Senate. SEN15-P17 11 March Paper Title: Enhancing Information Governance at Loughborough University

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Senate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University"

Transcription

1 SEN15-P17 11 March 2015 Senate Paper Title: Enhancing Information Governance at Loughborough University Author: Information Technology & Governance Committee 1. Specific Decision Required by Committee 2. Relevance to University Strategy Senate is asked to : (i) Consider and comment on the draft Information Governance Policy including mandatory training for all staff, ahead of its consideration by Council (ii) Note the proposals on detailed sub-policies and information reviews. Contributes to Para 4.1 of the strategic implementation plan: Ensure that our governance and infrastructure are: - efficient - able to support change effectively - able to support collaborative initiatives - valued by staff and students Also contributes to risk management and effective legal compliance. 3. Executive Summary This paper presents an update on recent work undertaken to improve the University s approach to Information Governance and security. A draft high level policy is presented for approval. An action plan has been developed to address gaps in policy, training and procedures in the area of information governance in order to reduce risk, provide reassurance to partners, individuals and Council that data is held and used appropriately and securely and that the institution is compliant with relevant legislation and good practice. 4. Essential Background Information 5. Risks, Risk Mitigation and Governance/ Accountability 6. Implications for other activities This is a potential area of major risk for the institution. A recent incident involving personal data highlighted some of the issues. The CUC governance code expects the governing body to manage risk and ensure legal compliance across the institutions activities. The implementation of the wider Information Governance action plan will require input from various key stakeholders from across the campus and commitment from the majority of staff. If approved, mandatory training will need to be incorporated into the staff probationary period and staff development portfolio. 7. Resource and Cost Up to 10k for initial training package over three years. Other resource implications may emerge as work proceeds. Requests will be made in the normal way through Operations Committee 8. Alternative Options considered 9. Other Groups/Individuals consulted. Do nothing significant risk and potential that some research partners would refuse to work with us. A wide range of professional staff representing all of the key services within the University have been involved and School input has been sought via an Operations Manager. The proposals received in depth discussion at ITGC. Additional academic staff input will be sought in the next stages of the action plan.

2 10. Future Actions, Timescales & Frequency of Review by this Committee. Please see proposed timeline of actions contained within the paper. 11. Success Criteria (KPIs) No negative information related incidents, increased speed of handling of Data Protection and Freedom of Information requests. Straightforward responses to requirements of research funders and partners. 12. University Executive comment (required for Council papers only) 2

3 1. Background Significant gaps have been identified in the University s current approach to Information Governance. Specific areas of concern include the lack of an overarching Information Governance Policy, the current limited provision of formal staff training and the recognition that information held by the University may not always be in an appropriately secure format. The following risks have been identified: Personal staff or student data may be released or accessible to third parties Sensitive student or staff data may be shared without consent within the University Commercially sensitive information may be released or accessible to third parties The University may not meet the requirements of research sponsors and other partners in relation to information governance and security (including potential loss of future research income) Individuals or organisations experiencing detriment as a result of the above could take legal action against the University Damage to reputation as a result of information security breaches Staff time is wasted when making responses to Data Protection and FOI requests due to poor information management practices Important data may be lost due to poor information management practices Data may be retained for longer than necessary or duplicated in local systems, taking up storage capacity (physical or virtual) and in potential breach of the Data Protection Act There is a lack of clarity over approval mechanisms for sharing data between corporate systems which may lead to irregular and inefficient practices Some initial work in this area was undertaken during 2014 and an informal group (the Information Governance Working Group) has met three times to begin to establish a course of action for addressing these concerns. The group has identified the following priority areas to be addressed in the short term. (a) (b) (c) (d) Develop and finalise a high level, overarching Information Governance Policy to cover all areas of the University. Develop a comprehensive set of Information Governance and Security sub-policies. Outline a plan for effective staff communications and training (to include an updated University Code of Practice for IT Professionals). Conduct an initial University-wide Data Review to be undertaken via self-assessment, by each of the Schools and Professional Services. Full implementation of the planned actions, bearing in mind the size of the University and the complexity of its business, will necessarily take some time but the intention is to use the findings of the Data Review to identify the areas of greatest risk which will be targeted in the initial stages of the work. 2. Information Governance Policy and Training [Appendix 1] The attached draft Information Governance policy has been agreed by the Information Technology and Governance Committee and is now presented to Senate for consideration and comment before consideration by Council on 27 March 2015 for formal approval. The policy aims to provide a high level framework for the University s commitment to effective information governance. The intention is that the high level policy will be supported by a number of more detailed policies and procedures which in some cases already exist, though they may require some revision, and in other areas are in the process of being drafted. 3

4 Embedded within the high level Policy (in Annex 1) is a commitment to delivering training to all staff. In order to address this proposal, online training packages covering the key aspects of good information practice are currently being reviewed to identify a quality solution which makes effective and proportionate use of staff time. Additional specific training is likely to be required for staff in some specialist roles. ITGC recommends that the basic training be mandatory and that probationary sign off for new staff be subject to it being completed. The implications of this recommendation will be discussed at Human Resources Committee. It is intended that Annex 1 of the high level policy will clearly define the roles and responsibilities of Senior Managers/Deans for ensuring that staff are complying with the Policy and have completed the necessary training. The current draft is an initial statement of staff responsibilities and is likely to be developed further as expectations and procedures are defined more explicitly. Senate is asked: (a) To consider the proposed Information Governance Policy and comment ahead of Council s consideration and formal approval; (b) To note that the practical implications of the mandatory training for all staff to which the Policy refers will be discussed at Human Resources Committee. 3. Proposal for an Information Governance Sub-Committee To provide co-ordination of the work and detailed advice to Information Technology and Governance Committee in this area, the Information Governance Working Group is being re-constituted as a formal Sub-Committee of the Information Technology and Governance Committee. Draft Terms of Reference and the proposed composition and membership are in the process of being finalised. Senate is asked to note this development. 4. Information Governance and Security Sub Policies: A suite of Information Governance and Security Policies is under development. The intention is to base these on the ISO 27001:2005 and ISO 27001:2013 international standards as alignment with these is sought by research partners. However, the challenge will be to develop concise documents which are also fit for purpose and accessible to relevant staff and, where applicable, students. The aim is for a full set of policies to be submitted for formal approval in July Whilst practice in some areas is already close to compliance with good practice, any urgent actions identified in the process of developing the policies will be taken forward immediately. However, it is envisaged that full implementation of the policies will commence from summer 2015 following formal approval. 5. Data Review and Architecture At present, the University does not have a full overview of the nature of the data it is holding and the location and security of that data. Given the diversity of institutional activity, it is recommended that the remit and scope of an initial Data Review should cover the whole of the University. Exploratory work has 4

5 been undertaken to seek the views of other HEIs that have previously undertaken an exercise of this kind and it was noted that in one case, a detailed audit had not been well received by staff. With this in mind, an initial light touch review is proposed by ITGC, which will serve the purpose of identifying possible areas of high risk that require immediate action, as well as those areas that might require more in depth audit. Work is planned for March and April with a view to findings being presented in the summer term to inform the draft policies and future actions. ITGC has also proposed further work to improve processes and clarify decision-making around the use, sharing and access to key data to follow the initial actions proposed above. 5

6 APPENDIX 1 DRAFT Loughborough University INFORMATION GOVERNANCE POLICY 1. Summary Information is a vital asset to the University. It underpins the University s Research, Teaching and Enterprise. It is fundamental to all other activities associated with its staff, students, funders, collaborators, and strategic partners as well as the efficient management of all its services and resources. It plays a key part in governance, planning and performance management. It is therefore of paramount importance to ensure that information is efficiently managed, and that appropriate policies, procedures and management accountability and structures provide a robust governance framework for information management. 2. Principles The University recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. The University fully supports the principles of good corporate governance and recognises its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal and commercially sensitive information that is held by the institution. The University also recognises the need to share information and data with other organisations and other agencies in a controlled manner consistent with the interests of our staff, students, funders, collaborators and strategic partners and, in some circumstances and where appropriate, with the public. The University believes that accurate, timely and relevant information is essential to deliver the highest quality in all its activities. There are 3 key interlinked strands to the University s information governance policy: Openness Legal compliance Information security 2.1. Openness Non-confidential information on the University and all its activities should be available to the public through a variety of media. This may include through: open access publishing, the institutional repository, Freedom of Information Act compliance, etc. The University adopts a general policy of openness in terms of allowing individuals access to their personal information. Personal information will be maintained and released to the individuals concerned on request in accordance with the provisions of the Data Protection Act. The University has clear procedures and arrangements for liaison with the press, on-line and broadcasting media through its Marketing and Advancement function. The University will have clear procedures and arrangements for handling queries from our staff, students, funders, collaborators, strategic partners, suppliers and the public. 6

7 The University will support the effective sharing of data where appropriate Legal Compliance The University regards all identifiable personal and commercial information relating to its staff, students, funders, collaborators, and strategic partners and as processed in the course of its research activities as confidential, except where relevant legislation requires otherwise. The University will undertake or commission regular and appropriate assessments and audits of its compliance with legal requirements. The University has established and will maintain policies to ensure compliance with all relevant legislation. The University has established and will maintain policies for the controlled and appropriate sharing of information with other agencies, taking account of relevant legislation Information Security The University will establish and maintain policies for the effective and secure management of its information assets and resources. The University will undertake or commission regular and appropriate assessments and audits of its information and IT security arrangements. The University will promote effective confidentiality and security practice to all its staff, students, partners and suppliers through policies, procedures and/or training as appropriate. The University, through the Information Governance Sub-Committee of the Information Technology and Governance Committee will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and information security. 3. Responsibilities It is the role of the University Council to approve the University s policy in respect of Information Governance, taking into account legal and Higher Education Sector requirements. Council is also ultimately responsible via the Chief Operating Officer for ensuring that sufficient resources are provided to support the requirements of the policy. The Information Technology and Governance Committee, comprising representation from across the University, with support from the Information Governance Sub-Committee, is responsible for overseeing Information Governance policy and planning, developing and maintaining policies, standards, procedures and guidance, coordinating Information Governance in the University and raising awareness of Information Governance. Staff and students are expected to take ownership of, and seek to improve, the quality of information within their specified areas of activity. There is also an expectation that this policy and its supporting standards and guidelines are built into local processes and procedures and that there is on-going compliance. All staff, whether permanent, temporary or contracted, and contractors/suppliers are responsible for ensuring that they are aware of the requirements incumbent upon them in and for ensuring that they comply with these on a day to day basis. Specific responsibilities of key staff will be found in Annex 1. This policy document will be reviewed on an annual basis by the Information Governance Sub- Committee of the Information Technology and Governance Committee. 7

8 Annex 1 Staff Responsibilities 1. Chief Operating Officer The Chief Operating Officer (COO) is responsible to the Vice-Chancellor on a delegated basis for the general oversight and development of information governance policy. The COO has responsibility for ensuring policies and procedures are implemented and that mechanisms are established to monitor their effectiveness. 2. Deans of Schools and Heads of Professional Services Deans of Schools and Heads of Professional Services have responsibility for the implementation of University information governance policies and procedures in their Schools and Services. The Dean or Head of Service should demonstrate visible commitment to good information governance by: (a) Ensuring that all staff undertake the general training in good information governance practice provided by the University. (b) Ensuring that staff undertake specialised information governance training relevant to their roles (e.g. research data management). (c) Ensuring that there are systems in the School or Service to maintain awareness of the information held and to ensure it is stored, used and shared only in accordance with University policies and procedures. (d) Providing sufficient resources for staff to be able to comply with University policies and procedures. (e) Bringing to the attention of the COO, any breach of statutory requirements which cannot be dealt with at School/Service level and/or may have implications for the University more widely. (f) Ensuring that staff co-operate fully with any information or information security audits authorised by the Information Technology and Governance Committee. (g) Ensuring students and staff are aware of the School or Service s procedures for secure handling of their personal data. (h) Ensuring that University information governance policies and procedures are followed in any dealings, formal or informal, with third party individuals and organisations. 8

Information Technology and Governance Committee

Information Technology and Governance Committee Information Technology and Governance Committee Paper Title: Enhancing Information Governance at Loughborough University Author: Information Governance Sub-Committee 1. Specific Decision Required by Committee

More information

Information Governance Policy. Church Road Medical Practice

Information Governance Policy. Church Road Medical Practice Information Governance Policy Church Road Medical Practice Version No: 1.0 Issue Date: March 2015 INFORMATION GOVERNANCE POLICY 1. Summary Information is a vital asset, both in terms of the clinical management

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from August 2009 Date last amended August 2009

More information

Gloucestershire Hospitals

Gloucestershire Hospitals Gloucestershire Hospitals NHS Foundation Trust TRUST POLICY In the case of hard copies of this policy the content can only be assured to be accurate on the date of issue marked on the document. The Policy

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY NWAS Information Governance Policy Page: Page 1 of 10 Date of Issue: January 2014 Date of Review February 2015 Recommended by Approved by Information Governance Management

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

SALISBURY NHS FOUNDATIONTRUST

SALISBURY NHS FOUNDATIONTRUST SALISBURY NHS FOUNDATIONTRUST PAPER SHC 1738 TITLE Information Governance Policy PURPOSE OF PAPER The Information Governance Policy was first approved in April 2005. It is currently due for review to ensure

More information

Information Governance Policy

Information Governance Policy BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014 CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY December 2014 DOCUMENT INFORMATION Author: Barbara Sansom Information Governance Manager Equality Impact Assessment Consultation & Approval

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Information Governance Framework

Information Governance Framework Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

NHS Sheffield CCG Performance Management Framework

NHS Sheffield CCG Performance Management Framework NHS Sheffield CCG Performance Management Framework Governing Body meeting 3 December 2015 Author(s) Rachel Gillott, Deputy Director of Delivery and Performance Sponsor Tim Furness, Director of Delivery

More information

ACADEMIC POLICY FRAMEWORK

ACADEMIC POLICY FRAMEWORK ACADEMIC POLICY FRAMEWORK Principles, Procedures and Guidance for the Development & Review of Academic Policies [V.1] Page 2 of 11 TABLE OF CONTENTS 1. FRAMEWORK OVERVIEW... 3 2. PRINCIPLES... 4 3. PROCESS...

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

Compliance Management Framework. Managing Compliance at the University

Compliance Management Framework. Managing Compliance at the University Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance

More information

Civil Aviation Authority. Regulatory Enforcement Policy

Civil Aviation Authority. Regulatory Enforcement Policy Civil Aviation Authority Regulatory Enforcement Policy PAGE 2 REGULATORY ENFORCEMENT POLICY Civil Aviation Authority This policy is subject to a phased implementation process please therefore check applicability

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval

More information

National Standards for Safer Better Healthcare

National Standards for Safer Better Healthcare National Standards for Safer Better Healthcare June 2012 About the Health Information and Quality Authority The (HIQA) is the independent Authority established to drive continuous improvement in Ireland

More information

Lancashire County Council Information Governance Framework

Lancashire County Council Information Governance Framework Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice

More information

Responding to the Security Gap Analysis

Responding to the Security Gap Analysis University of Glasgow gla.its/its/security_gap_resp.doc/2006-04-06/1 Responding to the Security Gap Analysis James Currall April 2006 Introduction The University engaged Boldon James to conduct a gap analysis

More information

LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT 2011-2012

LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT 2011-2012 106 LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT 2011-2012 Leicestershire County Council believes that managing current and future risk, both opportunity and threat, is increasingly vital

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance

More information

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

Aberdeen City Council IT Governance

Aberdeen City Council IT Governance Aberdeen City Council IT Governance Internal Audit Report 2013/2014 for Aberdeen City Council May 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary where applicable Terms or

More information

Governance Document Management Framework

Governance Document Management Framework Governance Document Management Framework Relevant Definitions: In the context of this document: AB means Academic Board Contact Officer means the position responsible for the day to day implementation

More information

INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT

INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT Prepared By: Alistair Stewart Responsible Person: Endorsed by: Information Governance Committee Date: May 2008 Review: June 2009 Issue Number Draft

More information

Audit of Business Continuity Planning

Audit of Business Continuity Planning Cumbria Office of the Police & Crime Commissioner Audit of Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens),

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

Asset and Development Coordinator

Asset and Development Coordinator Department: Section: Location: Works and Services Technical Services City Offices Position Overview The is a critical role within Council s Technical Services section of the Works and Services Department

More information

CQC Corporate Governance Framework

CQC Corporate Governance Framework CQC Corporate Governance Framework Introduction This document describes the components of CQC s Corporate Governance Framework: what it is intended to achieve, what the components of the Framework are

More information

INFORMATION GOVERNANCE

INFORMATION GOVERNANCE This document is uncontrolled once printed. Please refer to the Trusts Intranet site (Procedural Documents) for the most up to date version INFORMATION GOVERNANCE NGH-PO-233 Ratified By: Procedural Document

More information

Information Governance Framework and Strategy. November 2014

Information Governance Framework and Strategy. November 2014 November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Chiropractic Boards response 15 December 2008

Chiropractic Boards response 15 December 2008 NATIONAL REGISTRATION AND ACCREDITATION SCHEME FOR THE HEALTH PROFESSIONS Chiropractic Boards response 15 December 2008 CONSULTATION PAPER Proposed arrangements for accreditation Issued by the Practitioner

More information

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE. Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5

More information

Information Management Policy London Borough of Barnet

Information Management Policy London Borough of Barnet Information Management Policy London Borough of Barnet DATA PROTECTION 11 Information Management Policy - Unrestricted Document Control Document Description Version V.03 Date Created September 2010 Information

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

Operations. Group Standard. Business Operations process forms the core of all our business activities

Operations. Group Standard. Business Operations process forms the core of all our business activities Standard Operations Business Operations process forms the core of all our business activities SMS-GS-O1 Operations December 2014 v1.1 Serco Public Document Details Document Details erence SMS GS-O1: Operations

More information

Risk Management Policy

Risk Management Policy 1 Purpose Risk management relates to the culture, processes and structures directed towards the effective management of potential opportunities and adverse effects within the University s environment.

More information

Securing Information in an Outsourcing Environment (Guidance for Critical Infrastructure Providers) Executive Overview Supplement.

Securing Information in an Outsourcing Environment (Guidance for Critical Infrastructure Providers) Executive Overview Supplement. Securing Information in an Outsourcing Environment (Guidance for Critical Infrastructure Providers) Executive Overview Supplement June 2011 DISCLAIMER: This document is intended as a general guide only.

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

Compliance. Group Standard

Compliance. Group Standard Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

More information

NHS Business Services Authority Information Governance Policy

NHS Business Services Authority Information Governance Policy NHS Business Services Authority Information Governance Policy NHS Business Services Authority Corporate Secretariat NHSBSAIGM002 Issue Sheet Document reference NHSBSAIGM002 Document location F:\CEO\IGM\Info

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

Information Security Management System (ISMS) Policy

Information Security Management System (ISMS) Policy Information Security Management System (ISMS) Policy April 2015 Version 1.0 Version History Version Date Detail Author 0.1 18/02/2015 First draft Andy Turton 0.2 20/02/2015 Updated following feedback from

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013 Information Governance Policy Version 1.0 June 2013 Copyright Notification Copyright London Borough of Islington 2012 This document is distributed under the Creative Commons Attribution 2.5 license. This

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

Risk Management Policy and Process Guide

Risk Management Policy and Process Guide Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including

More information

www.monitor.gov.uk The NHS Foundation Trust Code of Governance

www.monitor.gov.uk The NHS Foundation Trust Code of Governance www.monitor.gov.uk The NHS Foundation Trust Code of Governance About Monitor Monitor is the sector regulator for health services in England. Our job is to protect and promote the interests of patients

More information

Informatics: The future. An organisational summary

Informatics: The future. An organisational summary Informatics: The future An organisational summary DH INFORMATION READER BOX Policy HR/Workforce Management Planning/Performance Clinical Document Purpose Commissioner Development Provider Development Improvement

More information

D-CRIS Information Governance Assurance

D-CRIS Information Governance Assurance D-CRIS Information Governance Assurance Date: 05 08 2013 Version: 1.0 Author: Murat Soncul Contents 1. Introduction... 3 2. CRIS Security Model... 3 3. SLaM Information Governance Framework... 4 4. Roles

More information

Information Governance Strategy. Version No 2.1

Information Governance Strategy. Version No 2.1 Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of

More information

Internal Audit and Risk Management Policy for the NSW Public Sector

Internal Audit and Risk Management Policy for the NSW Public Sector 6 February 2015 The Director Financial and Accounting Policy Branch Fiscal and Economic Group NSW Treasury GPO Box 5469 Sydney NSW 2001 T +61 2 9223 5744 F +61 2 9232 7174 E info@governanceinstitute.com.au

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

Business Continuity Management Policy and Framework

Business Continuity Management Policy and Framework Management Policy and Framework Version: Produced by: Date Produced: Approved by: Updated: 7 University Manager with the assistance of the Operational Group 11 th March 2010 Steering Group (14 December

More information

RISK MANAGEMENT STRATEGY 2014-17

RISK MANAGEMENT STRATEGY 2014-17 RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team

More information

College Governance Statement of Principles, Scheme of Delegation and Terms of Reference

College Governance Statement of Principles, Scheme of Delegation and Terms of Reference College Governance Statement of Principles, Scheme of Delegation and Terms of Reference 1. Principles: 1.1 Background This document sets out the principles underpinning the College Corporation s work.

More information

UoD IT Job Description

UoD IT Job Description UoD IT Job Description Role: Projects Portfolio Manager HERA Grade: 8 Responsible to: Director of IT Accountable for: Day to day leadership of team members and assigned workload Key Relationships: Management

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

National Approach to Information Assurance 2014-2017

National Approach to Information Assurance 2014-2017 Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

Information Governance and Management Standards for the Health Identifiers Operator in Ireland

Information Governance and Management Standards for the Health Identifiers Operator in Ireland Information Governance and Management Standards for the Health Identifiers Operator in Ireland 30 July 2015 About the The (the Authority or HIQA) is the independent Authority established to drive high

More information

[Organisation Name] KEY [COMPANY NAME] A.B.N. XX-XXX-XXX-XXX. Board [Name] Committee Charter / Terms of Reference

[Organisation Name] KEY [COMPANY NAME] A.B.N. XX-XXX-XXX-XXX. Board [Name] Committee Charter / Terms of Reference This is a sample charter / terms of reference for a board committee. Each heading is accompanied by an explanation of the purpose of each element of the charter / terms of reference. KEY = Explanatory

More information

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide Standard 1 Governance for Safety and Quality in Health Service Organisations Safety and Quality Improvement Guide 1 1 1October 1 2012 ISBN: Print: 978-1-921983-27-6 Electronic: 978-1-921983-28-3 Suggested

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Information Integrity & Data Management

Information Integrity & Data Management Group Standard Information Integrity & Data Management Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is

More information

Information governance policy

Information governance policy Information governance policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSAIGM002a S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review IG Policy\Current

More information

Submission to the Department of Environment Regulation s Draft Guidance Statement on Regulatory Principles December 2014

Submission to the Department of Environment Regulation s Draft Guidance Statement on Regulatory Principles December 2014 Submission to the Department of Environment Regulation s Draft Guidance Statement on Regulatory Principles December 2014 Chamber of Commerce and Industry of Western Australia (Inc) About CCI The Chamber

More information

Guide to the National Safety and Quality Health Service Standards for health service organisation boards

Guide to the National Safety and Quality Health Service Standards for health service organisation boards Guide to the National Safety and Quality Health Service Standards for health service organisation boards April 2015 ISBN Print: 978-1-925224-10-8 Electronic: 978-1-925224-11-5 Suggested citation: Australian

More information

Information governance strategy 2014-16

Information governance strategy 2014-16 Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope

More information

Risk Management. Group Standard

Risk Management. Group Standard Group Standard Risk Management Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise SMS

More information

Consultation Paper CP18/15. Corporate governance: Board responsibilities

Consultation Paper CP18/15. Corporate governance: Board responsibilities Consultation Paper CP18/15 Corporate governance: Board responsibilities May 2015 Prudential Regulation Authority 20 Moorgate London EC2R 6DA Prudential Regulation Authority, registered office: 8 Lothbury,

More information