Registration Authority and Integrated Identity Management Policy

Transcription

1 Registration Authority and Integrated Identity Management Policy

2 Policy Title: Executive Summary: Supersedes: Registration Authority and Integrated Identity Management Policy This policy seeks to identify the responsibilities and processes required to ensure that the Registration Authority is effectively managed, properly controlled, and delivered in accordance with national guidance Registration Authority and Integrated Identity Management Policy Description of Amendment(s): This policy will impact on: Re-written to include CIS system. Simplified by removing detailed process descriptions these will be transferred to a separate process document. Information Governance and security, clinical practices, administrative practices, employees. Financial Implications: Policy Area: Corporate Document ECT Reference: Version Number: Version 6 Effective Date: October 2016 Issued By: Review Date: October 2018 Author: Registration Authority Manager Impact Assessment Date: October 2016 APPROVAL RECORD Committees / Group Date Consultation: Information Governance & Records management Group October 2016 Approved by Committees: Information Governance & October 2016 Records management Group Approved by Director: October 2016 Policy Received by: Trust Intranet for ease of accessibility for all staff/ stakeholders October 2016

3 Contents 1. Policy Statement... 4 Purpose... 4 Introduction... 4 Overview... 4 Integrated Identity Management Care Identity Service (CIS) ESR-UIM Interface Position Based Access Control East Cheshire Trust Registration Authority Roles and Responsibilities... 5 Organisational Responsibilities... 5 Board Level Representative... 6 Sponsor... 6 Local Smartcard Administrator... 7 User and Staff Responsibilities... 7 Midlands and Lancashire CSU Registration Authority Roles and Responsibilities... 7 Organisational Responsibilities... 7 Registration Authority Responsibilities... 7 Registration Authority Manager... 8 Registration Authority Agent Advanced... 9 Arvato HR Service Roles and Responsibilities... 9 Organisational Responsibilities... 9 HR Sponsor... 9 ESR Administrator... 9 HR RA Agent HR RA Agent ID Checker Misuse and Incident Reporting Monotoring and Review Reference Documents Midlands and Lancashire CSU ICT Servicedesk Guidance for Staff Glossary... 11

4 1. Policy Statement Purpose This policy document covers Integrated Identity Management and Registration Authority for East Cheshire Trust. This document lays out the policy for Smartcard registration and access control for East Cheshire NHS Trust and supporting RA personnel in its stakeholder organisations: East Cheshire NHS Trust Cheshire HR Service (Arvato) Midlands and Lancashire Commissioning Support Unit This document is the RA policy for East Cheshire Trust, and outlines the roles and responsibilities for Registration Authority and the ESR Interface to Care Identity Service (CIS). The document lays out the policy for Smartcard registration, usage, access control and the ESR-CIS interface. Introduction Overview The NHS Care Records Service (NCRS) and related National Programme for Information Technology (NPfIT) services are accessed using an NCRS Smartcard. A Smartcard is a chip and pin device used as a means of securely identifying a user. For healthcare professionals to be issued with a Smartcard they must be registered through the Registration Authority. Smartcard registration and access is controlled by the Registration Authority. To register for a Smartcard, Registration Authorities are required to ask applicants for identification which satisfies the government recommended standard 'e- Gif Level 3', providing at least three forms of identification (photo and non-photo), including proof of address. Full details can be found at All National Programme for IT applications use a common security and confidentiality approach, which is also shared by various local applications. This is based on the user being assigned roles, areas of work, activities and work groups. Access is defined and authorised by the Sponsor of the user, in the case of East Cheshire Trust access is Sponsored centrally via the Electronic Staff Record. Integrated Identity Management From April 2008, NHS Employment Check Standards became a requirement in the NHS as part of the annual health check. Similarly, robust identity checks are also enforced using the same identity management standards carried out by an NHS organisation s Registration Authority (RA) to verify an individual s identity before allowing access to NHS Care Records Service (NHS CRS) applications. Combining these two parallel activities into a single Integrated Identity Management (IIM) process has proven to deliver significant benefits through HR/RA Process Integration and the move to Position Based Access Control (PBAC), both supported by the following new software applications. Integrated Identity Management significantly improves access control to NHS CRS systems containing person identifiable information through revised business processes and the introduction of two new software applications:

5 1.1.1 Care Identity Service (CIS) CIS is registration software to manage NHS CRS access control and facilitate the Interface to ESR. CIS uses electronic forms and digital signatures thereby removing the need for paper based workflow. The implementation of CIS requires no data to be migrated. Access control in CIS is facilitated using NHS CRS Access Control Positions defined by the Position Based Access Control Methodology which is therefore a pre-requisite to its implementation. CIS replaced the User Identity Manager (UIM) system in February 2015 and performs the same function of managing smartcard access control ESR-UIM Interface The ESR-CIS interface can be used to link staff records in ESR to user records in NHS CRS in order to remove duplication and to drive access control based on the job that a person holds. HR functions currently update ESR when changes are made regarding an employee s assignment to an established position. Where a position is linked to an NHS CRS Access Control Position, the ESR interface will be triggered by such changes and will automatically update an individual s access rights to NHS CRS compliant systems to reflect the requirements of their new position or status. To realise the significant benefits and improved governance that could be achieved, the trusts elected to implement the ESR Interface which was activated in March The CSU RA Team and Arvato HR ESR Team identified and linked all ESR employment positions to the appropriate UIM position. This work was completed in September At this point all ESR-CRS access control links were approved by East Cheshire Trust Position Based Access Control Position Based Access Control (PBAC) is the method of managing smartcard access whereby smartcard users are assigned to predefined access positions. PBAC positions contain access codes which control the level of access received. Changes to a smartcard user s PBAC assignment must be approved in an from the smartcard user s line manager. Changes to a PBAC position or new PBAC positions must be initially approved in an by the trust s IG lead, and then provided the trust s IG group for review. Full details of both PBAC processes described above will be laid out in full in a separate RA process document which will be made available to stakeholders. 2. East Cheshire Trust Registration Authority Roles and Responsibilities Organisational Responsibilities East Cheshire Trust is responsible for approving the Position Based Access Control (PBAC), and the ESR-CIS interface links. The trust must ensure that adequate Sponsors and Smartcard Administrators are in place to support the RA process. With the support of the CSU the trust must ensure that all RA personnel complete the minimum level of RA training.

6 Board Level Representative All NHS trusts must have a board level individual who has delegated accountability for RA activity. This responsible individual must report annually to the organisation on this activity, sign off the RA IG Toolkit submissions. Appointment of an RA Manager will be documented and approved buy Midlands and Lancashire Commissioning Support Unit Board level representative, a change of RA Manager will be reported to the Board Level Representative by the RA Manager. The Director of Corporate Affairs and Governance is the Trust s Senior Information Risk Owner (SIRO) and has delegated accountability for:- The Data Protection Act IG Toolkit Records Management Information Security Registration Authority activity The Associate Medical Director Clinical Effectiveness will act as the Caldicott Guardian with delegated responsibility from the Medical Director and will take a lead on confidentiality issues. a. To act as a champion for data confidentiality at Board level. b. To develop a knowledge of confidentiality and data protection matters including links with external sources of advice and guidance. c. To ensure that confidentiality issues are appropriately reflected in organisational strategies, policies and working procedures for staff. d. To oversee all arrangements, protocols and procedures where confidential social care information may be shared with external bodies including disclosures to other public sector agencies and other outside interests The Deputy Director of Corporate Affairs and Governance (Deputy SIRO) is responsible for ensuring that systems and processes are implemented to ensure sound information governance across the Trust. The Head of Integrated Governance acts as the Data Protection Officer for the Trust and provides assurance reports to the Information Governance & Records Management Group meeting, manages the information governance team, monitors compliance with the IG Toolkit and oversees the archiving and retention of records. Sponsor The Integrated Governance Manager has responsibility for operational procedures and Information Governance and for the implementation and coordination of the information governance work programme across the Trust. Responsibility for specific requirements is devolved to specialist leads and service managers. The Sponsor is responsible for authorising smartcard access within CIS standalone for users that cannot be managed via the ESR interface (Arvato HR will also Sponsor their own staff). As this only includes contracted staff, there is limited need for this role and it will be performed on an as required basis by the Integrated Governance Manager.

7 The sponsor must identify the appropriate level of access that ensures access is only approved on the basis of users having a legitimate relationship with patient data. Typically the sponsor will take advice from service managers when approving smartcard access. The sponsor is responsible for following local and national policy and guidance. The sponsor ensures that users within their organisation are abiding by the NHS Care Records Service Smartcard Terms and Conditions. The sponsor must only unlock or renew smartcards in a face to face meeting with the user, and ensure that smartcard passcodes are set securely. The sponsor must complete the HSCIC e-learning Sponsor module, or other required training that is identified. Local Smartcard Administrator Responsible for unlocking smartcards and renewing smartcard certificates in a face to face meeting with the user. All new passcodes must be set securely. Must complete the HSCIC Local Smartcard Administrator module. A list of people able to unlock smartcards is available on the Trust Infonet. User and Staff Responsibilities Smartcard holders must accept and adhere to the NHS Care Records Service Smartcard Terms and Conditions. In particular users must not share their smartcard, keep their smartcard safe and secure, and not share their smartcard passcode. Users must report misuse to the CSU s information security team via the ICT Servicedesk. Failure to comply with the NHS Care Records Service Smartcard Terms and Conditions may result in disciplinary action as laid out in the trusts Disciplinary Policy. CSU or Client staff without a smartcard must not use attempt to access the NHS Spine using a colleague s identity. If access to the NHS Spine is required individuals must apply for a smartcard. Midlands and Lancashire CSU Registration Authority Roles and Responsibilities Organisational Responsibilities The CSU is responsible for providing the core RA service and managing the RA function to meet the requirements of the National RA Policy and the RA Service Level Agreement. The CSU will agree RA processes and procedures with East Cheshire NHS Trust these will be documented and made available to all parties. Registration Authority Responsibilities It is the responsibility of the RA Manager to work with the East Cheshire Trust and Arvato HR to ensure that the Registration Authority functions outlined below are delivered to the standards indicated. The National Registration Authority Process is adhered to in full and that any local processes are developed to support the National Registration Authority Process as outlined in the latest version of the HSCIC Registration Authorities Operational Guidance and Process Guidance Smartcard Registrations and Registration Authority activities in accordance with the Registration Authorities Operational Guidance and Process Guidance making sure that all Registration Authority forms are completed correctly. This includes ensuring that all new applicants are aware of the latest NHS Care Records Service Smartcard Terms and Conditions and their responsibilities as Smartcard Users.

8 Sufficient Registration Authority personnel (managers, agents and sponsors) are in place to meet the requirements of the National Registration Authority Process and the needs of the stakeholder organisations. All members of the Registration Authority Team are adequately trained and familiar with local and national Registration Authority processes. This includes Registration Authority personnel keeping up to date with changes in operational guidance and the latest software and completing relevant training. Incidents of misuse or anomalies are reported to Information Security and Information Governance Managers. All confidential paperwork is stored securely in a locked unit and can be accessed when necessary. Registration Authority procedures are completed in a timely fashion so that Users are able to access the clinical systems that they need to carry out their job. Ensure that sufficient East Cheshire Trust staff are set up as Smartcard Administrators to support the unlocking of smartcards across the trust s acute and community localities. Ensure processes are in place for maintaining smartcard links To regularly review procedures and stay up to date with national Registration Authority developments including latest software, operational guidance and its integration into Trust policies and procedures. Registration Authority Manager The RA Manager manages the Registration Authority procedure in consultation with the Information Governance Team. The Registration Authority Manager is responsible for setting up all policies and operational procedures concerning the Registration Authority. The RA Manager is responsible for meeting the requirements laid out in this document, the HSCIC RA Policy and the HSCIC Operational and Process Guidance. The RA Manager is responsible for ensuring that all RA Agents are trained, and must complete any appropriate training required for the role. The RA Manager is responsible for ensuring that historic RA forms, other paperwork and sensitive electronic data is stored securely. The RA Manager will ensure that RA equipment is managed effectively to meet the needs of the RA function. The RA Manager will adhere to the same standards required of RA Agents when carrying out RA activities, deviations from the standard processes will require approval from East Cheshire NHS Trust s IG lead. The RA Manager is responsible for assisting the trust to comply with the relevant sections of the IG toolkit and for RA audit activities The Audit will be undertaken by the RA Department and RA Manager, the outcome of the audit will be reported annually back to the IG & RM Group as required. so who is responsible for doing the audits, how often and where is the outcome reported to for assurance purposes eg IG&RM Group? The Registration Authority Manager role will be assigned by Midlands and Lancashire CSU, and can be contacted via the CSU s ICT Servicedesk.

9 Registration Authority Agent Advanced The RA Agent registers new users verifying identification to e-gif level 3, issues Smartcards, maintains and updates existing users access. The RA Agent is responsible for carrying out Smartcard Registrations, change requests and Smartcard revocations in accordance with this document, local operating procedures and the Registration Authorities HSCIC Operational and Process Guidance. Name changes are generated by ESR when they are changed in CIS, the RA Agent will check the original marriage or deed poll certificates before granting these in the CIS system. RA Agents are responsible for handling photos and all sensitive data securely, and deleting or destroying them as appropriate in a timely manner. RA Agents must receive approval from line managers and follow the local operating procedure when arranging for spine access to be granted to smartcard users. All RA Agents will complete the HSCIC Advanced RA Agent e-learning module and any other necessary training. Arvato HR Service Roles and Responsibilities Organisational Responsibilities Arvato HR is the external HR provider that manages the trusts Electronic Staff Record (ESR). Arvato HR is responsible for managing the ESR-CIS interface and the ESR-CIS position links that control smartcard access assignment. Arvato HR is responsible for ensuring that appropriate RA roles are allocated Arvato HR staff to adequately support the RA process. Sponsors, RA Agents and Local Smartcard Administrators must be in place and complete the required training. Arvato will use CIS standalone system to register users and manage smartcard access for their own staff. Arvato HR is responsible for removing smartcard access when users leave the organisation. HR Sponsor The Arvato HR sponsor is responsible for authorising smartcard access within CIS standalone for Arvato HR staff. The sponsor must identify the appropriate level of access that ensures access is only approved on the basis of users having a legitimate relationship with the information that they can access. For HR staff this will only include access to ESR and certain RA roles for smartcard administration purposes. The sponsor is responsible for following local and national policy and guidance. The sponsor ensures that users within their organisation are abiding by the NHS Care Records Service Smartcard Terms and Conditions. The sponsor must only unlock or renew smartcards in a face to face meeting with the user, and ensure that smartcard passcodes are set securely. The sponsor must complete the HSCIC e-learning Sponsor module, or other required training that is identified. ESR Administrator The ESR Administrator is responsible for managing the ESR-CIS position links and supporting the ESR-CIS interface as necessary. The ESR team will provide regular reports to the CSU RA team to show how the ESR-CIS positions are mapped, and to show position linking for new ESR positions.

10 The ESR Administrator will assign the most basic PBAC position (Generic User Access Role) as default, and will only assign other positions when instructed by the RA Team. HR RA Agent The Arvato HR RA Agent registers new users verifying identification to e-gif level 3, and registering new Arvato HR staff with smartcards. The RA Agent will raise requests to add smartcard access which the sponsor will approve. The RA Agent is responsible for complying with requirements laid out in this document, local operating procedures and the Registration Authorities HSCIC Operational and Process Guidance. RA Agents are responsible for handling photos and all sensitive data securely, and deleting or destroying them as appropriate in a timely manner. All RA Agents will complete the HSCIC Advanced RA Agent e-learning module and any other necessary training. HR RA Agent ID Checker The Arvato HR RA Agent ID Checker role supports the East Cheshire Trust induction process. Where East Cheshire Trust staff present their identification for pre-employment checks to Arvato HR, the RA Agent ID Checker will register the applicant on the CIS system. The Arvato HR RA Agent ID Checker registers new starters verifying identification to e-gif level 3. A photo of the new starter will be taken at the same time and will be uploaded to CIS. The RA Agent ID Checker will not issue the smartcard, but will provide the details to Midlands and Lancashire CSU RA team who will issue the smartcard at induction. RA Agent ID Checkers are responsible for handling photos and all sensitive data securely, and deleting or destroying them as appropriate in a timely manner. All RA Agent ID Checkers will complete the HSCIC Advanced RA Agent e-learning module and any other necessary training. Misuse and Incident Reporting All persons connected with East Cheshire NHS Trust must report incidents where they feel there is a risk to patient health, confidentiality, their organisation s reputation or contravention of the NHS Care Records Service Smartcard Terms and Conditions (see user responsibilities). Incidents should be reported to the Sponsor, Registration Authority Manager and also follow the local incident reporting procedure ie report the incident on DATIX, which is the incident reporting system at East Cheshire NHS Trust.. Such incidents can be reported to the CSU s ICT Servicedesk. 3. Implementation This policy will be approved and ratified by the IG&RM Group. There are no formal training requirements relating to the implementation of this policy although staff can obtain guidance from the RA Department and the RA Manager. 4. Measuring Performance To Support East Cheshire NHS Trust RA process, Arvato provide a monthly report. This is modified and used for reporting.

11 A quarterly report will be provided by the RA Manager to show the amount of new users, new cards produced, lost or stolen cards, positions added to users, the report will be defined with East Cheshire NHS Trust and reported through to the IG&RM Group 5. Audit The RA Manager will audit the RA Department to conform to the requirements of the IG Toolkit, the audit will look at Smartcard issued, replacement smartcards, removal of leavers and creation/modification of positions. 6. Review Monitoring and Review This policy will be reviewed every two years or sooner if there is a significant change to national policy, relevant changes in legislation or significant local process change. Review and monitoring will be supported by the RA Manager and update when required. Reference Documents National RA Policy National Operation Process and Guidance NHS Care Records Service Smartcard Terms and Conditions olicyv1sep14.pdf processguidance/raopguid.pdf wtermsandconditionsdashboard (requires spine login) Midlands and Lancashire CSU ICT Servicedesk The contact details for the CSUs ICT Servicedesk are , ServiceDesk@cmcsu.nhs.uk Guidance for Staff Registration Authority and Smartcard guidance for staff will be provided by the CSU on the trust s intranet - Glossary RA Registration Authority IIM Integrated Identity Management ESR Electronic Staff Record CIS Care Identity Service MLCSU Midlands and Lancashire Commissioning Support Unit ECT East Cheshire Trust IG Information Governance PBAC Position Based Access Control

12 Registration Authority and Integrated Identity Management Policy Equality Analysis (Impact assessment) Please START this assessment BEFORE writing your policy, procedure, proposal, strategy or service so that you can identify any adverse impacts and include action to mitigate these in your finished policy, procedure, proposal, strategy or service. Use it to help you develop fair and equal services. Eg. If there is an impact on Deaf people, then include in the policy how Deaf people will have equal access. 1. What is being assessed? Registration Authority and Integrated Identity Management Policy Details of person responsible for completing the assessment: Name: Andrew Nott Position: RA Manager Team/service: RA Department / RA Services State main purpose or aim of the policy, procedure, proposal, strategy or service: (usually the first paragraph of what you are writing. Also include details of legislation, guidance, regulations etc which have shaped or informed the document) This policy is for guidance and delivery of RA Services to East Cheshire NHS Trust, all RA Policies will abide by National RA Service Guidance Policy. 2. Consideration of Data and Research To carry out the equality analysis you will need to consider information about the people who use the service and the staff that provide it. Think about the information below how does this apply to your policy, procedure, proposal, strategy or service 2.1 Give details of RELEVANT information available that gives you an understanding of who will be affected by this document Cheshire East (CE) covers Eastern Cheshire CCG and South Cheshire CCG. Cheshire West & Chester (CWAC) covers Vale Royal CCG and Cheshire West CCG. In 2011, 370,100 people resided in CE and 329,608 people resided in CWAC. Age: East Cheshire and South Cheshire CCG s serve a predominantly older population than the national average, with 19.3% aged over 65 (71,400 people) and 2.6% aged over 85 (9,700 people). Vale Royal CCGs registered population in general has a younger age profile compared to the CWAC average, with 14% aged over 65 (14,561 people) and 2% aged over 85 (2,111 people). Since the 2001 census the number of over 65s has increased by 26% compared with 20% nationally. The number of over 85s has increased by 35% compared with 24% nationally. Race: In 2011, 93.6% of CE residents, and 94.7% of CWAC residents were White British 5.1% of CE residents, and 4.9% of CWAC residents were born outside the UK Poland and India being the most common

13 3% of CE households have members for whom English is not the main language (11,103 people) and 1.2% of CWAC households have no people for whom English is their main language. Gypsies & travellers estimated 18,600 in England in Gender: In 2011, c. 49% of the population in both CE and CWAC were male and 51% female. For CE, the assumption from national figures is that 20 per 100,000 are likely to be transgender and for CWAC 1,500 transgender people will be living in the CWAC area. Disability: In 2011, 7.9% of the population in CE and 8.7% in CWAC had a long term health problem or disability In CE, there are c.4500 people aged 65+ with dementia, and c.1430 aged 65+ with dementia in CWAC. 1 in 20 people over 65 has a form of dementia Over 10 million (c. 1 in 6) people in the UK have a degree of hearing impairment or deafness. C. 2 million people in the UK have visual impairment, of these around 365,000 are registered as blind or partially sighted. In CE, it is estimated that around 7000 people have learning disabilities and 6500 people in CWAC. Mental health 1 in 4 will have mental health problems at some time in their lives. Sexual Orientation: CE - In 2011, the lesbian, gay, bisexual and transgender (LGBT) population in CE was estimated at18,700, based on assumptions that 5-7% of the population are likely to be lesbian, gay or bisexual and 20 per 100,000 are likely to be transgender (The Lesbian & Gay Foundation). CWAC - In 2011, the LGBT population in CWAC is unknown, but in 2010 there were c. 20,000 LGB people in the area and as many as 1,500 transgender people residing in CWAC. Religion/Belief: The proportion of CE people classing themselves as Christian has fallen from 80.3% in 2001 to 68.9% In 2011 and in CWAC a similar picture from 80.7% to 70.1%, the proportion saying they had no religion doubled in both areas from around 11%-22%. Christian: 68.9% of Cheshire East and 70.1% of Cheshire West & Chester Sikh: 0.07% of Cheshire East and 0.1% of Cheshire West & Chester Buddhist: 0.24% of Cheshire East and 0.2% of Cheshire West & Chester Hindu: 0.36% of Cheshire East and 0.2% of Cheshire West & Chester Jewish: 0.16% of Cheshire East and 0.1% of Cheshire West & Chester Muslim: 0.66% of Cheshire East and 0.5% of Cheshire West & Chester Other: 0.29% of Cheshire East and 0.3% of Cheshire West & Chester None: 22.69%of Cheshire East and 22.0% of Cheshire West & Chester Not stated: 6.66% of Cheshire East and 6.5% of Cheshire West & Chester Carers: In 2011, nearly 11% (40,000) of the population in CE are unpaid carers and just over 11% (37,000) of the population in CWAC.

14 2.2 Evidence of complaints on grounds of discrimination: (Are there any complaints or concerns raised either from patients or staff (grievance) relating to the policy, procedure, proposal, strategy or service or its effects on different groups?) No No 2.3 Does the information gathered from indicate any negative impact as a result of this document? 3. Assessment of Impact Now that you have looked at the purpose, etc. of the policy, procedure, proposal, strategy or service (part 1) and looked at the data and research you have (part 2), this section asks you to assess the impact of the policy, procedure, proposal, strategy or service on each of the strands listed below. RACE: From the evidence available does the policy, procedure, proposal, strategy or service affect, or have the potential to affect, racial groups differently? Yes No GENDER (INCLUDING TRANSGENDER): From the evidence available does the policy, procedure, proposal, strategy or service affect, or have the potential to affect, different gender groups differently? Yes No DISABILITY From the evidence available does the policy, procedure, proposal, strategy or service affect, or have the potential to affect, disabled people differently? Yes No AGE: From the evidence available does the policy, procedure, proposal, strategy or service, affect, or have the potential to affect, age groups differently? Yes No LESBIAN, GAY, BISEXUAL: From the evidence available does the policy, procedure, proposal, strategy or service affect, or have the potential to affect, lesbian, gay or bisexual groups differently? Yes No RELIGION/BELIEF: From the evidence available does the policy, procedure, proposal, strategy or service affect, or have the potential to affect, religious belief groups differently? Yes No

15 CARERS: From the evidence available does the policy, procedure, proposal, strategy or service affect, or have the potential to affect, carers differently? Yes No OTHER: EG Pregnant women, people in civil partnerships, human rights issues. From the evidence available does the policy, procedure, proposal, strategy or service affect, or have the potential to affect any other groups differently? Yes No 4. Safeguarding Assessment - CHILDREN a. Is there a direct or indirect impact upon children? Yes No b. If yes please describe the nature and level of the impact (consideration to be given to all children; children in a specific group or area, or individual children. As well as consideration of impact now or in the future; competing / conflicting impact between different groups of children and young people: c. If no please describe why there is considered to be no impact / significant impact on children This policy relates to information governance and administrative practices of staff at ECT, as such there will be no significant impact on children 5. Relevant consultation Having identified key groups, how have you consulted with them to find out their views and that the made sure that the policy, procedure, proposal, strategy or service will affect them in the way that you intend? Have you spoken to staff groups, charities, national organisations etc? Have consulted with Cheshire HR Service and East Cheshire Trust representatives. 6. Date completed: November 2016 Review Date: November Any actions identified: Have you identified any work which you will need to do in the future to ensure that the document has no adverse impact? Action Lead Date to be Achieved 8. Approval At this point, you should forward the template to the Trust Equality and Diversity Lead lynbailey@nhs.net Approved by Trust Equality and Diversity Lead: Date: