Police Service of Scotland Data protection audit report. Executive summary
|
|
- Joella Flynn
- 5 years ago
- Views:
Transcription
1 Police Service of Scotland Data protection audit report Executive summary September 2017
2 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act 1998 (the DPA). Section 51 (7) of the DPA contains a provision giving the Information Commissioner power to assess any organisation s processing of personal data for the following of good practice, with the agreement of the data controller. This is done through a consensual audit. The Information Commissioner s Office (ICO) sees auditing as a constructive process with real benefits for data controllers and so aims to establish a participative approach. Police Service of Scotland (PSoS) has agreed to a consensual audit by the ICO of its processing of personal data. An initial telephone call was held on 7 December with representatives of PSoS to discuss the agreed scope and to agree the schedule of interviews. ICO data protection audit report executive summary 2 of 6
3 2. Scope of the audit Following pre-audit discussions with PSoS, it was agreed that the audit would focus on the following areas: a. Security of personal data The technical and organisational measures in place to ensure that there is adequate security over personal data held in manual or electronic form. b. Training and awareness The provision and monitoring of staff data protection training and the awareness of data protection requirements relating to their roles and responsibilities. ICO data protection audit report executive summary 3 of 6
4 3. Audit opinion The purpose of the audit is to provide the Information Commissioner and PSoS with an independent assurance of the extent to which PSoS, within the scope of this agreed audit, is complying with the DPA. The recommendations made are primarily around enhancing existing processes to facilitate compliance with the DPA. Due to the geographical size of PSoS and the number of staff employed, the site visit alone was limiting in allowing the ICO to be able to gain assurance across the organisation. A staff survey would have provided an opportunity to review and evidence the application and consistency of procedures, and assisted us in assessing specific areas of weakness/risk across the whole organisation, not just those staff/departments we interviewed during the on-site audit. The audit would have benefitted from further access to key staff and documents. Overall Conclusion Limited Assurance There is a limited level of assurance that processes and procedures are in place and delivering data protection compliance. The audit has identified considerable scope for improvement in existing arrangements to reduce the risk of non-compliance with the DPA. We have made one limited and one very limited assurance assessments, where controls could be enhanced to address the issues which are summarised below. ICO data protection audit report executive summary 4 of 6
5 4. Summary of audit findings Areas of good practice PSoS has implemented a Nessus vulnerability management system to log new technical vulnerability updates. In addition, PSoS also use hacking tools to identify any additional technical vulnerability. There is a vulnerability assessment and penetration testing process to identify, test and apply solutions to vulnerabilities. PSoS have an internal audit programme in place which takes a risk based approach. These include audits for key systems and processes such as transaction monitoring of the Police National Database and the Driver Validation Service database to ensure compliance with their use. Areas for improvement PSoS does not currently have a force-wide Information Asset Register in place for ensuring that all information assets are identified, logged and continually risk assessed. Information Asset Owners have only been established for some information assets held by PSoS. The current PSoS data protection and information security training programme provided to police staff and officers as part of their induction training is not regularly reviewed and evaluated to ensure the content is up-to-date, relevant and fit for purpose. Data protection and information security training is not refreshed and it is possible for a member of staff to be employed for over 25 years and not receive any additional training in data protection or information security following the induction course. PSoS does not conduct training needs analysis for staff responsible for processing personal data which poses a risk that staff groups have not received an appropriate level of data protection and information security training. ICO data protection audit report executive summary 5 of 6
6 The matters arising in this report are only those that came to our attention during the course of the audit and are not necessarily a comprehensive statement of all the areas requiring improvement. The responsibility for ensuring that there are adequate risk management, governance and internal control arrangements in place rest with the management of PSoS. We take all reasonable care to ensure that our audit report is fair and accurate but cannot accept any liability to any person or organisation, including any third party, for any loss or damage suffered or costs incurred by it arising out of, or in connection with, the use of this report, however such loss or damage is caused. We cannot accept liability for loss occasioned to any person or organisation, including any third party, acting or refraining from acting as a result of any information contained in this report. ICO data protection audit report executive summary 6 of 6
Heart of England NHS Foundation Trust
Heart of England NHS Foundation Trust Data protection audit report Executive summary February 2017 1. Background 1. Background The Information Commissioner is responsible for enforcing and promoting compliance
More informationEast Riding of Yorkshire Council Data protection audit report. Executive summary March 2014
East Riding of Yorkshire Council Data protection audit report Executive summary March 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data
More informationNeath Port Talbot County Borough Council. Data protection audit report
Neath Port Talbot County Borough Council Data protection audit report Executive summary January 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with
More informationStaffordshire Police. Data Protection Audit Report. Executive Summary
Staffordshire Police Data Protection Audit Report Executive Summary May 2018 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act
More informationChelsea & Westminster Hospital NHS Foundation Trust. Data protection audit report
Chelsea & Westminster Hospital NHS Foundation Trust Data protection audit report Executive summary October 2017 1. Background The Information Commissioner is responsible for enforcing and promoting compliance
More informationParliamentary and Health Ombudsman. Data protection audit report
Parliamentary and Health Ombudsman Data protection audit report Executive summary March 2018 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data
More informationINFORMATION COMMISSIONER S OFFICE FOLLOW UP DATA PROTECTION AUDIT REPORT. Information Governance Manager. This paper supports:
FOR DISCUSSION INFORMATION GOVERNANCE COMMITTEE 28 APRIL 2015 AGENDA ITEM 2.6 INFORMATION COMMISSIONER S OFFICE FOLLOW UP DATA PROTECTION AUDIT REPORT Report of Paper prepared by Director of Therapies
More informationThe review demonstrated that the Trust has taken appropriate steps and put plans in place to address the requirements of the Undertaking.
Data Protection Act 1998 Undertaking follow-up Pennine Care NHS Foundation Trust ICO Reference: COM0579293 & COM0641364 In the week beginning 15 January 2018 the Information Commissioner s Office (ICO)
More informationUtility Warehouse. Privacy and Electronic Communications Regulations audit report
Utility Warehouse Privacy and Electronic Communications Regulations audit report Executive summary March 2018 1. Background and scope The Information Commissioner may audit the measures taken by the provider
More informationDyfed Powys Police ICO Reference: COM , COM and COM
Data Protection Act 1998 Undertaking follow-up Dyfed Powys Police ICO Reference: COM0666484, COM0672404 and COM0677576 On 29 March 2018, the Information Commissioner s Office (ICO) conducted a follow-up
More informationPost Office Limited. Privacy and Electronic Communications Regulations audit report
Post Office Limited Privacy and Electronic Communications Regulations audit report Executive summary February 2018 1. Background and scope The Information Commissioner may audit the measures taken by the
More informationInformation Commissioner's Office
Information Commissioner's Office Internal Audit 2014-15: Follow up Last updated 21 May 2015 Distribution For action Senior Corporate Governance Manager Timetable Fieldwork completed 15 May 2015 Draft
More informationAuditing data protection
Data protection Auditing data protection a guide to ICO data protection audits 1 Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering
More informationFindings from ICO audits of 16 local authorities
Data protection Findings from ICO audits of 16 local authorities January to December 2013 Introduction This report is based on ICO audits of 16 local authorities between January and December 2013. This
More informationGPEN Sweep 2018 Privacy Accountability
GPEN Sweep 2018 Privacy Accountability October 2018 Office of the Privacy Commissioner, New Zealand Information Commissioner s Office, UK Page 1 of 9 Background The 2018 GPEN Sweep aimed to consider how
More informationNOT PROTECTIVELY MARKED
Meeting Audit Committee Public Session Date and Time Location Pacific Quay, Glasgow Title of Paper General Data Protection Regulation (GDPR) SPA Preparedness Item Number 9.4 Presented By Catherine Topley
More informationLeicestershire Police CCTV on Police Premises Policy
Leicestershire Police CCTV on Police Premises Policy Policy Owner: Department Responsible: Chief Officer Approval: Deputy Chief Constable Corporate Services Directorate Deputy Chief Constable Date of Next
More informationNHS Digital Post Audit Review of Data Sharing Activities: University College London
Directorate / Programme Care Services Project Data Sharing Audits Status Approved Director Catherine O Keeffe Version 1.0 Owner Sean Walsh Version issue date 13/10/2017 NHS Digital Post Audit Review of
More informationB2B telemarketing in a GDPR world
B2B telemarketing in a GDPR world Written by: Jason Waldock & Anita Turner OUR BUSINESS IS NEW BUSINESS 1 Foreword Given the right advice and expertise, telemarketing in the GDPR world should be more effective.
More informationInformation Governance Policy
Information Governance Policy Owner Author Information Team Information Governance Manager Reviewed by Approved by and date Council/Committee/EMT Board - Date approved Effective from 24 April 2017 Review
More informationThe Annual Audit Letter for Derby City Council
The Annual Audit Letter for Derby City Council. Year ended 31 March 2014 27 October 2014 Phil Jones Director T 0121 232 5232 E phil.w.jones@uk.gt.com Tony Parks Manager T 0121 232 5301 E tony.l.parks@uk.gt.com
More informationOFFICIAL. Date 18 April 2018 Pacific Quay, Glasgow General Data Protection Regulation (GDPR) Police Scotland Preparedness Item Number 11.
Meeting Date Location Pacific Quay, Glasgow Title of Paper General Data Protection Regulation (GDPR) Police Scotland Preparedness Item Number 11.2 Presented By ACC Alan Speirs Recommendation to Members
More informationGENERAL DATA PROTECTION REGULATION
GENERAL DATA PROTECTION REGULATION (GDPR) What is General Data Protection Regulation (GDPR) What this means for GP Practices Replaces the Data Protection Act 1998 (DPA) Designed to match data privacy laws
More informationInternal Audit. Network Management. March 2018
Internal Audit Network Management March 2018 Internal Audit Assurance assessment: Objective Objective Objective Objective One Two Three Four Limited Timetable Date closing meeting held: 24 November 2017
More informationData Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General
Data Protection Document Detail Type of Document (Stat Policy/Policy/Procedure) Policy Category of Document (Trust HR-Fin-FM-Gen/Academy) General Index reference number Approved 26/04/18 Approved by Trust
More informationDATA PROTECTION POLICY
Registered Address: Mountdale Gardens, Leigh-on-Sea, Essex SS9 4AW Executive Headteacher: Mrs. J. Mullan Telephone: (01702) 524193 Fax: (01702) 526761 DATA PROTECTION POLICY SEN TRUST SOUTHEND KINGSDOWN
More informationDATA PROTECTION POLICY
Registered Address: Mountdale Gardens, Leigh-on-Sea, Essex SS9 4AW Executive Headteacher: Mrs. J. Mullan Telephone: (01702) 524193 Fax: (01702) 526761 DATA PROTECTION POLICY SEN TRUST SOUTHEND KINGSDOWN
More informationJoint Audit Plan for Devon and Cornwall Police and Crime Commissioner and Chief Constable
Joint Audit Plan for Devon and Cornwall Police and Crime Commissioner and Chief Constable. Year ended 31 March 2015 June 2015 Alex Walling Associate Director T 0117 3057804 E alex.j.walling@uk.gt.com Chris
More informationInformation Asset Management Policy
Information Asset Management Policy 1.0 Purpose 1.1 The purpose of this policy is to outline the management of the Fund s information asset register and the actions that will be taken to provide sufficient
More informationBurton Hospitals NHS Foundation Trust. On: 22 January Review Date: December Corporate / Directorate. Department Responsible for Review:
POLICY DOCUMENT Burton Hospitals NHS Foundation Trust DATA QUALITY POLICY Approved by: Trust Management Team On: 22 January 2016 Review Date: December 2018 Corporate / Directorate Clinical / Non Clinical
More informationAlberta Registries. Report to the Minister of Municipal Affairs. April 15, 1998
Alberta Registries Report to the Minister of Municipal Affairs April 15, 1998 TABLE OF CONTENTS Executive Summary I. Overview of the Report II. General Background III. Scope of the Audit IV. Privacy Compliance
More informationInternal audit effectiveness reviews
Internal audit effectiveness reviews A changing environment In the current climate it is more important than ever for internal audit to be seen as a credible business partner, able to identify control
More informationON ARM S LENGTH. 1. Introduction. 2. Background
ADVICE FOR COUNCILLORS ON ARM S LENGTH EXTERNAL ORGANISATIONS 1. Introduction 1.1 This Advice Note, issued by the Standards Commission for Scotland (Standards Commission), aims to provide councillors with
More informationTourettes Action Data Protection Policy
Tourettes Action Data Protection Policy Effective date: 01/01/2018 Review date: 01/01/2020 Approved: Suzanne Dobson, CEO Tourettes Action Author: Pippa McClounan, Office Manager Tourettes Action Version
More informationGDPR in Early Years and Childcare settings. What s the connection? Data Protection
GDPR in Early Years and Childcare settings What s the connection? Data Protection What is GDPR? Test your knowledge 10 minute quiz Think of GDPR as evolutionary, not revolutionary Why? GDPR legislation
More informationToolkit for Assessing Funding Applications that Involve Volunteers
Toolkit for Assessing Funding Applications that Involve Volunteers This toolkit has been developed by Volunteer Now with input from BIG Lottery, Community Foundation for N Ireland, Belfast City Council,
More informationGDPR. Applying the General Data Protection Regulation to your business
GDPR Applying the General Data Protection Regulation to your business Mediaburst SMS Guide Contents 1 Introduction 3 12 steps to take now 7 Who does it apply to? 8 What information does it apply to? 9
More informationappointing the chair and, if the Company has one, the deputy chair and/or senior independent director;
Alta Zinc Limited ABN 63 078 510 988 (Company) 1 Role and responsibilities of the Board The role of the Board is to provide leadership for, and supervision of, the Company s management. The Board sets
More informationQuestionnaire. Short description of the general activity of your organisation Global accounting firm providing advisory and audit services.
Questionnaire To: Mr. Piotr Madziar Head of Accounting Unit F3 DG Internal Market and Services European Commission B-1049 Brussels: Piotr.Madziar@ec.europa.eu and Reinhard.Biebel@ec.europa.eu Information
More information12 STEPS TO PREPARE FOR THE GDPR
12 STEPS TO PREPARE FOR THE GDPR Presented by Henshalls Insurance Brokers On 25 May 2018, the General Data Protection Regulation (GDPR) comes into effect in the EU and across the United Kingdom. The GDPR
More informationJOB DESCRIPTION & PERSON SPECIFICATION. Director of Regulatory Assurance. REPORTS TO: Deputy Commissioner - Operations PURPOSE OF POST
JOB DESCRIPTION & PERSON SPECIFICATION JOB TITLE: Director of Regulatory Assurance REPORTS TO: Deputy Commissioner - Operations SALARY: HOURS: Level G2 37 per week PURPOSE OF POST The Operations executive
More informationJOB TITLE: Head of Risk and Governance and Data Protection Officer. REPORTS TO: Director of Corporate Affairs and Governance
JOB DESCRIPTION AND PERSON SPECIFICATION JOB TITLE: Head of Risk and Governance and Data Protection Officer REPORTS TO: Director of Corporate Affairs and Governance SALARY: Level G HOURS: 37 per week PURPOSE
More informationProject Title. Project Number. Privacy Impact Assessment
Project Title Project Number Privacy Impact Assessment This document is classified as Official and is disclosable under the terms of the Freedom of Information Act. No part of the report should be disseminated
More informationPHWIGC framework that addresses the issues raised by the Francis Report. Author: John Morley & Jane Evans Information Governance Managers
PHWIGC 17 03 Information Governance Audits Purpose of Document: To describe the process that Public Health Wales Information Governance Managers will follow when undertaking announced and unannounced Information
More informationInternal Audit. Compliance with Policies and Procedures. April 2015
April 2015 Report Assessment A G A Distribution List Chief Executive Director of Finance Director of Human Resources & Organisational Development Executive Nurse Director Chief Officer, NHS Lothian Acute
More informationDraft letter of Appointment to be issued to Independent Directors on appointment at the ensuing AGM on 14 th August, 2014.
Draft letter of Appointment to be issued to Independent Directors on appointment at the ensuing AGM on 14 th August, 2014. [On the letter head of Standard Industries Limited] 14 th August, 2014 (Name of
More informationCARER SUPPORT WILTSHIRE. Job Description. Reaching Communities Team Leader. Wiltshire, based at Semington Carers Centre
CARER SUPPORT WILTSHIRE Job Description Job Title Accountable to Responsible for Geographical Area Hours of Work Office Manager Reaching Communities Team Leader Business Administration Apprentice, Administrators,
More informationBriefing No. 2 GDPR. 1 mccann fitzgerald
Briefing No. 2 GDPR This briefing was produced by the Institute of Directors in association with McCann FitzGerald for use in Ireland. McCann FitzGerald is one of Ireland s premier law firms, providing
More informationCairngorms National Park Authority
Cairngorms National Park Authority Internal Audit Annual Report (DRAFT) April 2010 This report and the work connected therewith are subject to the Terms and Conditions of the engagement letter between
More informationReplaces document (if applicable) PS 024 Attendance Management Policy 2008
PS 147 Type of Document: ATTENDANCE MANAGEMENT Policy Version: 1.0 Registered Owner: Author: Effective Date: Oct 2012 Review Date: Oct 2014 Replaces document (if applicable) PS 024 Attendance Management
More informationThis Policy supersedes the following Policy, which must now be destroyed:
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn Executive Director of Performance and Assurance Sue Proud Information
More informationStandards for Internal Control in New York State Government 2016 Update
Standards for Internal Control in New York State Government 2016 Update Presented to the New York State Internal Control Association John F. Buyce Audit Director April 28, 2016 1 Last Revised in 2007 A
More informationData Management and Protection Policy
Data Management and Protection Policy Approved by Governor committee: Finance and Audit Date to be reviewed: June 2018 Responsibility of : Director of Finance and Operations Date ratified by Governing
More informationRecruitment & Selection Policy
Beyond Limits provides policies and procedures to promote safe and consistent practice across the Organisation. The framework laid down within our policies and procedures lets everyone know how we work
More informationGUIDANCE NOTES DATA PRIVACY IMPACT ASSESSMENT
GUIDANCE NOTES DATA PRIVACY IMPACT ASSESSMENT A Data Privacy Impact Assessment (DPIA) helps the University to assess the necessity and proportionality of processing personal data. A DPIA will enable the
More informationWhat does the GDPR mean for recruitment?
What does the GDPR mean for recruitment? www.recruitment.software Contents 04 What is GDPR? In May 2018, Europe s new data protection rules will come into effect. 04 Who is responsible? 05 What are the
More informationGrant Thornton s annual report on the HCPC s governance, risk management and internal control systems is attached.
Audit Committee, 14 June 2017 Internal Audit Annual Report 2016-17 Executive summary and recommendations Introduction Grant Thornton s annual report on the HCPC s governance, risk management and internal
More informationPRIVACY POLICY. VERSION 1.3 Keystone Property Finance 42 Kings Hill Avenue, Kings Hill, West Malling, Kent M19 4AJ
PRIVACY POLICY VERSION 1.3 Keystone Property Finance 42 Kings Hill Avenue, Kings Hill, West Malling, Kent M19 4AJ Contents INTRODUCTION... 2 WHY WE PROVIDE YOU WITH OUR PRIVACY NOTICE... 2 OUR PRIVACY
More informationReview of Compliance. Review completed 30 June 2015 Unclassified summary released October 2015
Review of Compliance Review completed 30 June 2015 Unclassified summary released October 2015 Contents Introduction... 3 Summary of Review... 3 Recommendations of the Review:... 4 Director s Response...
More informationKEMBLE PRIMARY & SIDDINGTON CE PRIMARY SCHOOLS DATA PROTECTION & THE GENERAL DATA PROTECTION REGULATION (GDPR) POLICY
KEMBLE PRIMARY & SIDDINGTON CE PRIMARY SCHOOLS DATA PROTECTION & THE GENERAL DATA PROTECTION REGULATION (GDPR) POLICY Member of staff responsible Head teacher Governor responsible Chair of LGB & DPO Date
More informationPolice and Crime Commissioner for Essex. Reporting Sickness Policy
Police and Crime Commissioner for Essex Reporting Sickness Policy Version Control Version 2.0 February 2016 Reviewed By L Gordon February 2016 Policy owner S Hancock First Published J Drewett November
More information2018 CORPORATE GOVERNANCE STATEMENT
2018 CORPORATE GOVERNANCE STATEMENT This Corporate Governance Statement describes the main corporate governance practices currently in place for CardieX Limited (formerly AtCor Medical Holdings Limited)
More informationAnnual Audit Letter. Sheffield Teaching Hospitals NHS Foundation Trust. Year ending 31 March 2018
Annual Audit Letter Sheffield Teaching Hospitals NHS Foundation Trust Year ending 31 March 2018 CONTENTS 5. Our fees 6. Forward look Reports and letters prepared by the auditor and addressed to the Foundation
More informationHuman Resources. Data Protection Policy IMS HRD 012. Version: 1.00
Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed
More informationSub: -Appointment as Non-Executive Independent Director
[Date] Mr. [Name of Director] Non-Executive Independent Director Kotak Mahindra Asset Management Company Ltd Sub: -Appointment as Non-Executive Independent Director I am pleased to confirm that the Shareholders
More informationThis Policy supersedes the following Policy, which must now be destroyed:
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn, Executive Director of Commissioning and Quality Assurance Angela
More informationJOB DESCRIPTION. Information Rights Coordinator. Policy and Governance. Legal Services. The Burys, Godalming, Surrey, GU7 1HR.
Waverley is an ambitious authority, committed to being one of the leading Councils in the country at a time of major change by developing a high performing, highly engaged staff team to share the organisation
More informationGDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry
GDPR Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry Who are we? Dillistone Group Plc, a public company listed on the AIM market of the London stock
More informationConducting privacy impact assessments code of practice
ICO lo Conducting privacy impact assessments code of practice Data Protection Act Contents Data Protection Act... 1 About this code... 3 Chapter 1 - Introduction to PIAs... 5 What the ICO means by PIA...
More informationContents. Contents 1 Executive Summary 2 What We Examined 2 Why It's Important 2 What We Found 2 Special Examination Opinion 4
1800 Contents Contents 1 Executive Summary 2 What We Examined 2 Why It's Important 2 What We Found 2 Special Examination Opinion 4 I 1 Executive Summary What We Examined The First Nations (FNTC)was established
More informationLook Ahead Care, Support and Housing: Anti-Slavery and Human Trafficking Statement
Look Ahead Care, Support and Housing: Anti-Slavery and Human Trafficking Statement Introduction Look Ahead is committed to: Undertaking and promoting ethical practices and policies to prevent modern slavery
More informationQuality Assurance Framework
Quality Assurance Framework ASSESSMENT CENTRE Owner: DSA-QAG 6.2 Version Control Document Created Revision Author Assessment Centre Quality Assurance Framework 06/10/2017 DSA-QAG, IAC, NNAC, SFE, DfE &
More informationTrust Board Meeting in Public: Wednesday 17 January 2018 TB
Trust Board Meeting in Public: Wednesday 17 January 2018 Title Progress report regarding organisational preparedness for the General Data Protection Regulation (Data Protection Act 2018) Status History
More informationData Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective:
Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective: 1 Policy Statement Objective 1.1 It is the policy of Penderels Trust to demonstrate compliance
More informationCorporate Governance Attestation Statement for Cancer Institute NSW NSW. 1 July June 2017 Health GOVERNMENT. Cover page
ta 1 July 2016-30 June 2017 Corporate Governance Attestation Statement for Cover page 1 July 2016 30 June 2017 41. ICKW CORPORATE GOVERNANCE ATTESTATION STATEMENT CANCER INSTITUTE The following corporate
More informationWater Treatment Technician
POSITION DESCRIPTION Water Treatment Technician 1 POSITION DETAILS Position Title: Reports to: Department: Location: Water Treatment Technician Senior Engineer Water Treatment or Water Treatment Technologist
More informationthe Trust s risk management, including business risk and operational risk
AUDIT COMMITTEE TERMS OF REFERENCE GOVERNANCE HANDBOOK 5 TH EDITION DECEMBER 2016 AMENDED 30 MAY 2018 Audit Committee 3.2 Role 3.2.1 The Audit Committee is appointed by the Board of Trustees to assist
More informationAlloa Gymnastics Club Data Protection Privacy Notice
Alloa Gymnastics Club Data Protection Privacy Notice The GDPR is Europe s new framework for data protection laws. It replaces the previous 1995 data protection directive, which current UK law is based
More informationIntroduction to Environmental Impact Assessment for Masterplan Sites 25 April 2018
Introduction to Environmental Impact Assessment for Masterplan Sites 25 April 2018 Environmental Impact Assessment Session Introduction and purpose of the presentation Key Topics for Discussion: Environmental
More informationThe (Scheme) Actuary as a Data Controller
The (Scheme) Actuary as a Data Controller Keith Webster and Ian Stevens Partners, CMS Cameron McKenna LLP June 2014 Discussion Areas New IFOA guidance Data Protection Act refresher Compliance obligations
More informationBriefing Pack. For the position of. Trustee. For. Age Cymru Afan Nedd
Briefing Pack For the position of Trustee For Age Cymru Afan Nedd November 2016 Contents Letter from Chair 3 Governance Structure 4 Organisational Aims and Objectives 4 Role Brief/Person Specification
More informationStrathclyde Partnership for Transport
Agenda item 5 Strathclyde Partnership for Transport Independent Examination of Internal Audit February 2017 Contents Page Executive summary 1 Section 1 Public sector internal audit standards 2 Section
More informationPERSONAL DATA SECURITY GUIDANCE FOR MICROENTERPRISES UNDER THE GDPR
PERSONAL DATA SECURITY GUIDANCE FOR MICROENTERPRISES UNDER THE GDPR The General Data Protection Regulation ( the GDPR ) significantly increases the obligations and responsibilities of organisations and
More informationLoch Lomond and The Trossachs. National Park Authority. Review of Internal Controls 2015/16. Prepared for Loch Lomond and The Trossachs.
Loch Lomond and The Trossachs National Park Authority Review of Internal Controls 2015/16 Prepared for Loch Lomond and The Trossachs National Park Authority March 2016 Key contacts Asif A Haseeb, Engagement
More informationData Protection Audit Self-assessment toolkit
Data Protection Audit Self-assessment toolkit online preferences security passport details emergency contact details blood group email account number accuracy CCTV images tax records rights payroll number
More informationVersion 1.0 (final)
The Information Commissioner s response to the Department for Business Innovation and Skills consultation on moving Land Registry operations to the private sector ( the consultation ) The Information Commissioner
More informationInternal audit effectiveness reviews. Working in partnership to help you enhance the quality and effectiveness of your internal audit function
Internal audit effectiveness reviews Working in partnership to help you enhance the quality and effectiveness of your internal audit function A changing environment Since the 2008 financial crisis it is
More informationNHS Digital Audit of Data Sharing Activities: Derby Teaching Hospitals NHS Foundation Trust - Renal Department
Directorate / Programme Care Services Project Data Sharing Audits Status Approved Director Catherine O Keeffe Version 1.0 Owner Sean Walsh Version issue date 13/10/2017 NHS Digital Audit of Data Sharing
More informationPOSITION DESCRIPTION
Protective Security Officer (Day) POSITION DESCRIPTION Unit/Branch, Directorate: Location: Protective Security Unit / Intelligence Community Shared Services Wellington Salary range: D $42,489 - $63,733
More informationINFORMATION GOVERNANCE COMMUNICATION STRATEGY
INFORMATION GOVERNANCE COMMUNICATION STRATEGY 20-2017 Summary This document sets out the steps to be taken during the next two years to maintain and improve communication of the strategic Information Governance
More informationJOB DESCRIPTION. Director of Finance and Corporate Services. Starting at 26,977 with progression to 31,576 per annum
JOB DESCRIPTION POST: DIVISION: RESPONSIBLE TO: SALARY: Information and Governance Officer Finance and Corporate Services Director of Finance and Corporate Services Starting at 26,977 with progression
More informationCorporate Governance Statement FY2018
The purpose of Tempo Australia Ltd ( Tempo or the Company ) is to deliver to clients in the resources, industrial and commercial sectors specialist multidisciplinary maintenance and construction services,
More informationPROJECT STAKEHOLDER MANAGEMENT. 1 Powered by POeT Solvers Limited
PROJECT STAKEHOLDER MANAGEMENT 1 www.pmtutor.org Powered by POeT Solvers Limited PROCESSES BY PROCESS GROUP Initiating Planning Executing Monitoring and controlling 13.1 13.2 13.3 13.4 Identify Plan Manage
More informationGood Governance Questionnaire
Good Governance Questionnaire Simply put, the board exists (usually on someone else's behalf) to be accountable that its organization works. The board is where all authority resides until some is given
More informationATCO Gas Code of Conduct Regulation (A.R. 58/2015) Compliance Plan
ATCO Gas Code of Conduct Regulation (A.R. 58/2015) Compliance Plan Effective Date: June 27, 2017 ATCO Gas Code of Conduct Regulation Compliance Plan PURPOSE...3 PART 1 INTERPRETATION...4 1.0 DEFINITIONS...
More informationDefence Health Governance Structure
Governance Structure November 2017 Defence Health Governance Structure The Board comprises eight non-executive Directors including a non-executive Chairman, and one associate Director. The Board has assessed
More informationNOT PROTECTIVELY MARKED. Britannia Building, Room B024, Glasgow Caledonian University
Meeting SPA Audit & Committee Date and Time 9 June 2014 1015 hrs Location Britannia Building, Room B024, Glasgow Caledonian University Title of Paper SPA Register Public Item Number 6.1 Presented By John
More informationNHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17
NHS Sunderland Clinical Commissioning Group Information Governance Strategy 2016/17 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Executive Committee Governing
More informationNORTHERN IRELAND SOCIAL CARE COUNCIL
NORTHERN IRELAND SOCIAL CARE COUNCIL FREEDOM OF INFORMATION POLICY FINAL SEPTEMBER 2012 1. INTRODUCTION The purpose of the Northern Ireland Social Care Council s (NISCC) Freedom of Information Policy is
More information