Information Governance Policy (incorporating IM&T Security)

Size: px
Start display at page:

Download "Information Governance Policy (incorporating IM&T Security)"

Transcription

1 (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the Trust and third parties supplying goods and services to the Trust Author Information Governance Manager Version 3.0 Issue 2 Issue Date July 2011 Review Date May 2013 Status Approved Approved by Caldicott and Information Governance Committee Approved by Date April 2010 Ratified by Trust Management Committee Ratified by Date May 2010 Document Number IG0005 BHT Pol No 051 Lead Director Chief Operating Officer EIA 22nd January 2010 Location BHT Intranet/Trust Polices/Information Governance Polices CHB folder/pct Intranet

2 Approval and Authorisation Completion of the following detail signifies the review and approval of this document, as minuted in the senior management group meeting shown. Version Authorising Group Approver Date 2.0 Caldicott & Information Governance Committee Anne Chilcott Dec Ratified Trust Management Committee Anne Chilcott April 10 Change History Version Status Reason for change Author Date 2.0 Approved Caldicott & Information Governance Committee A Chilcott Dec Draft Formal review and incorporation of IM&T Security A Chilcott Sept 09 Policy IG0001, Data Protection Policy IG0002, IM&T Policy IG Draft Changes to reflect comments by IT department and A Chilcott Dec 09 addition of reference to Care Records Guarantee section Draft Circulated to Caldicott & Information Governance A Chilcott Committee for comments Dec Draft Minor amendments following consultation A Chilcott Dec Draft Circulated to Joint Management & Staff Committee A Chilcott Jan Approved Caldicott & Information Governance Chairman s A Chilcott April 10 action 3.0 Ratified Ratified Trust Management Committee A Chilcott May Informal annual review no changes A Chilcott July 11 Document References Ref # Document title 1 Document Reference Document location 1 Confidentiality Code of Practice IG0008 Intranet 2 IT Access to Secure Areas Procedure IG0047 Intranet 3 Confidentiality and Data Protection Code of Conduct & Agreement IG0012 Intranet for Third Parties Supplying Goods, Services or Consultancy to the Trust 4 Freedom of Information Policy BHT Pol 042 Intranet 5 IT Network Remote Access Policy IG0056 Intranet 6 IT Asset Management procedure IG0054 Intranet 7 Safe Haven Procedure IG0048 Intranet 8 Computer User Access Management Policy IG0031 Intranet 9 IT Computer Usage Policy IG0009 Intranet 10 Trust Incident Reporting Policy & Procedure Intranet 11 Handling Reported Information Security Incidents Procedure IG0043 Intranet 12 IT Virus Control Procedure IG0044 Intranet 13 IT Network Security Policy IG0042 Intranet 14 IT Internet Access Policy IG0034 Intranet 15 IT User Account and Usage Policy IG0035 Intranet 16 Procedure for Implementing New Databases and Information Flows IG0025 Intranet 17 IT Server Security Procedure IG0055 Intranet 18 Information Governance Strategy IG0041 Intranet 19 Risk Management Policy BHT Pol 079 Intranet 20 Risk Management Strategy BHT S019 Intranet

3 Ref # Document title Document Reference Document location 21 Waste Management Policy BHT Pol 095 Intranet 22 Records Management Policy BHT Pol 125 Intranet 23 Records Management Strategy BHT S018 Intranet 24 Information Risk Policy IG0088 Intranet 25 NHS Care Records Guarantee Intranet 2

4 Table of Contents 1. PURPOSE SCOPE POLICY PRINCIPLES Openness Legal Compliance Information Security Information Quality Assurance RESPONSIBILITY LEGISLATION AND KEY REFERENCE DOCUMENTS MONITORING THIS POLICY REVIEW OF THIS POLICY APPENDIX A - INFORMATION MANAGEMENT AND SECURITY FRAMEWORK. 11 3

5 1. PURPOSE Information is a vital asset, both in terms of the clinical management of individual patients and the efficient management of services and resources. It plays a key part in corporate governance, service planning and performance management. It is of paramount importance to ensure that the Trust s information and key information assets are efficiently managed, and to have a solid strategy in place to comply in full with the legal, regulatory and governance requirements and mandates. The purpose of the Policy is to establish a robust governance framework for information management for preserving the confidentiality, integrity, security and accessibility of data, processing systems and information in Buckinghamshire Healthcare NHS Trust. Appendix A provides a more detailed set of requirements in relation to information management and technology security controls. The Trust monitors its Information Governance (IG) controls through the Department of Health NHS IG Toolkit, which is a mandatory performance and management, self assessment tool, ensuring compliance with the legal and regulatory requirements of handling information, covering the areas of: Information Governance Management Confidentiality and Data Protection Assurance Information Security Assurance Clinical Information Assurance Secondary Use Assurance Corporate Information Assurance All information security requirements in the NHS Information Governance toolkit are based on the international standard BS ISO/IEC 27002: SCOPE This policy applies to all information, information systems, networks, applications, location, staff employed or working on behalf of the Trust and third parties supplying goods and services to the Trust. 3. POLICY PRINCIPLES The principles are to establish and maintain the security and confidentiality of information, information systems, applications and networks owned or held by the Trust by: Ensuring that all members of staff are aware of their personal responsibilities and fully comply with the relevant legislation as described in this and other policies. Introducing a consistent approach to security, ensuring that all members of staff fully understand their own responsibility and the need for an appropriate balance between openness and confidentiality in the management and use of information. Creating and maintaining within the organisation a level of awareness of the need for Information Security as an integral part of the day to day business and explaining how they shall be implemented in the organisation. Supporting the principles of corporate governance and recognising its public accountability and at the same time safeguarding the confidentiality and security of both personal information about patient and staff and commercially sensitive information. 4

6 5 Information Governance Policy Recognising the need to share patient information with other health organisations and other agencies in a controlled manner consistent with the interests of the patient and, in some circumstances, the public interest. Protecting information assets under the control of the Trust. There are 4 key interlinked strands to the Information Governance Policy: Openness Legal compliance Information security Quality assurance 3.1 Openness Non-confidential information about the Trust and its services should be available to the public through a variety of media, in line with the Trust s Code of Conduct & Accountability for Trust Staff & Members of the Board The Trust will establish and maintain policies to ensure compliance with the Freedom of Information Act 2000 The Trust will undertake or commission regular assessments and audits of its policies and arrangements for openness Patients should have ready access to information relating to their own health care, their options for treatment and their rights as patients The Trust will have clear procedures and arrangements for liaison with the press and broadcasting media The Trust will have clear procedures and arrangements for handling queries from patients and the public 3.2 Legal Compliance The Trust will comply with the Data Protection Act 1998 and will establish and maintain appropriate and adequate administration arrangements for responding to data subject access requests within the timescales defined under the Act. The Trust regards all identifiable information relating to patients and staff as confidential except where exemptions can be applied. Trust staff will be made aware of all other relevant legislation and guidance relating to information security and confidentiality. Patients will be informed of the purpose for which information is being collected and who may access it. Direct consent will be sought from the patient where appropriate for the collection, processing and disclosure of data. Procedures and guidance will be provided to ensure appropriate disclosure of patient information, having regard to established professional ethics, patient consent, and formal access controls for clinical records and statutory requirements The Trust will undertake or commission regular assessments and audits of its compliance with legal requirements The Trust will establish and maintain policies to ensure compliance with the common law duty of confidentiality and all relevant Acts of Parliament

7 Patient and/or staff information will be shared with other agencies in accordance with agreed protocols and relevant legislation (e.g. Health and Social Care Act, Crime and Disorder Act, Protection of Children Act) 3.3 Information Security Systems will be established to ensure that corporate records including health records are available and accessible at all times. The Trust will establish effective authorisation procedures for the use and access to confidential information and records. Control over access and disclosure to health records is overseen by the Caldicott Guardian The Trust will establish and maintain policies for the effective and secure management of its information assets and resources The Trust will undertake or commission regular assessments and audits of its information and IT security arrangements The Trust will promote effective confidentiality and security practice to its staff through policies, procedures and training The Trust will establish and maintain incident reporting procedures which will include the monitoring and investigation where appropriate, of reported instances of actual or potential breaches of confidentiality and security 3.4 Information Quality Assurance The Trust will establish and maintain policies and procedures for information quality assurance and the effective management of records The Trust will undertake or commission regular assessments and audits of its information quality and records management arrangements Managers are expected to take ownership of, and seek to improve, the quality of information within their services Wherever possible, information quality should be assured at the point of collection Data standards will be set through clear and consistent definition of data items, in accordance with national standards 4. RESPONSIBILITY All Trust staff are required to maintain the security, confidentiality, integrity and availability of all Trust information including that which relates to patients and staff. Information governance responsibilities will be detailed in all job descriptions and staff contracts of employment and in the contracts for all suppliers and other external users. Non compliance with the policy can result in disciplinary action. Trust Board It is the role of the Trust Board to define the Trust s policy in respect of Information Governance and risk and meeting legal, statutory and NHS requirements. Is responsible for ensuring that sufficient resources are provided to support the requirement of the policy. The responsibility for this is delegated through the Chief Executive Officer to the Chief Operating Officer (COO) as Senior Information 6

8 Risk Owner (SIRO). Trust Management Committee Chief Operating Officer (COO) /Senior Information Risk Owner (SIRO) Information Asset Owner (IAO) Caldicott & Information Governance Committee this committee is the forum for making major operational decisions and assists the Chief Executive in the performance of their duties. development and implementation of strategy, operational plans, policies, procedures and budgets monitoring of operating and financial performance the assessment and control of risk, prioritisation and allocation of resources. receives and acts on reports from the SIRO through the Caldicott & Information Governance Committee. the Chief Operating Officer is the Senior Information Risk Owner and is responsible for and takes ownership of the organisation s information governance/risk policy and acts as advocate for information governance risk on the Board. authorises the Information Governance Toolkit Self-Assessment submissions. ensures that an effective information assurance governance infrastructure is in place including information asset ownership, reporting, defined roles and responsibilities. ensures that the Caldicott and Information Governance Committee has a suitably experienced chairman in place Information Asset Owners are senior individuals involved in running the relevant business. Their responsibility is to identify, understand and address risk to the information assets they own Accountable to the SIRO for providing assurance on the security and use of their information assets. this committee is responsible for overseeing day to day Information Governance issues. develop, maintain and approve policies, standard procedures and guidance coordinate and raise awareness of Information Governance in the Trust report on an exception basis to the Trust Management Committee on information Governance issues and risk Support the Senior Information Risk Manager in completion of their delegated duties. Caldicott Guardian the Caldicott Guardian acts in a strategic, advisory and facilitative capacity in the use and sharing of patient information. responsible for approving, monitoring and reviewing protocols governing access to person identifiable information by staff within the Trust and other organisations both NHS and non NHS 7

9 Information Governance Manager/Information Security Officer provides expert technical advice and guidance to the Trust on matters relating to information governance acts as the Trust Information Security Manager develops and provides suitable information governance training for all staff monitors actual or potential reported information security incidents within the organisation supports and assists the IT security officer with regard to IT/information security incidents IT Services Manager/ IT Security Officer provides expert technical advice to the Trust on matters relating to IT Security and ensures compliance and conformance acts as the Trust IT Security Manager supports and assists Information Security Officer with regard to IT/information security incidents. Managers responsible for ensuring that the policy and its supporting standards and guidelines are built into local processes and that there is on going compliance. that all staff job descriptions contain the relevant responsibility for information security, confidentiality and records management. that staff undertake information governance mandatory training and ongoing training needs are routinely assessed. managers shall be individually responsible for the security of their physical environment where information is processed and stored. All staff all staff shall comply with information security policy and procedures including the maintenance of data confidentiality and data integrity and ensure that no breach of information security or confidentiality, result from their actions. Failure to do so may result in disciplinary action. each member of staff shall be responsible for the operational security of the information systems they use. all staff are required to undertake relevant information governance training covering confidentiality and information security. Third Party Contractors/third parties Appropriate contracts and confidentiality/ information security agreements shall be in place with third party contractors/ third parties where potential or actual access to information assets is identified. 5. LEGISLATION AND KEY REFERENCE DOCUMENTS 5.1 The Trust is obliged to abide by all relevant UK and European Union legislation. The requirement to comply with this legislation shall be devolved to employees and agents of the Trust, who may be held personally accountable for any breaches of information security for which they may be held responsible. The Trust shall comply with the following legislation, key documents and other legislation as appropriate: The Data Protection Act (1998) 8

10 9 Information Governance Policy The Data Protection (Processing of Sensitive Personal Data) Order 2000 The Copyright, Designs and patents Act (1988) The Computer Misuse Act (1990) The Health and Safety at Work Act (1974) Human Rights Act (1998) Regulation of Investigatory Powers Act 2000 Freedom of Information Act 2000 Health & Social Care Act 2008 Confidentiality: NHS Code of Practice Records Management: NHS Code of Practice Information Security Management: NHS Code of Practice 5.2 The NHS Care Record Guarantee for England 2005 (Revised 2011) sets out the rules that govern how patient information is used in the NHS and what control the patient can have over this. It covers people's access to their own records, controls on others' access, how access will be monitored and policed, options people have to further limit access, access in an emergency, and what happens when someone cannot make decisions for themselves. Everyone who works for the NHS or for organisations delivering services under contract to the NHS has to comply with this guarantee. 5.3 The Department of Health Committee s Report on the Review of Patient Identifiable Information published December 1997 made a number of recommendations including the appointment of a Caldicott Guardian in all NHS organisations (Health Service Circular 1999/012 ) and also led to the establishment of a set of clear principles, reflecting best practice in the handling of confidential patient information. The report called for regular and routine testing of information flows against these principles and this would be developed and overseen by a network of Caldicott Guardians who would act, within each organisation, in a strategic, advisory and facilitative capacity to their Board. 5.4 During 2007 and 2008 a number of letters from the NHS Chief Executive to NHS Chief Information Officers restated the accountability and responsibility framework already in place for securing effective information governance and the action required by organisations as part of the assurance process. They also set out specific requirements for securing data in transfer. A further Cabinet Office data handling review December 2008 mandated a range of standards for managing information and to ensure compliance with the Data Protection Act These are reflected within the NHS Information Governance Toolkit (D of H mandated self-assessment against compliance with current legislation, standards and national guidance. Performance is monitored by a number of external bodies). This policy is in line with these standards. 6. MONITORING THIS POLICY The Caldicott and Information Governance Committee will monitor the implementation of this policy and subsequent revisions through: Ensuring that the roles identified within this policy are supported by key documented responsibilities and these are reviewed annually Ensuring that staff are identified for the key roles Ensuring that appropriate policy and procedures are in place and are regularly reviewed to ensure that legal and statutory requirements are being met Regular review of reported information security incidents

11 7. REVIEW OF THIS POLICY This document should be subject to review when any of the following conditions are met: a. The adoption of the Code of Conduct highlights errors and omissions in its content b. Where other standards / guidance issued by the Trust conflict with the information contained c. Where the knowledgebase regarding interpretation of the legislation evolves to the extent that revision would bring about improvement d. 3 years from the date of approval of the current version 10

12 Appendix A - INFORMATION MANAGEMENT AND SECURITY FRAMEWORK Information takes many forms and includes data stored on computers, transmitted across networks, printed copy, handwritten, sent by fax, stored on tapes, diskettes, CDs, DVDs, USB memory sticks and other mobile media, or spoken in conversation and over the telephone. Data represents an extremely valuable asset and to ensure its integrity the Trust must safeguard accuracy and completeness by protecting against unauthorised use/disclosure, modification or intelligent interruption. The increasing reliance of the NHS on information technology for the processing of data and delivery of healthcare makes it necessary to ensure that these systems are developed, operated, used and maintained in a safe and secure fashion to protect from events, accidental or deliberate, that may jeopardise healthcare activities. The key issues addressed by this framework are: Confidentiality Data is secure and access is confined to those with specified authority to view the data Integrity All system assets are operating correctly according to specification and in the way the current user believes them to be operating Availability Relevant information is delivered to the right person when it is needed 1. Information Security Awareness Training Information security awareness training shall be included in the staff induction process. An ongoing awareness programme shall be established and maintained in order to ensure that staff awareness is refreshed and updated annually. 2. Contracts of Employment Staff security requirements shall be addressed at the recruitment stage and all contracts of employment shall contain a confidentiality clause. Information security expectations of staff shall be included within appropriate job definitions. All contract agreement with a Third party supplier of goods, services or consultancy shall contain a confidentiality clause and an undertaking that any information obtained during the course of performing the contract is confidential and shall only be used for the sole purpose of the execution of the contract and will provide all necessary precaution to ensure that all such information is kept secure. 11

13 3. Security Control of Assets Each information asset, (hardware, software, IT application or data) shall have a named information asset owner who shall be responsible for the information security of that asset. A register of all computing assets and their owners will be established and maintained by the IT department. 4. Access Controls to IT secure Areas Only authorised personnel who have a justified and approved business need shall be given access to restricted areas containing information system and data storage facilities. Records of access will be maintained. 5. User Access Controls and monitoring Access to information shall be restricted to authorised users who have a bona-fide business need to access the information. Audit trail of system access and data use by staff shall be maintained and reviewed on a regular basis where the system is capable of providing this. 6. Computer Access Control Access to computer facilities shall be restricted to authorised users who have a business need to use the facilities. Access to data, system utilities and program source libraries shall be controlled and restricted to those authorised users who have a legitimate business need e.g. systems or database administrators. 7. Security of IT system In order to minimise loss of, or damage to all assets, equipment shall be physically protected from threats and environmental hazards. The Trust will define certain locations as IT secure areas and the equipment will be installed and sited in accordance with the manufacturer s specification. All items of computer equipment must be recorded on the Trust register of IT assets. IT equipment should be kept out of view of the general public if possible: where this is not possible computer screens should not normally be visible from public circulation areas. Wherever possible screen savers should be applied. Areas housing computer equipment should keep the doors and windows closed or locked when unattended. 8. IT System Management Responsibilities will be appropriately assigned for the management of IT systems. These will include the management, monitoring and auditing of access to IT systems and the timely management of new starters and leavers and those changing job role. In addition, the National Programme for IT (NPfIT) requires Trusts to have established appropriate confidentiality audit procedures. 9. Computer and Network Procedures Management of computer and networks shall be controlled through standard documented procedures that have been authorised by the IT Department. 12

14 Network risk assessments will be developed and undertaken routinely by the IT Department. A register of both internal and external users and systems will be maintained by the IT department who will be responsible for determining and controlling access rights. 10. Protection from Malicious Software The Trust shall use software countermeasures and management procedures to protect itself against the threat of malicious software. The Trust will maintain an IT Virus control Procedure. 11. User media Removable media of all types that contain software or data from external sources, or that have been used on external equipment, require the approval of the IT Security Officer before they may be used on the Trust s systems. Such media must also be fully virus checked before being used on the organisation s equipment. Users breaching this requirement may be subject to disciplinary action. Staff and contractors who are permitted to use portable media to transfer person identifiable data in the performance of their duties must apply industry standard AES256 data encryption procedures. Only the Trust approved encrypted memory/usb sticks may be used where use of these are deemed necessary. 12. Access to the Internet and The Trust will ensure adequate provision of user training to support access to Internet and . The Trust will maintain appropriate policies covering all areas regarding access to the internet and use of System Procurement and Acceptance Trust policies on security and confidentiality must be reflected in any procurement for new or enhanced systems. All purchases of hardware, software and other related IT services e.g. IT support, maintenance, consultancy must be made through the Trust s approved purchasing arrangements using the standard NHS Terms and Conditions. Managers must ensure that acceptance criteria are agreed with the supplier and Trust IG & IT services and must be thorough and adequately documented and demonstrate conformance to security and confidentiality specifications. 14. Accreditation of Information Systems The Trust shall ensure that all new information systems, applications and networks include a security plan and are approved by the IT Security Officer and Information Security Officer before they commence operation. 15. System Change Control Changes to information systems, applications or networks shall be reviewed and approved by the IT Network Manager or IT Services Manager as appropriate. 13

15 16. Intellectual Property Rights The Trust shall ensure that all information products are properly licensed and approved by the IT Department. Users shall not install software on the Trust s property without permission from the IT Department. 17. Information Risk Assessment and Management All key/critical computer systems will be subject to periodic risk assessments carried out by systems managers/administrators. In the cases of manual information processes, line managers will carry out risk assessments. The Trust will develop a procedure for carrying out IM&T systems risk assessments. The procedure will include: Roles and Responsibilities Timescales Planned and unplanned assessments Assessment of assets of the system Evaluation of potential threats/risks Assessment of likelihood of threats/risks occurring Identification of practical cost effective treatment plans Implementation programme for treatment plans Reporting Once identified, information security risks shall be managed on a formal basis. They shall be recorded within a baseline risk register and action plans shall be put in place to effectively manage those risks. The risk register and all associated actions shall be reviewed at regular intervals. Any implemented information security arrangements shall also be a regularly reviewed feature of Trust s risk management programme. 18. Business Continuity and Disaster Recovery Plans The Trust shall ensure that business impact assessment, business continuity and disaster recovery plans are produced for all mission critical information, applications, systems and networks. Departmental system/application managers are responsible for ensuring that business continuity plans are in place and identifying need for early review due to, for example, system or environment changes. Each plan for coping with disastrous failure must be approved by the appropriate level of authority in the Trust and be adequately resourced. 19. Data Quality and Validation The Trust will ensure there is up to date, complete and accurate data within information system that support operational and clinical decision-making. Where possible validation of data entry and data analysis at input stage will be incorporated and maintained. 14

16 20. Information Security Incident Management All information security events and suspected weaknesses must be reported through the Trust Incident Reporting Policy & Procedures. The Information Security officer/information Governance Manager will maintain an Information Governance procedure for Reported Information Security Incidents. All reported information security events shall be investigated to establish their cause and impacts with a view to avoiding similar events. 21. Disposal of IT Equipment and/or confidential/sensitive data IT equipment disposal must only be authorised by the IT Department. The IT department must ensure that, where possible, data storage devices are purged of sensitive data before disposal and organise any proposed secure destruction arrangements where it is not. A procedure for disposal will be documented and retained by the IT department. Unusable computer media should be destroyed (e.g. floppy disks, magnetic tapes, CD-ROMS). Where this is performed by an approved third party organisation, a certificate of disposal must be obtained. All data must be disposed off securely and in accordance with the relevant legislation and Trust policies. Contracts with the third party suppliers must have clauses relating to the safe and secure disposal of media containing data processed on behalf of the Trust. Disposal of equipment must be in accordance with the Trust Standing Orders and Standing Financial Instructions 22. Standards of Business Conduct/Declaration of Interests All Trust staff and members of the Board must comply with the Trust Guidance on Standards of Business Conduct for Trust Staff available on the Trust intranet. 15

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

NHS Business Services Authority Information Security Policy

NHS Business Services Authority Information Security Policy NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA

More information

Information security policy

Information security policy Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current

More information

Information Governance Policy

Information Governance Policy BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

Records Management Policy

Records Management Policy Once printed off, this is an uncontrolled document. Please check the Intranet for the most up to date copy Author Freedom of Information Lead Version 5.0 Issue Issue Date October 2011 Review Date October

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath

More information

Rotherham CCG Network Security Policy V2.0

Rotherham CCG Network Security Policy V2.0 Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

Gloucestershire Hospitals

Gloucestershire Hospitals Gloucestershire Hospitals NHS Foundation Trust TRUST POLICY In the case of hard copies of this policy the content can only be assured to be accurate on the date of issue marked on the document. The Policy

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

SALISBURY NHS FOUNDATIONTRUST

SALISBURY NHS FOUNDATIONTRUST SALISBURY NHS FOUNDATIONTRUST PAPER SHC 1738 TITLE Information Governance Policy PURPOSE OF PAPER The Information Governance Policy was first approved in April 2005. It is currently due for review to ensure

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Information Governance Strategy. Version No 2.1

Information Governance Strategy. Version No 2.1 Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

NHS Business Services Authority Information Governance Policy

NHS Business Services Authority Information Governance Policy NHS Business Services Authority Information Governance Policy NHS Business Services Authority Corporate Secretariat NHSBSAIGM002 Issue Sheet Document reference NHSBSAIGM002 Document location F:\CEO\IGM\Info

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact

More information

Mike Casey Director of IT

Mike Casey Director of IT Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Version 1.0. Ratified By

Version 1.0. Ratified By ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience

More information

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE. Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5

More information

Network Security Policy

Network Security Policy Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant

More information

Information governance policy

Information governance policy Information governance policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSAIGM002a S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review IG Policy\Current

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

INFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY Appendix 1 INFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY Author Information Governance Review Group Information Governance Committee Review Date May 2014 Last Update February 2013 Document No. GV

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

Corporate Information Security Management Policy

Corporate Information Security Management Policy Corporate Information Security Management Policy Signed: Chief Executive. 1. Definition of Information Security 1.1. Information security means safeguarding information from unauthorised access or modification

More information

Information Governance Policy. Church Road Medical Practice

Information Governance Policy. Church Road Medical Practice Information Governance Policy Church Road Medical Practice Version No: 1.0 Issue Date: March 2015 INFORMATION GOVERNANCE POLICY 1. Summary Information is a vital asset, both in terms of the clinical management

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval

More information

Network Security Policy

Network Security Policy IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

INFORMATION GOVERNANCE

INFORMATION GOVERNANCE This document is uncontrolled once printed. Please refer to the Trusts Intranet site (Procedural Documents) for the most up to date version INFORMATION GOVERNANCE NGH-PO-233 Ratified By: Procedural Document

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Highland Council Information Security Policy

Highland Council Information Security Policy Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY NWAS Information Governance Policy Page: Page 1 of 10 Date of Issue: January 2014 Date of Review February 2015 Recommended by Approved by Information Governance Management

More information

INFORMATION RISK MANAGEMENT POLICY

INFORMATION RISK MANAGEMENT POLICY INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October 2013. Document Author(s) Collette McQueen ICT Policy THCCGIT20 Version: 01 Executive Summary This document defines the Network Infrastructure and File Server Security Policy for Tower Hamlets Clinical Commissioning Group (CCG). The Network Infrastructure

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

Information Management Policy CCG Policy Reference: IG 2 v4.1

Information Management Policy CCG Policy Reference: IG 2 v4.1 Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:

More information

University of Liverpool

University of Liverpool University of Liverpool IT Asset Disposal Policy Reference Number Title CSD 015 IT Asset Disposal Policy Version Number v1.2 Document Status Document Classification Active Open Effective Date 22 May 2014

More information

Information Governance Framework

Information Governance Framework Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information

More information

43: DATA SECURITY POLICY

43: DATA SECURITY POLICY 43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:

More information

Information Governance Standards in Relation to Third Party Suppliers and Contractors

Information Governance Standards in Relation to Third Party Suppliers and Contractors Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging

More information

General Register Office for Scotland information about Scotland s people. Paper NHSCR GB 1/08. NHSCR Scotland Information Governance Standards

General Register Office for Scotland information about Scotland s people. Paper NHSCR GB 1/08. NHSCR Scotland Information Governance Standards General Register Office for Scotland information about Scotland s people Paper NHSCR GB 1/08 NHSCR Scotland Information Governance s This is a draft on which the Board s comments would be welcome. Contents

More information

IS INFORMATION SECURITY POLICY

IS INFORMATION SECURITY POLICY IS INFORMATION SECURITY POLICY Version: Version 1.0 Ratified by: Trust Executive Committee Approved by responsible committee(s) IS Business Continuity and Security Group Name/title of originator/policy

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY Information Security Policy INFORMATION SECURITY POLICY Introduction Norwood UK recognises that information and information systems are valuable assets which play a major role in supporting the companies

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT

INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT Prepared By: Alistair Stewart Responsible Person: Endorsed by: Information Governance Committee Date: May 2008 Review: June 2009 Issue Number Draft

More information