Business Continuity. Example Policy. Author: A Heathcote Date: 24/05/2017 Version: 1.0
|
|
- Grace Garrison
- 5 years ago
- Views:
Transcription
1 Example Policy Author: A Heathcote Date: 24/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created by statute, also known as NHS Digital.
2 Contents 1 Purpose 3 2 Scope 3 3 Applicability 3 4 Guidance 3 Terminology 3 Policy 3 Business Continuity Definition 4 Business Continuity Approach 4 Business Continuity Plan 4 Responsibilities 5 Training and Awareness 5 Management and Implementation 5 Testing 6 5 Key Words 6 Copyright 2017 Health and Social Care Information Centre. 2
3 1 Purpose The purpose of this Business Continuity Example Policy is to provide exemplar guidance in line with HMG and private sector best practice for the production of an organisation wide Business Continuity Policy. This is in order to allow the reader to produce the necessary policy and guidance for their business area and to ensure that the applicable and relevant security controls are set in place in line with the Department for Health, the wider NHS, health and social care and HMG requirements. 2 Scope The drafting of any policy governing the production of a Business Continuity policy for NHS systems, devices or applications and information deployed in support of NHS or health and social care business function. 3 Applicability This Example Policy is applicable to and designed for use by any NHS, health and social care or associated organisations that use or have access to NHS systems and/or information at any level. 4 Guidance This Example Policy provides guidance on the production of a Business Continuity Policy. The Example Policy is in italics with areas for insertion shown as <> and the rationale for each paragraph or section, where required, in [.]. This Example Policy is supported by a more detailed Good Practice Guide on Business Continuity, which can be used to assist in determining what is and what is not required in the exemplar policy shown here. Terminology Term SHALL SHOULD MAY Definition This term is used to state a Mandatory requirement of this policy This term is used to state a Recommended requirement of this policy This term is used to state an Optional requirement Policy The Business Continuity Policy shall be used to enable <insert name of organisation> to produce, implement, test and manage a Business Continuity Plan (management system) on <insert name of organisation> IT systems to enable a structured recovery post an IT or information security incident. This policy relates to the IT and information elements of the overall <insert name of organisation> approach to Business Continuity. Copyright 2017 Health and Social Care Information Centre. 3
4 [The aim of the policy statement is to state the objective(s) of the business continuity approach to be taken, i.e. the formation of a plan. Where applicable this plan for IT/Information Security should be related to the overall business continuity of the organisation.] Business Continuity Definition Business Continuity is defined as the capability of <insert name of organisation> to continue delivery of products or services at acceptable predefined levels following a disruptive incident. [This is just one possible definition; if the organisation has used a different definition or approach to business continuity in its overarching business continuity plan(s) then that should be used.] Business Continuity Approach <Insert name of organisation> shall use the Plan-Do-Check-Act (PDCA) model to plan, establish, implement, operate, monitor, review, maintain and continually improve the effectiveness of its Business Continuity Plan for IT and information. [The PDCA approach is a very common methodology for business continuity planning and its management. However, if the organisation has used a different methodology for its overall business continuity then this should be reflected in this policy.] Business Continuity Plan A Business Continuity Plan shall be produced to enable immediate responses to be made to an information security incident (IT or information). The Plan shall be regularly tested, it is suggested that this is at least annually. The Plan should cover: Ownership which post owns and controls the plan Responsibilities identification of roles and their responsibilities Scope what is in the plan and what is out of the plan Identification of critical assets with priority order for recovery/business functionality Capabilities identified internal and external capabilities Resources allocation of tasks to resources, internal and external Communication process Task flow including: Points of contact Relationship to incident management team Response actions Recovery/restoration of asset or standing up of identified alternate Recording of actions taken and time when assets recovered/restored. Post Action Review lessons learnt. Test Schedule. Copyright 2017 Health and Social Care Information Centre. 4
5 [This section aims to identify what areas the organisation should cover in its business continuity plan. It identifies the minimum; if other elements are considered to be needed the headline should be included here.] Responsibilities The following roles shall undertake the responsibilities listed: Senior Information Risk Owner (SIRO) coordinate the development and maintenance of the Business Continuity Plan ensuring it relates to the overall <insert name of organisation> Business Continuity Strategy. Business Continuity Plan Manager maintains the Plan on behalf of the SIRO ensuring that testing is undertaken. A post shall be allocated for this role. Information Asset Owners (IAOs) ensure that the requirements from the Business Continuity planning are adequately considered and documented for all information assets of which they have ownership; and, enable the recovery to be enacted. Line Managers - ensure that staff follow the <insert name of organisation> Business Continuity Plan procedures. Chief Information Security Officer (CISO) management of business continuity procedures relating to IT and information security. [For smaller organisations, the roles of SIRO and CISO may be undertaken as a secondary role by senior partners or the owners of the business; provided the individual/role identified is one that is in a position to make informed, executive decisions that are appropriate for the SIRO and CISO functions. These roles may be part of the information governance lead; as may be the case for the IAO role(s) where the size does not merit individual SIRO, CISO and IAO roles. In the same manner, the Business Continuity Plan manager may be an additional/secondary role; for smaller organisations external specialist help may be required to set up the plan and processes and then the maintenance of it could return to within the organisation.] Training and Awareness Personnel who are required to undertake specific technical and functional roles associated with business continuity shall be trained and formally qualified to complete this specialist function. All <insert name of organisation> staff, including third parties, shall be made aware of the requirements of the <insert name of organisation> Business Continuity Plan and subsequent Procedures. [A policy should outline the requirement for personnel to be appropriately trained and made aware of the business continuity requirements. The specific training and roles which require it, or the necessity to mandate in third party contracts that the provider (e.g. IT provider) has trained and appropriately skilled people, would be detailed in the actual Business Continuity Plan.] Management and Implementation The Business Continuity Policy and the resulting Business Continuity Plan shall be reviewed and re-issued annually or upon identification of a change in procedure or lesson learnt. Copyright 2017 Health and Social Care Information Centre. 5
6 The effectiveness of the Policy and Plan shall be monitored through audits and tests (external and internal) and from lessons learnt during any business continuity activity. [It is essential that the Plan is reviewed and audited, as well as tested regularly, and the requirement for this should be included in the Policy. The actual processes should be covered in the Business Continuity Plan.] Testing On behalf of the SIRO the Business Continuity Plan Manager shall coordinate and manage testing which should follow the below levels and is recommended to be at least annually at each level: Table Top Walkthrough Real-time Live Test [Testing is critical to ensure that the Plan is fit for purpose; it is recommended that this is mandated in the Policy, or if third party providers are utilised it is mandated as a contractual requirement.] 5 Key Words Business Continuity, CISO, Data Recovery, IAO, SIRO, Copyright 2017 Health and Social Care Information Centre. 6
Supply Chain. Example Policy. Author: A Heathcote Date: 24/05/2017 Version: 1.0
Example Policy Author: A Heathcote Date: 24/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationClear Desk and Screen
Example Policy Author: A Heathcote Date: 24/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationInformation Governance Strategy and Management Framework
Information Governance Strategy and Management Framework Summary: This strategy sets out the framework, structure, system and accountabilities for Information Governance Management within NHS Eastbourne,
More informationPROCEDURE (Essex) / Linked SOP (Kent) Information Sharing Agreements. Number: W 1014 Date Published: 23 June 2017
1.0 Summary of Changes 1.1 The following minor changes have been made to this procedure/sop on 23 June 2017: Paragraph 3.3.7 link created to Privacy Impact Assessment; Paragraph 3.4 Legal Services replaced
More informationFindings from ICO audits of 16 local authorities
Data protection Findings from ICO audits of 16 local authorities January to December 2013 Introduction This report is based on ICO audits of 16 local authorities between January and December 2013. This
More informationInitiative: Information Governance Management
Royal Devon & Exeter Information Governance Information Governance (IG) Toolkit Action Plan Key Requirements Reporting Date 18/03/2011 Programme Manager Sharon Collingwood Project Start Date 30/07/2010
More informationInformation Governance Policy
Information Governance Policy Applicable to All employees Version1.0 Last Updated March 2014 CONFIDENTIAL Page 2 of 6 Contents 1. Objectives 3 2. Scope 3 3. Principles 3 4. Information Governance Policy
More information18 Business Continuity Management
18 Business Continuity Management Business Continuity is the strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business
More informationINFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION
INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION Policy approved by: Joint Audit and Governance Committee Date: December 2016 Next Review Date: October 2018 Version: 2.0 Information Governance Strategy
More informationUNCLASSIFIED. ISO27002 Organising Information Security. Restrictions? If Y please give the reason for the restriction below.
Meeting Paper title Executive Team Date 18/06/12 ISO27002 Organising Information Security Agenda item 3 Discussion time Purpose of paper Decision 15 mins Restrictions on public access including staff Restrictions?
More informationINFORMATION GOVERNANCE MANAGEMENT FRAMEWORK
NHS South West Lincolnshire Clinical Commissioning Group (CCG) INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History: Document Reference: Document Purpose: IG01 Date Ratified: January 2015 Ratified
More informationInformation Governance Management Framework
Management Framework Summary: This document sets out the framework, structure, system and accountabilities for Management within West Kent CCG Clinical Commissioning Group. APPROVED BY: Chief Finance Officer
More informationOverarching Information Governance Policy
Document Information Board Library Reference Document Type Document Subject Original Document Author Reviewed By Review Cycle IM&T_01 Policy Information Information IGMG 3 Years Note: This document is
More informationNHS DIGITAL Records and Document Management Policy
Status Document Record ID Key Version Director Responsible for this policy Final v2.0 Version Date 10/04/2018 Catherine O Keeffe, Director of Information Governance, Burden and Audit Person to contact
More informationQIC Health and Community Services Core Standards 6 th Edition November 2009
QUALITY IMPROVEMENT COUNCIL QIC Health and Community Services Core Standards 6 th Edition November 2009 These standards are for use in the QIC Accreditation Program by approved participating organisations
More informationInformation Governance Policy
Information Governance Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 19 th September 2017 Name of originator /author (s):
More informationInformation Governance Strategic Management Framework
Information Governance Strategic Management Framework 2016-2018 Susan Meakin Information Governance Manager June 2016 Information Governance DOCUMENT CONTROL: Version: 2 Ratified by: Health Informatics
More informationMinisterial Review - Better Responses to Natural Disasters and Other Emergencies in New Zealand. Submission by the Engineering Leadership Forum
Ministerial Review - Better Responses to Natural Disasters and Other Emergencies in New Zealand Introduction Submission by the Engineering Leadership Forum 7 July 2017 1. Thank you for the opportunity
More informationTEMPLATE. Asset Management. Assetivity
TEMPLATE Asset Management Assetivity EXECUTIVE SUMMARY This section provides an overview of the Strategic Asset Management Plan (SAMP) including: Purpose of the document Overall strategy statement List
More informationThis Policy supersedes the following Policy, which must now be destroyed:
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn Executive Director of Performance and Assurance Sue Proud Information
More informationAudit of Business Continuity Planning (BCP) Audit and Evaluation Branch
Final Audit Report Audit and Evaluation Branch June 2006 Tabled and approved by DAEC on January 9, 2007 TABLE OF CONTENTS 1.0 EXECUTIVE SUMMARY... 2 1.1 INTRODUCTION... 2 1.2 OVERALL ASSESSMENT... 2 1.3
More informationIG01 Information Governance Management Framework
IG01 Information Governance Management Framework 1 INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG01 Document Purpose: The document compliments all other Information
More informationSignificant Service Contracts Framework
1 Significant Service Contracts Framework The Significant Service Contracts Framework is delivered by New Zealand Government Procurement (NZGP). NZGP delivers on the Ministry of Business Innovation and
More informationRecords Management Policy
Records Management Policy Page 1 of 7 Document Control Document name Author Department Policy Nicki Hargreaves (Lead Officer) Good Practice Document status V1.0 Approval Information Governance Steering
More informationThis Policy supersedes the following Policy, which must now be destroyed:
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn, Executive Director of Commissioning and Quality Assurance Angela
More informationBusiness Continuity Management Policy and Framework
Management Policy and Framework Version: 9 Produced by: University Manager with the assistance of the Operational Group Date Produced: 11 th March 2010 Approved by: Steering Group (14 December 2010) Updated:
More informationInternal Audit Charter
Barangaroo Delivery Authority (the Authority) Document Control Approved by: Barangaroo Delivery Authority Board Date of Approval: 9 December 2015 Review Cycle: Annually Reviewed: 29 November 2016 Next
More informationEast Riding of Yorkshire Council Data protection audit report. Executive summary March 2014
East Riding of Yorkshire Council Data protection audit report Executive summary March 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data
More informationInformation Governance Policy
Information Governance Policy Owner Author Information Team Information Governance Manager Reviewed by Approved by and date Council/Committee/EMT Board - Date approved Effective from 24 April 2017 Review
More information<Full Name> Quality Manual. Conforms to ISO 9001:2015. Revision Date Record of Changes Approved By
Conforms to ISO 9001:2015 Revision history Revision Date Record of Changes Approved By 0.0 [Date of Issue] Initial Issue Control of hardcopy versions The digital version of this document is
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Version FINAL 1.0 Ratified by Dudley CCG Audit Committee Date ratified 17/03/16 Name of originator(s) / author(s) David Morris, Midlands and Lancashire CSU/ Sue Johnson,
More informationHeart of England NHS Foundation Trust
Heart of England NHS Foundation Trust Data protection audit report Executive summary February 2017 1. Background 1. Background The Information Commissioner is responsible for enforcing and promoting compliance
More informationThe operation of this BCMS has many benefits for the business, including:
1 Introduction As a modern, forward-looking bank, Union Bank of Nigeria recognises at senior levels the need to ensure that its business operates smoothly and without interruption for the benefit of its
More informationUnited Lincolnshire Hospitals NHS Trust. Governance Statement 2015/16. Scope of responsibility. The governance framework of the organisation
United Lincolnshire Hospitals NHS Trust Governance Statement 2015/16 Scope of responsibility As Accountable Officer, and Chief Executive of this Board, I have responsibility for maintaining a sound system
More informationBusiness Continuity Management Policy. Guidance
Management Guidance Document Type: Guidance Parent Policy: Management Policy Policy Owner: Chief Supt Department: Document Writer: Co-ordinator Effective Date: 12 th March 2015 Review Date: 12 th March
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY CONSULTATION AND RATIFICATION SCHEDULE Document Name: Governance Policy Policy Number/Version: 2.0 Name of originator/author: Midlands & Lancashire CSU Governance Team Ratified
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY 1. CONSULTATION AND RATIFICATION SCHEDULE 1.2. Document Name: Governance Policy 1.4. Policy Number/Version: V4.0 1.6. Name of originator/author: Midlands & Lancashire CSU
More informationSCHEDULE 20 SERVICE DOCUMENTATION
Schedule 20: Service Documentation 1 Introduction 1.1 This Schedule sets out the types of documentation relating to the provision of the Services (whether originally developed by the Contractor or on its
More informationManagement Response and Action Plan
Management Response and Action Plan A - For inclusion in the report The findings and recommendations of the audit were presented to the Corporate Management Sector () Corporate Facilities and Security
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY 1 AUTHOR/ APPROVAL DETAILS Document Author Written By: Phil Hartwell Authorised Signature Authorised By: Helen Shields Date: 06
More informationAppendix 1 Detailed Internal Audit Strategic Planning Process
AUDIT RISK ASSESSMENT AND PLANNING Introduction The objective of this paper is to explain the assessment criteria and methodology employed in formulating an Audit Risk Assessment and how this is used to
More informationIGPr002 - Information Governance Management Framework
IGPr002 - Information Governance Management Framework Page 1 of 10 Table of Contents Information Governance Management Framework... 1 Why we need this Framework... 3 What the Framework is trying to do...
More informationIdentifies the risk management structure, roles, responsibilities and authority of staff, committees and groups with responsibility for risk
Title Description of document The sets out the process by which the Trust identifies, manages, reduces and mitigates risks to achieving the organisational objectives. It sets out the framework required
More informationInformation Governance Assurance Framework
Document Reference POL008 Document Status Approved Version: V4.0 DOCUMENT CHANGE HISTORY Initiated by Date Author IG Toolkit Requirements November 2010 IG Manager Version Date Comments (i.e. viewed, or
More informationJoint Information Management Strategy
Joint Information Management Strategy 2014-2017 Version Control Version Changes By who Date Draft V0.3 Format & H Youngs 10 Sept 2014 Document/Version Control Inclusion of paragraphs 1.5, 2.2 H Youngs
More informationInformation Management Policy CCMT Sponsor Director of Information Department/Area Joint Information Management Unit
Policy Title Information Management Policy CCMT Sponsor Director of Information Department/Area Joint Information Management Unit CONTENTS: (All Force policies should incorporate the following) 1.0 Rationale
More informationOFFICIAL. Date 18 April 2018 Pacific Quay, Glasgow General Data Protection Regulation (GDPR) Police Scotland Preparedness Item Number 11.
Meeting Date Location Pacific Quay, Glasgow Title of Paper General Data Protection Regulation (GDPR) Police Scotland Preparedness Item Number 11.2 Presented By ACC Alan Speirs Recommendation to Members
More informationBusiness Continuity Management Policy. Date Version Number Planned Review Date Oct 2014 Issue 1 Oct 2017
Business Continuity Management Policy Document Code PtHB / CGP 001 Date Version Number Planned Review Date Oct 2014 Issue 1 Oct 2017 Document Owner Approved by Date Civil Contingencies Executive Team 08/10/2014
More informationFollow-up to the recommendations of the Chief Internal Auditor for the year ended 31 December, 2016
INTERNATIONAL TRAINING CENTRE OF THE ILO Board of the Centre 80 th Session, Turin, 26-27 October 2017 CC 80/4/5 FOR INFORMATION FOURTH ITEM ON THE AGENDA Follow-up to the recommendations of the Chief Internal
More informationMeeting Date 15 March 2018 Agenda Item 2b
Meeting Date 15 March 2018 Agenda Item 2b Report Title Stocktake Report Author Pam Wenger, Report Sponsor Pam Wenger, Presented by Pam Wenger, Freedom of Open Information Purpose of the Report The purpose
More informationInformation Governance Policy
Information Governance Policy Policy Number IG001 Target Audience CCG/ GMSS Staff Approving Committee CCG Chief Officer Date Approved February 2018 Last Review Date February 2018 Next Review Date February
More informationINFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN
INFORMATION GOVERNANCE STRATEGY & IMPLEMENTATION PLAN 2015-2018 Disclaimer The latest version of this document is located on PTHB intranet. Please check the review date and if there are any doubts contact
More informationInformation Risk Policy
Information Risk Policy Version 1_0 Responsible Person Information Governance Manager Lead Director Director of Performance and Corporate Services Consultation Route Information Governance Steering Group
More informationT E A L C O N S U L T I N G L T D I S O A G U I D E
T E A L C O N S U L T I N G L T D I S O 4 4 0 0 1 A G U I D E W H A T I S I S O 4 4 0 0 1? There is much talk about collaboration but for many the concept seems ad hoc and without a clear perspective as
More informationInformation Security Risk Management Programme and Strategy
Information Security Risk Management Programme and Strategy Table of Contents 1. Introduction... 3 2. Purpose... 3 3. Definitions... 3 4. Roles and Responsibilities... 4 4.1. Accountable Officer... 4 4.2.
More informationAvenir Digital Limited
Avenir Digital Limited Environmental POLICY Classification PUBLIC Version 1.0 Date of Issue 01st March 2018 Date of Next Review 28th February 2019 Expiry Date Not Applicable CONTENTS 1 POLICY... 3 1.1
More informationInstructions for Sveriges Riksbank
Instructions for Sveriges Riksbank Introduction Article 1 The General Council of the Riksbank has adopted Rules of Procedure for the Riksbank. The Rules of Procedure specify the Riksbank's overall organisation
More informationRef Domain Standard Detail
Ref Domain Standard Detail Clinical Commissionin Evidence - examples listed below g Group 1 Governance Appointed AEO The organisation has appointed an Accountable Emergency Officer (AEO) responsible for
More informationInformation Governance Policy and Management Framework
Putting Barnsley People First Information Governance Policy and Management Framework Version: 2.0 Approved By: Governing Body Date Approved: February 2014 Name of originator / author: Richard Walker Name
More informationDate: INFORMATION GOVERNANCE POLICY
Date: INFORMATION GOVERNANCE POLICY Information Governance Policy IGPOL/01 Information Systems Corporate Services Division March 2017 1 Revision History Version Date Author(s) Comments 0.1 12/12/2012 Helen
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Page 1 of 13 INFORMATION GOVERNANCE POLICY EXECUTIVE SUMMARY Key Messages Principles of Information Governance Openness Confidentiality and Legal Compliance Information Security
More informationBurton Hospitals NHS Foundation Trust. On: 22 January Review Date: December Corporate / Directorate. Department Responsible for Review:
POLICY DOCUMENT Burton Hospitals NHS Foundation Trust DATA QUALITY POLICY Approved by: Trust Management Team On: 22 January 2016 Review Date: December 2018 Corporate / Directorate Clinical / Non Clinical
More informationBusiness Continuity Management Plan. Policy
Business Continuity Management Policy Document Number 007/002/028 Version: V 1.00 Approved by: Risk Management & Clinical Governance Committee Date approved: Name of originator/ author: Contingency Planning
More informationPhoenix Energy Holdings Gas Ltd Health & Safety Policy
Phoenix Energy Holdings Gas Ltd Health & Safety Policy July 2017 Phoenix Energy Holdings Ltd Health & Safety Policy July 2017 Contents 1.0 Introduction 2.0 Purpose 3.0 Scope 4.0 References 5.0 Definitions
More informationINFORMATION GOVERNANCE MANAGEMENT FRAMEWORK
INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG33 Document Purpose: The document complements all other Information Governance policies and sets out the management arrangements
More informationThis document sets out the organisation s process for meeting these requirements.
Trust Policy and Procedure Diagnostic & Therapeutic Equipment Training Document ref. no: PP(16)26 For use in (clinical areas): For use by (staff groups): For use for (patients / treatments): Document owner:
More informationRecords Management Plan
Records Management Plan October 2014 1 2 Document control Title The Scottish Funding Council Records Management Plan Prepared by Information Management and Security Officer Approved internally by Martin
More informationNLG(18)319. DATE OF MEETING 28 th August Trust Board of Directors Public REPORT FOR. Marcus Hassall, Director of Finance REPORT FROM
NLG(18)319 DATE OF MEETING 28 th August 2018 REPORT FOR Trust Board of Directors Public REPORT FROM Marcus Hassall, Director of Finance CONTACT OFFICER Helen Kemp-Taylor Head of Internal Audit (Audit Yorkshire)
More informationSafer Recruitment Policy
Safer Recruitment Policy 2014-2017 Issue 5 July 2014 Summary of Policy: The Policy outlines how the College meets Safeguarding legislation requirements in respect of the recruitment and selection of staff
More informationISO/IEC INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise
INTERNATIONAL STANDARD ISO/IEC 38500 First edition 2010-06-01 Corporate governance of information technology Gouvernance des technologies de l'information par l'entreprise Reference number ISO/IEC 38500:2008(E)
More informationINFORMATION GOVERNANCE STRATEGY. Documentation control
INFORMATION GOVERNANCE STRATEGY Documentation control Reference Date Approved Approving Body Version Supersedes Consultation Undertaken Target Audience Supporting procedures GG/INF/01 TRUST BOARD Information
More informationNOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Head of Protective Services Specialist Operations. Business Continuity Manager
POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services Policy owner
More informationCOMPETENCE & COMMITMENT STATEMENTS
COMPETENCE & COMMITMENT STATEMENTS The Institution for Rail Infrastructure Engineers A Permanent Way Engineer is one who supports and promotes the advancement of the design, construction and maintenance
More informationISMS AUDIT CHECKLIST
4.1 REQUIREMENT REFER TO BS ISO / IEC 27001 : 2005 Has the organisation developed a documented ISMS based on the PDCA model? Checked at Stage 1 for development and Stage 2/surveillance for implementation,
More information[RESTRICTED ACCESS: SECURITY] COMMONS EXECUTIVE COMMITTEE Update on business resilience capability and annual approval of Business Resilience Policy
EC2016.P.04 COMMONS EXECUTIVE COMMITTEE Update on business resilience capability and annual approval of Business Resilience Policy Paper from: David Leakey, Chair of the Business Resilience Group Paper
More informationThe Organisation of Nuclear Installations ENSI-G07. Guideline for Swiss Nuclear Installations. July 2013 Edition
Guideline for Swiss Nuclear Installations ENSI-G07 July 2013 Edition July 2013 Edition Guideline for Swiss Nuclear Installations ENSI-G07/e Contents Guideline for Swiss Nuclear Installations ENSI-G07/e
More informationRISK MANAGEMENT STRATEGY AND POLICY
NEWPORT COMMUNITY SCHOOL PRIMARY ACADEMY Date Adopted: 12 th July 2012 Author/owner: Resources Committee Anticipated Review: Ongoing RISK MANAGEMENT STRATEGY AND POLICY Risk Management Strategy The Governing
More informationQualification manual
Qualification manual Qualification title: EAL Level 3 NVQ Certificate in Rail Engineering Signalling Installer Qualification code: 601/3839/7 Qualification title: EAL Level 3 NVQ Diploma in Rail Engineering
More informationJOB DESCRIPTION. Medical Director
JOB DESCRIPTION Job Title: Accountable to: Deputy Medical Director Medical Director 1. Purpose of Role The Deputy Medical Director will provide support to the Medical Director in delivering the principle
More informationFinal Audit Report. Follow-up Audit of Emergency Preparedness and Response. March Canada
Final Audit Report Follow-up Audit of Emergency Preparedness and Response March 2013 Canada Table of Contents Executive summary... i A - Introduction... 1 1. Background... 1 2. Audit objective... 1 3.
More informationHealth Informatics Strategic Workforce Planning Groups. Draft Terms of Reference
Health Informatics Strategic Workforce Planning Groups Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Service Implementation Prog. Director Alan Perkins Owner Di Millen
More informationPolicies, Procedures, Guidelines and Protocols. Document Details
Policies, Procedures, Guidelines and Protocols Document Details Title Security Management Strategy Trust Ref No 2038-38676 Local Ref (optional) Main points the document The Strategy intends to reinforce
More informationCorporate policy. Business Continuity Management Policy. Issue sheet
Corporate policy Business Continuity Management Policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSADPN001b S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop
More informationInternal Audit Charter
Internal Audit Charter September 2017 1. Policy The EIF function responsible for the performance of internal audit ( Internal Audit or IA ) shall perform internal audit services pursuant to the terms of
More informationTHE IPSWICH HOSPITAL NHS TRUST. Divisional Board. TERMS OF REFERENCE Version 1.0
THE IPSWICH HOSPITAL NHS TRUST Divisional Board TERMS OF REFERENCE Version 1.0 Purpose: For use by: This document is compliant with /supports compliance with: This document supersedes: Approved by: To
More informationIncident Response Planning & Management
Incident Response Planning & Synopsis This standard identifies interface requirements for enabling a consistent, comprehensive and structured process for rail incident response planning and management.
More information12.0 Business Continuity Management
Number 12.0 Policy Owner Information Security and Technology Policy Business Continuity Management Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 12. Business Continuity
More informationPROCEDURE Data Quality. Number: W 2020 Date Published: 19 March 2015
1.0 Summary of Changes This is a new procedure, which should be read by all staff, especially those that: Develop, review or amend Force policy and procedures; Enter data into Essex Police IT applications;
More informationData Quality Policy
Cambridgeshire and Peterborough Clinical Commissioning Group (CCG) Data Quality Policy 2017-2019 Ratification Process Lead Author(s): Reviewed / Developed by: Approved by: Ratified by: Associate Director
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES COMMUNICATION TO THE COMMISSION
COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 21.1.2003 SEC(2003) 59 final COMMUNICATION TO THE COMMISSION Clarification of the responsibilities of the key actors in the domain of internal audit and
More informationA Guide to Business Continuity
A Guide to Business Continuity Getting Started Business Continuity Management is a process driven from the top of the organisation. The first stage has to be an acceptance by the Board or the Executive
More informationJOB DESCRIPTION. Head of Maintenance. Estates and Facilities Division. GRADE: Grade 8
JOB DESCRIPTION JOB TITLE: DIVISION: Deputy Head of Maintenance Estates and Facilities Division GRADE: Grade 8 REPORTING TO: Head of Maintenance JOB FUNCTION/PURPOSE: To support the Head of Maintenance
More informationInformation Governance Management Framework
Information Governance Management Framework November 2014 Author: Responsibility: Lynda Harris, Head of Information Governance All Staff Effective Date: November 2014 Review Date: November 2015 Reviewing/Endorsing
More informationInternal Audit Charter
Internal Audit Charter 1. Introduction (QLD) Financial and Performance Management Standard 2009, the Subordinate Legislation made under the Financial Accountability Act 2009, requires that: The internal
More informationInformation Governance Policy
Author Darren Rigg Head of Information Governance Corporate Lead Bryan Machin Executive Director of Finance and Resources Document Version 1 Date ratified by Quality Committee 24 th October 2014 Date issued
More informationABL Information Risk Policy
Policy Name Approving Board ABL Information Risk Policy Date Approved 30/01/2018 Last Review Date 23/01/2018 Next Review Date 23/01/2020 Prepared By Version Number 3.0 Reference Number ABL Information
More informationLEGISLATURE 2017 BILL
0-0 LEGISLATURE LRB-/ 0 AN ACT to create 0. () (h),.0 (),.,.,. and. () (a). of the statutes; relating to: preparation and response required by railroad corporations in the event of discharge of transported
More informationInformation Governance Management Framework 2016/17
Information Governance Management Framework 2016/17 Reference: IG12 Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy
More informationHead of Security and Business Continuity
Services Security and Business Continuity Ser-Sec-003 07/11/2017 Author Name Author Job Title Alan Cain Head of Security and Business Continuity Version No. 1.1 EIA Approval Date 28/06/2017 Committee Recommend
More informationINFORMATION GOVERNANCE ASSURANCE FRAMEWORK
INFORMATION GOVERNANCE ASSURANCE FRAMEWORK Summary This document sets out an overarching framework for the strategic Information Governance agenda in the Business Services Organisation. In particular,
More information