corporate Retention Schedule Corporate Classification Scheme Paper Records- Secure Handling and Transit Policy Security Incident Procedure Subject Access Request Procedure SAR guidance- what information to provide SAR guidance- what information to withhold Checklist when handling personal or sensitive data Final- Published Final- Published Final- Published Final- Published Final- Published Final- Published Final- Published Final- Published IMNOTE/04 Checklist- How to process a Subject Access Request Final- Published IMNOTE/05 Naming Convention Final- Published Guidance IMNOTE/06 Version Control Guidance Final- Published IMNOTE/07 Management Guidance Final-Published 3
4 AUP Acceptable Use Policy Final- Published 4
5 CONTENTS 1 INTRODUCTION PURPOSE OF THE POLICY SCOPE INFORMATION GOVERNANCE PRINCIPLES LEGISLATIVE FRAMEWORK RESPONSIBILITIES RESPONSIBILITIES OF MANAGERS RESPONSIBILITIES OF USERS RESPONSIBILITIES OF THE INFORMATION GOVERNANCE GROUP RESPONSIBILITIES OF THE INFORMATION GOVERNANCE MANAGER RESPONSIBILITIES OF THE SENIOR INFORMATION RISK OWNER RESPONSIBILITIES OF INFORMATION ASSET ADMINISTRATORS INFORMATION GOVERNANCE FRAMEWORK MAIN THEMES INFORMATION RISK MANAGEMENT BUSINESS CONTINUITY AND VITAL RECORDS MANAGEMENT ACCESS AND SECURITY ESCALATION
6 1 Introduction 1.1 This policy establishes RCPCH s Information Governance Framework Policy. 1.2 It provides a statement of RCPCH s intentions and approach to fulfilling its statutory and organisational responsibilities with regards to Information Governance. 2 Purpose of the policy 2.1 The purpose of this document is to provide a clear statement of the RCPCH s policy relating to the management of its information assets and the information governance framework within which the RCPCH will operate 2.2 Information Governance is defined as A holistic approach to managing information that seeks to minimise the risks to the organisation and maximise the opportunities in the use of information, whilst protecting the rights of the individual. It enables a strategic approach to managing information assets and resources throughout the information lifecycle by developing appropriate tools, standards and processes, whilst seeking to build organisational cultures that value information resources. 2.3 Information is a key asset which must be managed both strategically and operationally to leverage opportunity and manage risk. 2.4 At its heart it supports two outcomes critical to the success of any modern organisation: Efficiency and accountability: Efficiency so that those working in the organisation are able to easily locate the right information needed to deliver services and to make decisions. Accountability so that the organisation can justify and successfully demonstrate to stakeholders that it is fulfilling its legal, democratic and community obligations 2.5 The key aspects of Information Governance are data protection and confidentiality; information security; 6
7 information quality; information and records management 3 Scope 3.1 This Policy applies to all RCPCH staff, members and contractors who undertake any activity within the organisation in the course of RCPCH s service and business operations. 3.2 The policy sits within a framework of information management policies, procedures and guidance which are listed at Appendix A. 3.3 The policy applies to all information irrespective of the technology used to create and store it. It includes, therefore, paper and electronic records, but also line of business and information systems, for example the corporate CRM (Care) and the content of the intranet and internet sites. 4 Information Governance Principles 4.1 The RCPCH will adopt the Department of Health model as its principles for managing information. Information should be: Held securely and confidentially Obtained fairly and efficiently Recorded accurately and reliably Used effectively and ethically Shared appropriately and lawfully 7
8 4.2 The College aims to maintain and expand its Information Governance framework, supported by a foundation level of IG literacy within the College. This will primarily focus on five things: Developing practical record keeping solutions to ensure that all records assist in helping the College meet its objectives Maintain and continue to develop a training and guidance framework to support staff and make them aware of their responsibilities, as well as an understanding that there may be disciplinary action in the event of non-compliance Develop processes and monitoring tools to ensure our information is secure and risks are managed proactively Maintain and regularly review the policy framework to ensure it is still relevant. Thisdemonstrates the College s commitment to Information Management and establishes good practice Where appropriate, take advantage of technological developments to support effective records management 4.3 This should ultimately help foster an organisational culture that promotes good record keeping and information governance, and create an efficient, forward facing organisation that can manage risks proactively. 5 Legislative framework 5.1 Often legislation will either explicitly or implicitly establish requirements upon the RCPCH to manage information. At a minimum the College will be required to provide documentary evidence that legislative requirements are being adhered to. Other legislation is specifically concerned with how the organisation keeps its information and provides access to it: The Data Protection Act (DPA) 1998 (this will be the General Data Protection Regulation from May 2018) Copyright Designs and Patents Act 1988 Human Rights Act 1998 and the European Convention on human Rights Common law tort of breach of confidence Computer Misuse Act
9 Section 251 of the Health and Social Care Act The RCPCH will aim to comply with national standards relating to the management of information, including: The International Standards for Records Management BS ISO and BS ISO British Standard for Legal Admissibility and Evidential Weight of Information Stored Electronically BIP0008 (previously known as PD0008) Caldicott principles ISO and ISO The NHS Information Governance Toolkit Records Management Code of Practice for Health and Social Care (July 2016) The NHS Information Security Management Code of Practice Responsibilities 6.1 Information management is the responsibility of everyone at the RCPCH. All employees regardless of the seniority of their role make decisions that commit the organisation to some course of action or other. 6.2 In order to fulfil the organisations priorities, it is critical that there is an organisational culture which ensures that employees understand the need to make records of their actions and where the organisation itself manages those records in ways that recognise their importance as an asset to the RCPCH and the wider community. 6.3 Responsibilities of managers Directors across the college must ensure that their area is compliant with RCPCH Policies regarding the management of information and records Each Division will appoint Information Asset Owners to carry out the duties detailed in section 8 of this Policy, and nominate two representatives to attend the Information Governance Group Directors will ensure that managers and employees are fulfilling 9
10 their information management accountabilities and ensure that their staff are sufficiently aware of this policy and the associated guidance, protocols and agreements to carry out their role Each Division will ensure that they have sufficient resource to carry out their Information Management responsibilities and that their staff are made available for information management training 6.4 Responsibilities of Users All employees, including temporary staff, interns and contractors are responsible for ensuring that they comply with the RCPCH s Information Governance policies Employees must undertake mandated training to ensure understanding of information and records management responsibilities appropriate to their post Employees will appropriately create, classify, and retain authentic records appropriate to their post and dispose of records only when authorised by the appropriate Information Asset Owner or Information Governance Manager Employees will report any breach of the above policies, and any near misses to the Information Governance Manager or the Head of Information Systems. Any adverse trends will be analysed and reported to the Information Governance Group. 6.5 Responsibilities of the Information Governance Group The Information Governance Group will support the integration and embedding of Information Governance across the organisation and enable decisions to be made (and supported) from a corporate perspective The group will be responsible for overseeing overall information governance at the college; consideration of existing legislation and compliance, and consideration of Document and Records Management procedures The group is authorised to make recommendations to SMT in the first instance, who may then further refer to the Finance and Risk Committee. 6.6 Responsibilities of the Information Governance Manager 10
11 6.6.1 Develop and maintain Information Management policies, procedure and guidance as necessary Develop Information security policy and develop processes to mitigate risk Maintain and further develop the RCPCH information management architecture, including the Information Asset Register Ensuring systems developed by the RCPCH are compliant with information rights legislation and with the organisation s Information Management Policies Develop Record Keeping systems and processes to ensure that information is proactively exploited Develop the Corporate retention schedule, access models and vital records markings Co-ordinate all requests for information under the Data Protection Act, and where applicable the Freedom of Information Act Develop and ensure that information and records management training is delivered to all employees Manage and provide access to the historical records of the College 6.7 Responsibilities of the Senior Information Risk Owner To lead and foster a culture that values, protects and uses information proactively for the benefit of the organisation and its members To own the overall risk policy and risk assessment process, test its outcome, and ensure that it is used To cover information risk explicitly in the statement of internal control. 11
12 6.8 Responsibilities of Information Asset Administrators Know what information the asset holds, and what enters and why Know who has access and why, and ensures that their use is monitored 7 Information Governance Framework RCPCH has developed a framework for its Information Governance Policy. This is supported by a set of Infomration Governance Policies and related procedures and guidelines to cover all aspects of Information Governance (appendix A). 8 Main Themes Management of Information and Records Partnerships and Contracts Information Quality Assurance Information Risk Management Business Continuity and Vital Records Management Legal Compliance Access and Security Training and Awareness 12
13 8.1 Management of information and records Records Management is the process by which an organisation manages all the aspects of records whether internally or externally generated and in any format or media type, from their creation, all the way through their lifecycle to their eventual disposal The RCPCH records are its corporate memory, providing evidence of actions and decisions and representing a vital asset to support daily functions and operations. Records support policy formation and managerial decision-making, protect the interests of the organisation and its members. They support consistency, continuity, efficiency and productivity and help deliver services in consistent and equitable ways The RCPCH will develop systems and processes for the effective management of both electronic and paper records Classification The classification scheme includes details of records series kept in paper and electronic formats The Information Governance Manager alongside teams will further develop and regularly review the Retention and Disposal Schedule, and will apply retention periods to all information assets and systems The Information Governance Manager will appraise records for their historical worth, and maintain the RCPCH s Archive in perpetuity Information Assets An Information Asset is a set of records, data or information maintained in relation to a business process. This could be a set of paper case files or an electronic business system A complete list of Information Assets held across all business functions, including those outsourced by third parties, is maintained by the Information Governance Manager. This identifies a member of staff (an Information asset administrator) with responsibility for each asset A process of annual information audit will be established and the asset register updated accordingly. 13
14 The Information Asset Register will be a corporate resource and used to support information, system and service development; business continuity and disaster recovery arrangements A procedure will be developed to ensure the secure disposal of all information assets once they are no longer required by the organisation. 8.2 Partnerships and contracts Where the RCPCH enters into partnership, ranging from ongoing supplier relationships through to contracting out of major functions appropriate information governance arrangements must be in place In all cases consideration must be given to the attendant information management and record keeping issues at the time the contract is agreed. This includes identifying who owns the data, minimum security arrangements and escalation procedures in case of an information management security breach The organisations accountabilities in respect of information continue even when activity is carried out on its behalf by a third party. Therefore, all contractors must be made aware that they are data processors on behalf of the organisation The Information Governance Manager must be consulted prior to the undertaking of any contract where personal or sensitive information is held by a third party on behalf of the RCPCH All contracts where personal and sensitive information is processed, must comply with the requirements of the GDPR, including the provision of security guarantees. 8.3 Information Quality Assurance The RCPCH will establish and maintain standards and policies to help assure the quality of information that the organisation creates and maintains In order to ensure data quality, Managers are expected to take ownership of, and seek to improve, the quality of information within their services Wherever possible, information quality should be assured at 14
15 the point of collection The RCPCH is committed to holding one version of any record, document or information set and reducing duplication across its information systems. 8.4 Information Risk Management The RCPCH will ensure stronger accountability with the Senior Information Risk Owner (currently the Director of Corporate Services). Information Management Risks will be monitored by the Information Governance Manager and inform the service planning process. 15
16 8.4.2 The Information Security Policy defines the RCPCH s policy with regard to information, systems and communications security RCPCH will undertake a review of the information asset register and, as a result of this, assess where penetration testing is needed and the frequency required, incompliance with NHS IG toolkit 8.5 Business Continuity and Vital Records Management The RCPCH will develop systematic, monitored and tested business continuity planning in relation to its records and core business information which identifies and manages risks prior to any given disruption to business continuity and which assists the fastest possible recovery afterwards Business continuity plans need to address risks associated with both digital and paper based records. There are obvious differences in risks which must be treated differently Identifiers of vital and important records, will be developed in conjunction with classification schemes The business continuity plan should identify vital and or important records that should be retrieved if necessity and opportunity allow. The plan should include lists and indexes that indicate where these records are (including their physical location within an electronic environment). 8.6 Legal Compliance Data Protection and Confidentiality The RCPCH complies with the Data Protection Act As part of this the Information Commissioner has been notified of all personal data held by RCPCH Any member of staff breaching the RCPCH's Information Governance Policy will be subject to the established disciplinary procedure, and in cases of deliberate or reckless negligence may be subject to criminal sanctions The organisation will ensure that procedures are in place to ensure that the organisation can provide personal information to data subjects under section 7 of the Data Protection Act in 16
17 a timely and thorough manner Freedom of Information The Freedom of Information Act 2000 does not apply to the Royal College of Paediatrics and Child Health as we are not a public authority. However, there are some College projects where the funding body requires compliance because the project s functions are of a public nature and the funding body wishes to be as transparent as possible Where the Freedom of Information Act applies through externally funded projects, standard operating procedures will be developed per project (and in accordance with contractual terms) in order to ensure that the organisation can provide information when requested under the Freedom of Information Act in a timely and thorough manner 8.7 Access and Security The RCPCH will establish and maintain standards and policies for the effective and secure management (including access) of its information assets and resources The RCPCH records and information will be properly controlled through access rights provided to Members, Partners and staff Access rights and models will be developed with service areas and will be based on the security requirements of each information series. The College will provide external access to its non-confidential historical records through the Archives as requested. 8.8 Training and awareness Staff will be made aware of this policy upon publication and on a regular basis afterwards via the intranet New staff will be informed of this policy and undergo training as part of the induction process. Staff will also be required to undertake refresher training every 2 years. 9 Escalation Failure to comply with this Policy may lead to staff disciplinary action being considered in accordance with the College s Conduct and Disciplinary Policy. 17
18 Appendix A Corporate Plan Corporate Services Plan Information Governance Policy Information Security Policy Data Protection Policy Records Management Policy Information Sharing Policy Acceptable Use Policy Security Incident Procedure Paper Records Transfer Policy SAR Procedure Corporate Retention Schedule Corporate Classificatio n Scheme Procedures Guidance Small Numbers Policy SAR Guidance Procedures for off site storage Naming Conventions Key: Published Withholding information Providing Information Handling information checklist Procedures for Record Disposal Version Control guidance In draft 1
Information Governance Policy
Information Governance Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 19 th September 2017 Name of originator /author (s):
More informationInformation Governance Policy and Management Framework
Putting Barnsley People First Information Governance Policy and Management Framework Version: 2.0 Approved By: Governing Body Date Approved: February 2014 Name of originator / author: Richard Walker Name
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Page 1 of 13 INFORMATION GOVERNANCE POLICY EXECUTIVE SUMMARY Key Messages Principles of Information Governance Openness Confidentiality and Legal Compliance Information Security
More informationInformation Governance Management Framework
Management Framework Summary: This document sets out the framework, structure, system and accountabilities for Management within West Kent CCG Clinical Commissioning Group. APPROVED BY: Chief Finance Officer
More informationData protection (GDPR) policy
Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL
More informationDATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead
DATA QUALITY POLICY Version: 1.2 Approved by: Date approved: 02 February 2016 Name of Originator/Author: Name of Responsible Committee/Individual: Information Governance, Records Management and Caldicott
More informationIG01 Information Governance Management Framework
IG01 Information Governance Management Framework 1 INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG01 Document Purpose: The document compliments all other Information
More informationNHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY
NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY Version Control Version: 2.0 dated 17 July 2015 DATE VERSION CONTROL 04/06/2013 1.0 First draft of new policy
More informationINFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN
INFORMATION GOVERNANCE STRATEGY & IMPLEMENTATION PLAN 2015-2018 Disclaimer The latest version of this document is located on PTHB intranet. Please check the review date and if there are any doubts contact
More informationIGPr002 - Information Governance Management Framework
IGPr002 - Information Governance Management Framework Page 1 of 10 Table of Contents Information Governance Management Framework... 1 Why we need this Framework... 3 What the Framework is trying to do...
More informationCorporate policy. Business Continuity Management Policy. Issue sheet
Corporate policy Business Continuity Management Policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSADPN001b S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop
More informationData Protection Policy
Data Protection Policy StCH Data Protection Policy - POL 53 vs1 - July 2016 1 Document Control Table Document Title: Data Protection Policy Document Ref: POL 53 Author (name and job title): Karen Anderson,
More informationInformation Governance Assurance Framework
Document Reference POL008 Document Status Approved Version: V4.0 DOCUMENT CHANGE HISTORY Initiated by Date Author IG Toolkit Requirements November 2010 IG Manager Version Date Comments (i.e. viewed, or
More informationINFORMATION GOVERNANCE MANAGEMENT FRAMEWORK
NHS South West Lincolnshire Clinical Commissioning Group (CCG) INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History: Document Reference: Document Purpose: IG01 Date Ratified: January 2015 Ratified
More informationData Quality Policy
Cambridgeshire and Peterborough Clinical Commissioning Group (CCG) Data Quality Policy 2017-2019 Ratification Process Lead Author(s): Reviewed / Developed by: Approved by: Ratified by: Associate Director
More informationInformation Governance Strategic Management Framework
Information Governance Strategic Management Framework 2016-2018 Susan Meakin Information Governance Manager June 2016 Information Governance DOCUMENT CONTROL: Version: 2 Ratified by: Health Informatics
More informationINFORMATION GOVERNANCE STRATEGY. Documentation control
INFORMATION GOVERNANCE STRATEGY Documentation control Reference Date Approved Approving Body Version Supersedes Consultation Undertaken Target Audience Supporting procedures GG/INF/01 TRUST BOARD Information
More informationRecords management policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope...
Records management policy Board library reference Document author Assured by Review cycle P017 Head of Compliance Audit and Risk Committee 3 Years This document is version controlled. The master copy is
More informationHumber Information Sharing Charter
External Ref: HIG 01 Review date November 2016 Version No. V07 Internal Ref: NELC 16.60.01 Humber Information Sharing Charter This Charter may be an uncontrolled copy, please check the source of this document
More informationInformation Governance and Records Management Policy March 2014
Information Governance and Records Management Policy March 2014 Approving authority: Secretary s Board Consultation via: Secretary's Board Information Governance and Security Group Approval date: 4 March
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Unique Reference / Version Primary Intranet Location Information Management & Governance Secondary Intranet Location Policy Name Information Governance Policy Version Number
More informationData Protection Policy
Reference: Date Approved: April 2015 Approving Body: Board of Trustees Implementation Date: August 2015 Supersedes: 2.0 Stakeholder groups Governance Committee, Board of Trustees consulted: Target Audience:
More informationRecords Management Policy
Records Management Policy Responsible Officer Author Business Planning & Resources Director Corporate Office Date effective from December 1999 Date last amended December 2015 Review date October 2018 1
More informationFreedom of Information (FOI) Policy
Freedom of Information (FOI) Policy Subject Freedom of Information Act (2000) Policy number Tbc Approved by Trust Executive Group Date approved March 2015 Version 2 Policy owner Director of Communications
More informationInformation Governance Policy
Information Governance Policy Applicable to All employees Version1.0 Last Updated March 2014 CONFIDENTIAL Page 2 of 6 Contents 1. Objectives 3 2. Scope 3 3. Principles 3 4. Information Governance Policy
More informationINFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY
INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY Version: 1.4 Approved by: Date approved: 19 January 2017 Name of Originator/Author: Name of Responsible Committee/Individual: Date issued: Information
More informationRisk Management Strategy
Risk Management Strategy 2017-2019 Created by: Role Name Title Author / Editor Kevin McMahon Head of Risk Management & Resilience Lead Executive Margo McGurk Director of Finance & Performance Approved
More informationDATA QUALITY POLICY Review Date: CONTENT
Title: Date Approved: Approved by: DATA QUALITY POLICY Review Date: Policy Ref: Issue: Jan 2010 Sherwood Forest Hospitals Oct 2011 Information Governance Group Division/Department: Policy Category: ISP_03
More informationGeneral Optical Council. Data Protection Policy
General Optical Council Data Protection Policy Authors: Lisa Sparkes Version: 1.2 Status: Live Date: September 2013 Review Date: September 2014 Location: Internet / Intranet Document History Version Date
More informationMinor adjustments from IG Steering Group 0.3 Neil Taylor September 2013
Author(s) Andrew Thomas Version 0.3 Version Date 21 August 2013 Implementation/approval Date Review Date August 2014 Review Body Governing Body Policy Reference Number 014 Version Author Date Reason for
More informationTHE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER
THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER Contents 1 Introduction 2 2 Key messages 3 3 The requirement to appoint a Data Protection Officer 4 3.1 Public
More informationRecords Management Plan
Records Management Plan October 2014 1 2 Document control Title The Scottish Funding Council Records Management Plan Prepared by Information Management and Security Officer Approved internally by Martin
More informationCAPITA PLC POLICY. Environmental [PUBLIC] Classification Version 2.0
CAPITA PLC POLICY Classification Version 2.0 [] Date of Issue 15 th December 2017 Date of Next Review 16 th December 2018 Expiry Date Not Applicable CONTENTS 1 POLICY... 3 1.1 AUDIENCE... 3 1.2 REQUIREMENT...
More informationField/Mobile Working Policy
Field/Mobile Working Policy Management Guidance This document sets out UKRI Field/Mobile Working Policy, which is contractual. It also provides additional guidance for managers, employees and HR in the
More informationGOVERNANCE STRATEGY October 2013
GOVERNANCE STRATEGY October 2013 1. Introduction 1.1. The Central Manchester University Hospitals NHS Foundation Trust believes that the role of the governing body is pivotal to the success of the Trust.
More informationINFORMATION AND RECORDS MANAGEMENT POLICY
INFORMATION AND RECORDS MANAGEMENT POLICY Section University Management Contact Information and Records Management Last Review October 2017 Next Review October 2020 Approval SLT 17/10/151 Purpose: To provide
More informationManaging personal relationships in the workplace
Managing personal relationships in the workplace Author (s) Ruth Davies, Senior HR Manager Corporate Lead Sue Ellis, Director of Workforce Document Version Date approved by Joint Negotiating Consultative
More informationINFORMATION GOVERNANCE MANAGEMENT FRAMEWORK
INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG33 Document Purpose: The document complements all other Information Governance policies and sets out the management arrangements
More informationLoch Lomond & The Trossachs National Park Authority. Annual internal audit report Year ended 31 March 2015
Loch Lomond & The Trossachs National Park Authority Annual internal audit report Year ended 31 March 2015 Contents This report is for: Information Chief executive Audit committee Jaki Carnegie, director
More informationLOCATION: Alpha Plus Fostering, Oldham
National Fostering Agency Group Job Description JOB TITLE: REGISTERED MANAGER LOCATION: Alpha Plus Fostering, Oldham Purpose: The Registered Manager is accountable for providing vision and leadership to
More informationInformation Governance Strategy and Management Framework
Information Governance Strategy and Management Framework Summary: This strategy sets out the framework, structure, system and accountabilities for Information Governance Management within NHS Eastbourne,
More informationGDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges
GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation
More informationFacilities Controller Job Description
Job Title: Employer: Location: Responsible to: Responsible for: Facilities Controller Torus 62 Ltd St Helens and Warrington Compliance & Assurance Manager (Facilities and Energy) Operation and coordination
More informationData Protection. Policy
Data Protection Policy Why do we need this policy? What does the policy apply to? Which parts of SQA are affected? SQA is committed to adopting best practice in protecting the personal information of all
More informationBreakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018
Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018 Introduction The Partner organisations within the Breakthrough Programme need to collect
More informationAssistant Business Manager Job Description
Assistant Business Manager Job Description Responsible to: Responsible for: Business Manager Admin Team made up of: Attendance and Admission Officer Admin Assistant x2 Business Administration Apprentice
More informationData Protection/ Information Security Policy
Data Protection/ Information Security Policy Date Policy Reviewed 27 th April 2016 Date Passed to Governors: 27 th April 2016 Approved by Governors: 7 th June 2016 Date of Next Review: June 2018 Data Protection
More informationRISK MANAGEMENT STRATEGY
Agenda Item No: 15 RISK MANAGEMENT STRATEGY PURPOSE: The Risk Management Strategy has been updated to reflect the revised approach to the Corporate Risk Register and Board Assurance Framework and to reflect
More informationTraining Policy & Procedure Page 1 of 11
Training Policy & Procedure Page 1 of 11 Training & Development Policy Purpose Training Commitment This policy outlines dnata UK s ongoing commitment to ensuring that all employees have access to learning,
More informationJOB DESCRIPTION. Practitioner Young People (YP) subject to Job Evaluation. Service Manager SPOC and YP DIRECT REPORTS: - Purpose of Job
JOB DESCRIPTION JOB TITLE: GRADE: REPORTS TO: Practitioner Young People (YP) subject to Job Evaluation Service Manager SPOC and YP DIRECT REPORTS: - LOCATION: to be confirmed Purpose of Job To ensure that
More informationHealth and Safety Management Standards
Management Standards Curtin University Sept 2011 PAGE LEFT INTENTIONALLY BLANK Management Standards Page 2 of 15 CONTENTS 1. Introduction... 4 1.1 Hierarchy of Documents... 4 2. Management System Model...
More informationS.D.F ELECTRICAL PTY LTD ABN EMPLOYEE POLICY BOOKLET
S.D.F ELECTRICAL PTY LTD EMPLOYEE POLICY BOOKLET 2017 S.D.F ELECTRICAL PTY LTD BLANK PAGE S.D.F Electrical Pty Ltd BUSINESS OBJECTIVES KEY POLICIES ASSOCIATED PROCEDURES Working Live Establishing Employee
More informationKing IV Application Register
King IV Register 1. The governing body should lead ethically and effectively. The directors hold one another accountable for decision-making based on integrity, competence, responsibility, fairness and
More informationStellenbosch University Records Management Policy
Stellenbosch University Records Management Policy Reference number of this document POL-001-2016 HEMIS classification Purpose To maintain, protect, retain and dispose of records in accordance with fiscal,
More informationAuthor s job title Head of Clinical Coding and Data Quality Directorate IM&T
Document Control Title Data Quality Policy Author Author s job title Head of Clinical Coding and Data Quality Directorate IM&T Department Clinical Coding Version Date Issued Status Comment / Changes /
More informationTHE HARBOUR MEDICAL PRACTICE EASTBOURNE
Page 1 THE HARBOUR MEDICAL PRACTICE EASTBOURNE JOB DESCRIPTION YOUR SUCCESS IN THIS POST WILL BE ASSESSED ON YOUR ABILITY TO ACHIEVE THESE JOB RESPONSIBILITIES. We accept that a successful candidate, even
More informationConducting privacy impact assessments code of practice
ICO lo Conducting privacy impact assessments code of practice Data Protection Act Contents Data Protection Act... 1 About this code... 3 Chapter 1 - Introduction to PIAs... 5 What the ICO means by PIA...
More informationCODE OF PRACTICE Appointment to Positions in the Civil Service and Public Service
CODE OF PRACTICE Appointment to Positions in the Civil Service and Public Service PUBLISHED IN 2017 BY THE COMMISSION FOR PUBLIC SERVICE APPOINTMENTS, 18 LOWER LEESON STREET, DUBLIN 2, D02 HE97 TEL: (01)
More informationCORPORATE GOVERNANCE King III - Compliance with Principles Assessment Year ending 31 December 2015
No N/A 1 Chapter 1 - Ethical leadership and corporate citizenship 1.1 The Board should provide effective leadership based on an ethical foundation 1.2 The Board should ensure that the Company is and is
More informationAn Industry Code of Conduct Maritime Autonomous Systems (Surface) MAS(S)
BEING A RESPONSIBLE INDUSTRY An Industry Code of Conduct Maritime Autonomous Systems (Surface) MAS(S) The ISSUE 1 Maritime 01/03/2016 Autonomous Systems Surface, MAS(S) Industry Code of Conduct Foreword
More informationPostNL group procedure
1 January 2017 PostNL Holding B.V. Audit & Security PostNL group procedure on fraud prevention guidance on bribery and corruption Author Director Audit & Security Title PostNL group procedure on Fraud
More informationCode of Conduct. Human Resources Policies and Procedures. UCD/HRO/Conduct/048
1NHSBT Code of Conduct UCD/HRO/Conduct/048 Version Issued: February 2013v1.1 Human Resources Policies and Procedures Code of Conduct UCD/HRO/Conduct/048 1 Policy UCD/HRO/Conduct/048 Title NHSBT Code of
More informationBury Local Care Organisation Provider Alliance
Job Description Post: Project Manager Band: 6 Location/Base: Responsible to: Main Contacts: Bury Town Centre Senior Programme Manager Bury Local Care Organisation Provider Alliance Job Summary The Project
More informationGUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))
GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) Operational Risk Management MARCH 2017 STATUS OF GUIDANCE The Isle of Man Financial Services Authority ( the Authority ) issues guidance for
More informationFreedom of Information: Guide to information available from Brentford School for Girls under the Model Publication Scheme
Freedom of Information: Guide to information available from Brentford School for Girls under the Model Publication Scheme Freedom of Information Act publication scheme for academies This generic model
More informationON ARM S LENGTH. 1. Introduction. 2. Background
ADVICE FOR COUNCILLORS ON ARM S LENGTH EXTERNAL ORGANISATIONS 1. Introduction 1.1 This Advice Note, issued by the Standards Commission for Scotland (Standards Commission), aims to provide councillors with
More informationNHSLA Risk Management Standards for NHS Trusts Providing Community Services 2011/12
NHSLA Risk Management Standards for NHS Trusts Providing Community Services 2011/12 Milton Keynes Primary Care Trust Provider of Community and Mental Health Services Level 1 May 2011 Contents Page 1: Executive
More informationRISK MANAGEMENT POLICY
RISK MANAGEMENT POLICY Clinical Governance & Risk Management Department Warning Document uncontrolled when printed Policy Reference: RM 2.0 Date of Issue: TBC Prepared by: Risk Management Short Life Date
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 256 Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (updated) Adopted on 29 November 2017 INTRODUCTION
More informationPOLICY ON MANAGING POLICIES, PROCEDURES AND GUIDANCE DOCUMENTS
POLICY ON MANAGING POLICIES, PROCEDURES AND GUIDANCE DOCUMENTS Version: 6 Date Ratified: February 2017 Review Date: February 2020 Applies to: Senior Managers and staff who produce procedural documents.
More informationConducting privacy impact assessments code of practice
Conducting privacy impact assessments code of practice Data Protection Act Contents Data Protection Act... 1 Information Commissioner s foreword... 2 About this code... 3 Chapter 1 Introduction to PIAs...
More informationDisclosure & Barring Service (DBS) Check Policy
Disclosure & Barring Service (DBS) Check Policy Version: Final Author: HR Manager Date Issued: December 16 Date Approved by SMT: January 17 Impact Assessment Completed Yes Date of Next Review: January
More informationInternal Audit Policy and Procedures Internal Audit Charter
Mission Statement Internal Audit Policy and Procedures Internal Audit Charter The mission of the Internal Audit Department is to provide independent and objective reviews and assessments of the business
More informationEU General Data Protection Regulation (GDPR)
A Brief Overview of the EU General Data Protection Regulation (GDPR) November 2017 What is the GDPR? After several years in the making, on 8 April 2016 the European Council finally adopted Regulation
More informationGwybodaeth Dan Reolaeth. Gwynedd Council DATA PROTECTION POLICY FINAL 2.0. September Information Management Service. Approved
Gwybodaeth Dan Reolaeth Gwynedd Council DATA PROTECTION POLICY FINAL 2.0 September 2015 Information Management Service 1. Introduction The Council makes considerable use of personal information in all
More informationFixed Term Staffing Policy
Fixed Term Staffing Policy Who Should Read This Policy Target Audience All Trust Staff Version 1.0 October 2015 Ref. Contents Page 1.0 Introduction 4 2.0 Purpose 4 3.0 Objectives 4 4.0 Process 4 4.1 Recruitment
More informationRegulation pertaining to disciplinary & related procedures for academic staff
Regulation pertaining to disciplinary & related procedures for academic staff Table of Contents 1. Application... 2 2. Introduction... 2 3. General Principles... 2 4. Investigation... 3 5. Informal guidance
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 20/04/2016 HSCIC Audit of Data Sharing
More informationGDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry
GDPR Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry Who are we? Dillistone Group Plc, a public company listed on the AIM market of the London stock
More informationNHS BARNSLEY CCG DATA QUALITY POLICY SEPTEMBER 2016
Putting Barnsley People First NHS BARNSLEY CCG DATA QUALITY POLICY SEPTEMBER 2016 Version: 1.0 Approved By: Governing Body Date Approved: 8 September 2016 Name of originator / author: Name of responsible
More informationNHS HEALTH SCOTLAND PARTNERSHIP AGREEMENT
NHS HEALTH SCOTLAND PARTNERSHIP AGREEMENT 1 Foreword by the Chief Executive of NHS Health Scotland and the Staff Side Chair All NHS Boards are required to have in place formal partnership working arrangements,
More information1. Each employee is responsible for managing college records in a responsible and professional manner.
Policy O-6.2 Approved By: College Executive Team Approval Date: February 26, 2003 Amendment Date: November 25, 2009 Policy Holder: VP Administration Purpose / Rationale RECORD MANAGEMENT The purpose of
More informationINTERNAL AUDIT DIVISION REPORT 2017/022. Audit of knowledge and records management at the United Nations Framework Convention on Climate Change
INTERNAL AUDIT DIVISION REPORT 2017/022 Audit of knowledge and records management at the United Nations Framework Convention on Climate Change Knowledge and records management needs to be enhanced by establishing
More informationSafer Recruitment Policy
Safer Recruitment Policy 2014-2017 Issue 5 July 2014 Summary of Policy: The Policy outlines how the College meets Safeguarding legislation requirements in respect of the recruitment and selection of staff
More informationThomson House School Freedom of Information Policy
Thomson House School Freedom of Information Policy Agreed by: Finance and General Purposes Committee Date: January 2017 Review Cycle: Annual Next Review Date: January 2018 1 Freedom of Information Act
More informationLead Employer Flexible Working Policy. Trust Policy
Lead Employer Flexible Working Policy Type of Document Code: Policy Sponsor Lead Executive Recommended by: Trust Policy Deputy Director of Human Resources Director of Human Resources Date Recommended:
More informationReview date: July 2018 Responsible Manager: Head of Human Resources. Accessible to Students: No. Newcastle College: Group Services:
Redundancy and Redeployment Policy Date approved: 15 July 2015 Approved by: Executive Board Review date: July 2018 Responsible Manager: Head of Human Resources Executive Lead: Group Director (HR and OD)
More informationGroup Environment Policy
Our commitment to good business Protecting the environment 7 Version 1 July 2014 Our Business Principles 1 Demonstrating integrity in corporate conduct 2 Ensuring openness and transparency 3 Respecting
More informationInformation Governance Management Framework Version 6 December 2017
Information Governance Management Framework Version 6 December 2017 Page 1 of 8 Introduction Robust information governance requires clear and effective management and accountability structures, governance
More informationInformation Governance Management Framework
Information Governance Management Framework November 2014 Author: Responsibility: Lynda Harris, Head of Information Governance All Staff Effective Date: November 2014 Review Date: November 2015 Reviewing/Endorsing
More informationDisciplinary Policy and Procedure
Disciplinary Policy and Procedure Version 2.5 Important: This document can only be considered valid when viewed on the Trust website. If this document has been printed or saved to another location, you
More informationJOB DESCRIPTION SALARY: 36,004
JOB DESCRIPTION JOB TITLE: Asset Information Manager SALARY: 36,004 RESPONSIBLE TO: Head of Asset Management RESPONSIBLE FOR: Asset Information Officer Asset Information Assistant Customer Involvement
More informationKing lll Principle Comments on application in 2013 Reference in 2013 Integrated Report
Application of King III Principles 2013 This document has been prepared in terms of the JSE Listings Requirements and sets out the application of King III principles by the Clicks Group. The following
More informationGUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector
GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector TABLE OF CONTENTS INTRODUCTION... 2 Accountable privacy management 2 Getting started 3 A.
More informationHUMAN RESOURCES RECRUITMENT POLICY. Last Modified: August Review Date: August Version Number: 1.6
HUMAN RESOURCES RECRUITMENT POLICY User-group: All Staff Review Date: August 2018 Approved By: Executive Author: Helen Taylor Contact Person: HR Services Team, Ext 3193 Person Responsible: Head of Human
More informationRole Title: Chief Officer Responsible to: CCG chairs - one employing CCG Job purpose/ Main Responsibilities
Role Title: Chief Officer Responsible to: CCG chairs - one employing CCG Job purpose/ Main Responsibilities Accountable to: All employed staff working within the 3 CCGs Within the 3 CCGs the Chief Officer
More informationASSURANCE FRAMEWORK. A framework to assure the Board that it is delivering the best possible service for its citizens SEPTEMBER 2010.
ASSURANCE FRAMEWORK A framework to assure the Board that it is delivering the best possible service for its citizens SEPTEMBER 2010 V3 Draft 1 SECTION NO. ASSURANCE FRAMEWORK CONTENTS 1. INTRODUCTION 3
More informationFreedom of Information Act Publication Scheme for Academies
Freedom of Information Act Publication Scheme for Academies The Dukeries Academy Publication Scheme adopted by Local Governing Body on 13 October 2014 This generic model publication scheme has been prepared
More informationData Protection Policy
Data Protection Policy Name of Chair: Mr David Mann Name of Headteacher: Mrs Eileen Bissell Name of person Responsible: Mrs Eileen Bissell Adopted and Agreed on: October 2015 Date of Review: October 2018
More informationHonorary Contracts Procedure
Honorary Contracts Procedure Version: 3.0 Bodies consulted: Approved by: Joint Staff Consultative Committee & WMT Executive Management Team Date Approved: 03 October 2017 Lead Manager: Responsible Director:
More information