OPERATIONAL DIRECTIVE. Data Stewardship and Custodianship Policy. Superseded By:

Size: px
Start display at page:

Download "OPERATIONAL DIRECTIVE. Data Stewardship and Custodianship Policy. Superseded By:"

Transcription

1 OPERATIONAL DIRECTIVE Enquiries to: Ruth Alberts OD number: OD0321/11 Performance Directorate Phone number: Date: February 2011 Supersedes: OD 0107/08 File No: F-AA Subject: Data Stewardship and Custodianship Policy In the course of its operations, WA Health collects, stores, uses and discloses a large volume of data. The data is an important resource used for the clinical care of patients, for funding, management, planning, monitoring, improvement, research and evaluation of health and health services in the state. The State of WA is the owner of all data collected by and within WA Health. The responsibility for its security, management and (legitimate) disclosure are delegated to the Director General of the Department of Health (DG). Through the various instruments of delegation, the DG delegates a number of these responsibilities to senior officers to administer and/or manage. Data Stewards have delegated responsibility for setting the overall strategic direction of data collections to ensure the collection is developed, maintained and utilised in accordance with the strategic goals of WA Health. Data Stewards are also responsible for authorising the access, use and disclosure of data from data collections for clearly defined purposes that comply with WA Health s statutory obligations. Data Custodians have delegated responsibility for the ongoing development, data collection maintenance and review of data collections. They are responsible for the quality of the data, its security, timeliness and adherence to standards. Data Custodians are nominated and endorsed by the Data Stewards. This policy documents the appointment of Data Stewards and Data Custodians and their associated roles and responsibilities. Kim Snowball DIRECTOR GENERAL DEPARTMENT OF HEALTH WA This information is available in alternative formats upon a request from a person with a disability. 1

2 Data Stewardship and Custodianship Policy Data Custodian Policy 1. BACKGROUND In the course of its operations, WA Health collects, stores, uses and discloses a large volume of data. The data is an important resource used for the clinical care of patients, for funding, management, planning, monitoring, improvement, research and evaluation of health and health services in the state, including accountability to the Minister for Health and Parliament. The State of Western Australia (WA) is the owner of all data collected by and within WA Health irrespective of the method of storage or size of the collection. The data is a valuable corporate asset that is managed to support the business of WA Health for the benefit of all Western Australians. WA Health data also includes highly sensitive business and personal information which needs to managed to ensure that confidentiality and privacy are maintained in compliance with the common law and all applicable legislation. 2. SCOPE This policy applies to all data collections, including those provided for by statute, held by or within WA Health. It includes collections of patient, corporate, financial and workforce information. The scope of this policy includes both paper-based and electronic data. For the purpose of this policy, a data collection includes both operational data collections and data repositories. 3. PURPOSE The purpose of the Data Stewardship and Custodianship Policy is to ensure that data is collected for a legitimate purpose, managed appropriately and only disclosed for an approved purpose. This is achieved through the allocation of accountability and responsibility for all data collections in WA Health by documenting how Data Stewards and Custodians are appointed and their roles and responsibilities. 4. POLICY A Data Steward and Custodian will be formally assigned to all data collections, regardless of size, where one or more of the following conditions are met: The data collection is used to meet business, operational or legislative requirements; The State of WA has a strategic need for the data; The data collection contains personal information; The data collection is used for reporting at a state level, national level or external to the health service where the data collection resides; or The data collection is used across multiple health services. Page 1 of 10

3 5. DELEGATED AUTHORITIES The State of WA is the legal owner of all data collected by and within WA Health. The responsibility for its security, management and (legitimate) disclosure are delegated to the Chief Executive Officer of the various government agencies. Within WA Health, the Director General of the Department of Health (DG) is the delegated owner of all data and information collected, stored, used and disclosed within the various entities. Through the various instruments of delegation, the DG delegates a number of these responsibilities to senior officers to administer and/or manage. Data Stewards have delegated responsibility for setting the overall strategic direction of the specific data collection to ensure the collection is developed, maintained and utilised in accordance with the strategic goals of WA Health. Data Stewards are also responsible for authorising the access, use and disclosure of data from the data collection for clearly defined purposes that comply with WA Health s statutory obligations. Data Custodians have delegated responsibility for the ongoing development, data collection, maintenance and review of the collection. Data Custodians are responsible for the quality of the data, its security, timeliness and adherence to standards. Data Custodians must be nominated and endorsed by the Data Stewards. The data collections within WA Health are stored in enterprise systems and local systems. 5.1 Enterprise Systems Enterprise systems are large-scale, integrated information systems which support processes, information flows, reporting and data analytics across WA Health. Typically enterprise systems are classed as tier 1 applications requiring 24 hour, 7 day per week availability and technical support. Enterprise systems for WA Health include EDIS, TOPAS, HCARe, icm, Psolis, TMS, AIMS/Clinical Incident Management System, Stork, ipharmacy, icm, Oracle Financials, Alesco and Objective. The Executive Director, Performance Activity and Quality Division (PAQ), is the Data Steward for enterprise systems. 5.2 Local Systems Local systems are small to medium scale information systems which support processes, information flows, reporting and data analytics within a local area. Typically local systems are classed as tier 2 and 3 applications requiring availability and technical support during business hours only. Data collections/information systems used within individual areas such as the Hospital Morbidity Data Collection, Finance Data Warehouse and Vehicle Booking Systems are considered to be local systems under this policy. Page 2 of 10

4 The Data Stewards for local systems are: Chief Executives (Tier 1b) for Metropolitan Area Health Services (AHS) Chief Executive (Tier 1b) for the WA Country Health Service (WACHS) Executive Directors (Tier 2) for the Department of Health (DOH) The diagram below illustrates the delegations of authority. Ownership State of WA Responsibilities Delegated Director General Data Steward Enterprise Systems: Executive Director PAQ Local Systems: Tier 2 (DOH) Tier 1b (AHS) Tier 1b (WACHS) Data Custodian Nominated and Approved by Data Steward 6. ROLES AND RESPONSIBILITIES OF DATA STEWARDS Data Stewards are responsible for: Setting the strategic direction for the data collection; Ensuring that information and communications technology (ICT) and information management investment for the data collection is aligned to the strategic goals of WA Health; Ensuring that projects and initiatives are aligned and coordinated to deliver the best value; Ensuring the use, disclosure and access to data meets legislative responsibilities and other arrangements entered into by the State; Developing a role based Access Control model which specifies the types of users that can access the data collection and the level of access permitted; Developing an Information Disclosure model which specifies the level of approval required prior to releasing information from the data collection based on the granularity and sensitivity of the information requested; and Nominating a Data Custodian for the day-to-day management, operation and support of each data collection. Page 3 of 10

5 7. ASSIGNMENT OF DATA CUSTODIANS Data Custodians are responsible for the day-to-day management of data from a business perspective. The Data Custodian aims to improve the accuracy, usability and accessibility of data with the data collection. For enterprise systems, Data Custodians must be nominated and endorsed by the Data Steward. For local systems, Data Custodians must be nominated and endorsed by the Data Steward following recommendation from the relevant Executive Team(s) within AHS, WACHS and DOH. Data Custodians are accountable to the nominated Data Steward for the data collection. The nominated Data Custodian for the data collection must complete the proforma in Attachment A, providing a summary of the data collection. The completed proforma must be endorsed by the Data Steward and submitted to the Information Development and Management (IDM) branch within the PAQ Division. IDM will submit relevant details on behalf of the Data Steward to the SHEF Performance Reporting and Governance Sub Committee for noting. 7.1 New Data Collections Prior to establishing a new data collection, a Data Custodian must be appointed for the data collection. All proposals for new data collections must designate a Data Custodian in accordance with this policy. 7.2 Existing Data Collections Data Stewards are responsible for coordinating the assignment of Data Custodians to existing data collections. This includes: Identifying data collections within the scope of this policy; Identifying the appropriate Data Custodian for each data collection by applying the criteria for selection specified in this policy in consultation with stakeholders; and Notifying the Data Custodian of their responsibilities. 7.3 Criteria for selecting Data Custodians The criteria for selecting the appropriate Data Custodian include: Competence, skills and authority to discharge the custodianship responsibilities; Understanding of the relevant legislation and policies; and Understanding of business needs of all users. Custodianship responsibilities for data collections may be allocated to an office or position but not to a named person. Page 4 of 10

6 7.4 Assignment of Custodianship Where powers and responsibilities for collection of data are assigned by statute they will be held and exercised in accordance with the relevant legislation and may only be delegated in accordance with the relevant legislation. Where custodianship responsibilities for data collections are not assigned by statute then the Data Steward must endorse the assignment of custodianship of the data collection. The assignment of custodianship will be in writing specifying details of the relevant data collection and the responsibilities allocated. Attachment A provides a template which needs to be completed. A list of officers assigned custodianship responsibilities will be published on the web to provide potential users of the data with a point of contact to discuss their requirements. 8. ROLES AND RESPONSIBILITIES OF DATA CUSTODIANS Data Custodians are responsible for the day-to-day management of data on behalf of the State of WA. This encompasses a range of responsibilities. Data Custodian s responsibilities include, but are not limited to, the following: (a) Data Collection Planning The responsibilities include ensuring that the design of the information system in which the data is stored, the implementation of changes to existing systems and the development of new systems, meets business needs. This includes: Identifying the information requirements including identifying and consulting with key stakeholders and users of the information system; Identifying the data items needed to meet the requirements; Identifying existing or overlapping sources of information; Identifying relevant standards, policies and guidelines; Identifying requirements to meet legislative responsibilities and other arrangements entered into by the State; Adhering to organisational metadata standards; Adhering to organisational data quality standards; Adhering to organisational data security standards; and Developing and maintaining system metadata. (b) Data Collection Management and Production Responsibilities include the day-to-day management and production of the data. This includes: Establishing data collection procedures; Ensuring data meets data quality standards; Ensuring data security; Ensuring data is not misused; Ensuring data is not misrepresented; Page 5 of 10

7 Establishing procedures to permit and review access to information as required by relevant legislation and in accordance with the requirements of the Data Steward; Ensuring data continues to meet business requirements; Ensuring access to and disclosure of data is in accordance with the Access Control model and Information Disclosure model as specified by the Data Steward; Extracting data for authorised uses; Providing data to authorised recipients; and Ensuring the retention, storage and disposal of data is in accordance with relevant legislation and organisational policies. Data Custodians may assign day-to-day tasks associated with their responsibilities to directly supervised staff. 9. RESPONSIBILITIES OF USERS All those who contribute to or use data collections within WA Health have responsibilities to other users, Data Stewards, Data Custodians, the DG and the State of WA. These responsibilities include: Maintaining agreed standards when collecting and submitting information to data collections; Using the data in an appropriate manner consistent with accompanying metadata; Citing the source and currency of information they use; Advising Data Custodians of any changes to their information requirements; Advising the Data Custodian of any errors or omissions in the data sets or information products they receive; and Maintaining confidentiality and security of the information in accordance with conditions of use and relevant legislation. Users who breach confidentiality and security may be subject to disciplinary action and other remedies available through legislative provision such as the Public Service Regulations and the Criminal Code. Unauthorised access, use and disclosure of confidential information is misconduct pursuant to the WA Health Code of Conduct and suspected cases may be reported to the Corruption and Crime Commission (refer to Information Security Policy). 10. DEFINITIONS A Data Collection is a systematic gathering of data for a particular purpose from various sources, including manual entry into an application system, questionnaires, interviews, observation, existing records and electronic devices. This includes both operational data collections and data repositories. A Data Repository includes data that is collected from various sources, including operational data collections for the primary purpose of monitoring, evaluation, reporting and research. Examples of data repositories include data held within the Hospital Morbidity Data Collection, Finance Data Warehouse and the Emergency Department Data Collection (EDDC). Page 6 of 10

8 An Operational Data Collection includes data that is collected as part of the day-today activities of an area for the primary purpose of tracking and managing the operational aspects of the area. The operational data collection is typically a transaction-based system which contains detailed data elements to represent the activities of the area. Examples of operational data collections include data held within Patient Administration Systems, TRIM, Financial Systems and Human Resource Management Systems. Personal information means information about an individual whose identity is apparent or can reasonably be ascertained. It includes both information of a sensitive nature (e.g. name, address, age, salary) and health information (e.g. diagnosis, treatment). WA Health incorporates the legal entities of the Metropolitan Health Service, WA Country Health Service, Department of Health and the administrative entities of North Metropolitan Area Health Service and South Metropolitan Area Health Service. 11. RELEVANT POLICIES Database Administration Standard Data Management Policy Information Security Policy Information Classification Policy Acceptable Use Standard Computing and communications facilities 12. RELEVANT LEGISLATION Hospitals and Health Services Act 1927 Health Legislation Administration Act 1984 Health Act 1911 Human Reproductive Technology Act 1991 Freedom of Information Act 1992 State Records Act 2000 WA Mental Health Act 1996 Financial Management Act 2006 Public Sector Management Act SUPPORTING DOCUMENT NSW Health Process for Approval of New or Modified Data Collections. NSW: NSW Health. (accessed on 17 January 2010) Page 7 of 10

9 Assignment of Data Custodian Please complete the questions below: Q1. Name of Data Collection Q2. Brief description and purpose of Data Collection Q3. The Data Collection is classified as: An Enterprise System A Local System Q4. Data Custodian (Include Name and Role or Position - names only are not acceptable) Name: Position/ Role: Q5. Do the data items that are being collected exist in another data collection? Yes If yes, specify the collection and the reasons it is not utilised No Health Data Collections Templates

10 Assignment of Data Custodian Q6. Impact of data collection on WA Health (e.g. supports reform initiatives; supports mandatory National requirements; required by legislation) Q7. Issues associated with data collection and how they will be resolved Q8. Estimated cost to establish and maintain data collection (if known) Health Data Collections Templates

11 Data Steward and Custodian Sign-Off Data Custodian Sign Off Name and Position or Role: HE Number/Signature: Date: Contact Details: Data Steward Sign Off Name and Position HE Number/Signature: Date: Contact Details: Name: Position/ Role Phone: Name: Position: Phone: Please submit completed template to the Senior Policy Officer (Ruth Alberts) within the Performance Activity and Quality Division. Ruth Alberts can be contacted on (08) if you require any assistance in completing the attached template. Health Data Collections Templates

OPERATIONAL DIRECTIVE SUPERSEDED

OPERATIONAL DIRECTIVE SUPERSEDED OPERATIONAL DIRECTIVE Enquiries to: Karen Lopez Tel.: (08) 9222 4135 Number: OD 0107/08 Date: 19 February 2008 Supersedes: File No: 07-00218 Subject: Health Data Management Policy WA Health, like most

More information

Information Circular

Information Circular Information Circular Enquiries to: Brooke Smith Senior Policy Officer IC number: 0177/14 Phone number: 9222 0268 Date: March 2014 Supersedes: File No: F-AA-23386 Subject: Practice Code for the Use of Personal

More information

Data Governance Policy. Version 2.0 19 October 2015

Data Governance Policy. Version 2.0 19 October 2015 Version 2.0 19 October 2015 Document Title: Summary: Date of Issue: Status: Contact Officer: Applies To: References: This policy provides the Cancer Institute NSW with an instrument to formally manage

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY POLICY STATEMENT The records of Legal Aid NSW are a major component of its corporate memory and risk management strategies. They are a vital asset that support ongoing operations

More information

1. BACKGROUND Accuracy Timeliness Comparability Usability Relevance

1. BACKGROUND Accuracy Timeliness Comparability Usability Relevance Data Quality Policy 1. BACKGROUND WA Health, like most organisations, is becoming increasingly dependent on information for decision-making. Ensuring that this information is of the highest possible quality

More information

Council Policy. Records & Information Management

Council Policy. Records & Information Management Council Policy Records & Information Management COUNCIL POLICY RECORDS AND INFORMATION MANAGEMENT Policy Number: GOV-13 Responsible Department(s): Information Systems Relevant Delegations: None Other Relevant

More information

NSW Data & Information Custodianship Policy. June 2013 v1.0

NSW Data & Information Custodianship Policy. June 2013 v1.0 NSW Data & Information Custodianship Policy June 2013 v1.0 CONTENTS 1. PURPOSE... 4 2. INTRODUCTION... 4 2.1 Information Management Framework... 4 2.2 Data and information custodianship... 4 2.3 Terms...

More information

Human Research Ethics Committee. Application Process for Personal Health Information

Human Research Ethics Committee. Application Process for Personal Health Information Human Research Ethics Committee Application Process for Personal Health Information Version: 26 July 2012 Contents 1. Preamble... 2 2. Health data collections and the data linkage system... 2 3. Overview

More information

Information Management Responsibilities and Accountability GUIDANCE September 2013 Version 1

Information Management Responsibilities and Accountability GUIDANCE September 2013 Version 1 Information Management Responsibilities and Accountability GUIDANCE September 2013 Version 1 Document Control Document history Date Version No. Description Author September 2013 1.0 Final Department of

More information

Data Governance. Policy FINAL (Approved)

Data Governance. Policy FINAL (Approved) Data Governance Policy FINAL (Approved) July 2010 DOCUMENT CONTROL Document Title: Data Governance Policy Summary: This document defines the policies of the Cancer Institute NSW regarding our data governance

More information

Data Protection Policy. Information Security Review Group. Version Date Author Notes on Revisions

Data Protection Policy. Information Security Review Group. Version Date Author Notes on Revisions Document Control Table Document Title: Author(s) (name, job title and Division): Version Number: Document Status: Date Approved: Approved By: Effective Date: Date of Next Review: Superseded Version: Data

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

DFS C2013-6 Open Data Policy

DFS C2013-6 Open Data Policy DFS C2013-6 Open Data Policy Status Current KEY POINTS The NSW Government Open Data Policy establishes a set of principles to simplify and facilitate the release of appropriate data by NSW Government agencies.

More information

Part A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...

Part A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES... Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation

More information

Information and records management. Purpose. Scope. Policy

Information and records management. Purpose. Scope. Policy Information and records management NZQA Quality Management System Policy Purpose The purpose of this policy is to establish a framework for the management of corporate information and records within NZQA.

More information

SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)

SCHEDULE C to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND

More information

Rowan University Data Governance Policy

Rowan University Data Governance Policy Rowan University Data Governance Policy Effective: January 2014 Table of Contents 1. Introduction... 3 2. Regulations, Statutes, and Policies... 4 3. Policy Scope... 4 4. Governance Roles... 6 4.1. Data

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT

More information

INFORMATION SECURITY MANAGEMENT POLICY

INFORMATION SECURITY MANAGEMENT POLICY INFORMATION SECURITY MANAGEMENT POLICY Security Classification Level 4 - PUBLIC Version 1.3 Status APPROVED Approval SMT: 27 th April 2010 ISC: 28 th April 2010 Senate: 9 th June 2010 Council: 23 rd June

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

Data Governance in-brief

Data Governance in-brief Data Governance in-brief What is data governance? Data governance is the system of decision rights and accountabilities surrounding data and the use of data. It can involve legislation, organisational

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

SCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL

SCHEDULE C ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING AMONG ALBERTA HEALTH SERVICES, PARTICIPATING OTHER CUSTODIAN(S) AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

Guideline for Roles & Responsibilities in Information Asset Management

Guideline for Roles & Responsibilities in Information Asset Management ISO 27001 Implementer s Forum Guideline for Roles & Responsibilities in Information Asset Management Document ID ISMS/GL/ 003 Classification Internal Use Only Version Number Initial Owner Issue Date 07-08-2009

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY 1. POLICY OBJECTIVE 1.1 The University of South Africa (Unisa) has the responsibility to manage, store and retain certain documentation, records and other forms of information

More information

Data privacy, secrecy and security policy

Data privacy, secrecy and security policy A Data privacy, secrecy and security policy 11 March 2014 v2.0 Administrator of the National Health Funding Pool: Data privacy, secrecy and security policy Page 1 of 52 Document Control Sheet Document

More information

NSW Government Open Data Policy. September 2013 V1.0. Contact

NSW Government Open Data Policy. September 2013 V1.0. Contact NSW Government Open Data Policy September 2013 V1.0 Contact datansw@finance.nsw.gov.au Department of Finance & Services Level 15, McKell Building 2-24 Rawson Place SYDNEY NSW 2000 DOCUMENT CONTROL Document

More information

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents West Midlands Police and Crime Commissioner Records Management Policy 1 Contents 1 CONTENTS...2 2 INTRODUCTION...3 2.1 SCOPE...3 2.2 OVERVIEW & PURPOSE...3 2.3 ROLES AND RESPONSIBILITIES...5 COMMISSIONED

More information

Guidelines for Best Practices in Data Management Roles and Responsibilities

Guidelines for Best Practices in Data Management Roles and Responsibilities Guidelines for Best Practices in Data Management Roles and Responsibilities September 2010 Data Architecture Advisory Committee A subcommittee of Information Architecture & Standards Branch Table of Contents

More information

APES 310 Dealing with Client Monies

APES 310 Dealing with Client Monies M EXPOSURE DRAFT ED 01/10 (April 2010) APES 310 Dealing with Client Monies Proposed Standard: APES 310 Dealing with Client Monies (Supersedes APS 10) [Supersedes APES 310 Dealing with Client Monies issued

More information

APES 310 Dealing with Client Monies

APES 310 Dealing with Client Monies EXPOSURE DRAFT ED 01/10 (April 2010) APES 310 Dealing with Client Monies ISSUED: December 2010 Proposed Standard: APES 310 Dealing with Client Monies (Supersedes APS 10) Prepared and issued by Accounting

More information

1.2. You should read these terms and conditions carefully before signing the Application Form.

1.2. You should read these terms and conditions carefully before signing the Application Form. Clearing House Terms and Conditions (as at 30 May 2012) 1. Status of these Terms and Conditions 1.1. These terms and conditions and the Application Form are intended to describe the manner and extent to

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

Daltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual

Daltrak Building Services Pty Ltd ABN: 44 069 781 933. Privacy Policy Manual Daltrak Building Services Pty Ltd ABN: 44 069 781 933 Privacy Policy Manual Table Of Contents 1. Introduction Page 2 2. Australian Privacy Principles (APP s) Page 3 3. Kinds Of Personal Information That

More information

Information Integrity & Data Management

Information Integrity & Data Management Group Standard Information Integrity & Data Management Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is

More information

Data Protection Breach Management Policy

Data Protection Breach Management Policy Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

Policies and Procedures POLICY: Breach Notification and Mitigation Policy Policy #21 Effective Date: November 7, 2013

Policies and Procedures POLICY: Breach Notification and Mitigation Policy Policy #21 Effective Date: November 7, 2013 Policies and Procedures POLICY: Breach Notification and Mitigation Policy Policy #21 Effective Date: November 7, 2013 Purpose: HIPAA, HITECH, the Illinois Personal Information Protection Act ( PIPA ),

More information

august09 tpp 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

august09 tpp 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper august09 09-05 Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper Preface Corporate governance - which refers broadly to the processes

More information

Policy Statement on. Associations. Eligibility to apply for a Scheme under Professional Standards Legislation May 2014

Policy Statement on. Associations. Eligibility to apply for a Scheme under Professional Standards Legislation May 2014 Policy Statement on on Code Business of Conduct Entity Associations Eligibility to apply for a Scheme under Professional Standards Legislation May 2014 Table of Contents Professional Standards Council

More information

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information: Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal

More information

Policy Checklist. Head of Information Governance

Policy Checklist. Head of Information Governance Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust

More information

DATA PROTECTION ACT POLICY. Version 7.0

DATA PROTECTION ACT POLICY. Version 7.0 DATA PROTECTION ACT POLICY Version 7.0 Document owner Director ICT Document author and enquiry point Alison Moss, IT Security & Access Manager Date of document June 2010 Version 7.0 Document classification

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013 Information Governance Policy Version 1.0 June 2013 Copyright Notification Copyright London Borough of Islington 2012 This document is distributed under the Creative Commons Attribution 2.5 license. This

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

Government Owned Corporations. Corporate Governance Guidelines for Government Owned Corporations

Government Owned Corporations. Corporate Governance Guidelines for Government Owned Corporations Government Owned Corporations Corporate Governance Guidelines for Government Owned Corporations Version 2.0 The State of Queensland (Queensland Treasury) The Queensland Government supports and encourages

More information

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text

More information

1. Introduction Purpose The purpose of this policy is to:

1. Introduction Purpose The purpose of this policy is to: 1. Introduction 1.1. Overview The use of Closed Circuit Television or Surveillance Cameras (collectively known as CCTV) that capture and process images of individuals, who can be identified from those

More information

Mobile Telephone and Wireless Handheld Devices Policy & Guideline. Information Management and Technology Policy

Mobile Telephone and Wireless Handheld Devices Policy & Guideline. Information Management and Technology Policy Information Management and Technology Policy TITLE: MOBILE TELEPHONE AND WIRELESS HANDHELD DEVICES 1 POLICY Purpose The purpose of this policy is to: 1. Establish a uniform and consistent approach to the

More information

University of Hawai i Executive Policy on Data Governance (Draft 2/1/12)

University of Hawai i Executive Policy on Data Governance (Draft 2/1/12) University of Hawai i Executive Policy on Data Governance (Draft 2/1/12) I. Definition Data governance is the exercise of authority and control (planning, monitoring, and enforcement) over the management

More information

Information security policy

Information security policy Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core

More information

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...

More information

FACS Community Complaints Guidelines for Ageing and Disability Direct Services

FACS Community Complaints Guidelines for Ageing and Disability Direct Services FACS Community Complaints Guidelines for Ageing and Disability Direct Services Summary: This is designed to guide FACS staff when handling community complaints and is an extension of the FACS Community

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

Security Awareness and Training

Security Awareness and Training T h e A u d i t o r - G e n e r a l Audit Report No.25 2009 10 Performance Audit A u s t r a l i a n N a t i o n a l A u d i t O f f i c e Commonwealth of Australia 2010 ISSN 1036 7632 ISBN 0 642 81115

More information

Records Disposal Schedule Anti-Discrimination Services Northern Territory Anti-Discrimination Commission

Records Disposal Schedule Anti-Discrimination Services Northern Territory Anti-Discrimination Commission Records disposal schedule Records Disposal Schedule Anti-Discrimination Services Northern Territory Anti-Discrimination Commission Disposal Schedule No. 2015/12 August 2015 NT Archives Service For information

More information

NHS Business Services Authority Information Security Policy

NHS Business Services Authority Information Security Policy NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

PROFESSIONAL INDEMNITY CLAIM FORM

PROFESSIONAL INDEMNITY CLAIM FORM ACE Insurance Limited PROFESSIONAL INDEMNITY CLAIM FORM McKenna Hampton Pty Ltd "Kandahar House" Level 1, 41-43 Ord Street West Perth WA 6005 PO Box 204, West Perth WA 6872 Phone: 08 6142 0000 Fax: 08

More information

Information Management and Security Policy

Information Management and Security Policy Unclassified Policy BG-Policy-03 Contents 1.0 BG Group Policy 3 2.0 Policy rationale 3 3.0 Applicability 3 4.0 Policy implementation 4 Document and version control Version Author Issue date Revision detail

More information

MOBILE TELEPHONES POLICY & GUIDELINES

MOBILE TELEPHONES POLICY & GUIDELINES MOBILE TELEPHONES POLICY & GUIDELINES 1 PURPOSE The purpose of this policy is to: Implement a uniform and consistent approach to providing mobile telephony devices for WA Health official communications;

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...

More information

Mount Gibson Iron Limited Corporate Governance Policies and Practices Manual Shareholder Communication Policy

Mount Gibson Iron Limited Corporate Governance Policies and Practices Manual Shareholder Communication Policy 1 Introduction 1.1 Mount Gibson Iron Limited (the Company) is committed to the following objectives: (d) (e) Ensuring that shareholders and the market are provided with full and timely information about

More information

Treasurer s Guidelines for the Use of the Queensland Government Corporate Purchasing Card

Treasurer s Guidelines for the Use of the Queensland Government Corporate Purchasing Card Treasurer s Guidelines for the Use of the Queensland Government Corporate Purchasing Card Policy requirements for public sector entities using corporate credit cards as a payment tool Document details

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

More information

Asset Management Policy

Asset Management Policy Asset Policy DETAILS Council Admin Effective from: July 2015 Contact officer: Executive Coordinator Strategic Asset, Corporate Asset Next review date: June 2017 File reference: LG343/1045/03/01 ispot #

More information

Operational Directive

Operational Directive Operational Directive Enquiries to: Will Monaghan OD number: 0533/14 A/ Phone number: 9222 2411 Date: 11 May 2015 Supersedes: N/A File No: F-AA- 28269 Subject: PROCUREMENT DELEGATION SCHEDULE AND PROCUREMENT

More information

Information and records management. Purpose. Scope

Information and records management. Purpose. Scope Information and records management NZQA Quality Management System Policy Purpose The purpose of this policy is to establish a framework for the management of information and records within NZQA and assign

More information

Records Management - Department of Health

Records Management - Department of Health Policy Directive Records Management - Department of Health Document Number PD2009_057 Publication date 24-Sep-2009 Functional Sub group Corporate Administration - Records Ministry of Health, NSW 73 Miller

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise

More information

MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY. Ensuring Information is Accurate and Fit for Purpose

MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY. Ensuring Information is Accurate and Fit for Purpose MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY Index: Introduction Information is a Corporate Resource Personal Responsibility Information Accessibility Keeping Records of what we do Ensuring

More information

Customer Complaints Management Policy

Customer Complaints Management Policy GOVERNANCE AND STRATEGY Customer Complaints Management Policy Effective date: 10/12/2014 Version: 2.00 CHC/2013/315 1. Purpose This policy is designed to ensure the Department of Environment and Heritage

More information

NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH

NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH Council of Australian Governments An agreement between the Commonwealth of Australia and the States and Territories, being: The State of New South Wales The State

More information

Data Protection Policy

Data Protection Policy Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...

More information

Client complaint management policy

Client complaint management policy Client complaint management policy 1. Policy purpose This policy implements section 219A of the Public Service Act 2008 in the Department of Justice and Attorney-General (DJAG). Under this section, Queensland

More information

Whitepaper. Implications of Federal Privacy Reforms for Federal Government Agencies. Date Released: 1 August 2013

Whitepaper. Implications of Federal Privacy Reforms for Federal Government Agencies. Date Released: 1 August 2013 Whitepaper Implications of Federal Privacy Reforms for Federal Government Agencies Date Released: 1 August 2013 Authors: Amanda Biggs and Helaine Leggat Disclaimer This White Paper is published for general

More information

Policy No: TITLE: EFFECTIVE DATE: CANCELLATION: REVIEW DATE:

Policy No: TITLE: EFFECTIVE DATE: CANCELLATION: REVIEW DATE: Policy No: TITLE: AP-AA-17.2 Data Classification and Data Security ADMINISTERED BY: Office of Vice President for Academic Affairs PURPOSE EFFECTIVE DATE: CANCELLATION: REVIEW DATE: August 8, 2005 Fall

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

FUND MANAGER CODE OF CONDUCT

FUND MANAGER CODE OF CONDUCT FUND MANAGER CODE OF CONDUCT First Edition pursuant to the Securities and Futures Ordinance (Cap. 571) April 2003 Securities and Futures Commission Hong Kong TABLE OF CONTENTS Page INTRODUCTION 1 I. ORGANISATION

More information

Information Management Advice 50 Developing a Records Management policy

Information Management Advice 50 Developing a Records Management policy Information Management Advice 50 Developing a Records Management policy Introduction This advice explains how to develop and implement a Records Management policy. Policy is central to the development

More information

Disposal Schedule for Functional records of Retirement Benefits Fund. Disposal Authorisation No. 2416

Disposal Schedule for Functional records of Retirement Benefits Fund. Disposal Authorisation No. 2416 Disposal Schedule for Functional records of Retirement Benefits Fund Disposal Authorisation No. 2416 TABLE OF CONTENTS INTRODUCTION Page 4 Archives legislation Page 4 Schedule elements and arrangement

More information

Information Privacy Policy

Information Privacy Policy Information Privacy Policy pol-032 Version: 2.01 Last amendment: Oct 2014 Next Review: Aug 2017 Approved By: Council Date: 04 May 2005 Contact Officer: Director, Strategic Services and Governance INTRODUCTION

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Review Policy Reference Number Title CSD-014 Information Security Review Policy Version Number 1.2 Document Status Document Classification Active Open Effective

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

4.10 Information Management Policy

4.10 Information Management Policy Policy Statement Information is a strategic business resource that the must manage as a public trust on behalf of Nova Scotians. Effective information management makes program and service delivery more

More information

STRATEGIC PLAN 2013-16

STRATEGIC PLAN 2013-16 STRATEGIC PLAN 2013-16 CONTACT INFORMATION If you require further information or have any queries in relation to this Strategic Plan, please contact: National Health Funding Body PO Box 3139, Manuka ACT

More information

INFORMATION MANAGEMENT STRATEGIC FRAMEWORK GENERAL NAT 11852-08.2004 OVERVIEW

INFORMATION MANAGEMENT STRATEGIC FRAMEWORK GENERAL NAT 11852-08.2004 OVERVIEW GENERAL OVERVIEW NAT 11852-08.2004 SEGMENT FORMAT PRODUCT ID INFORMATION MANAGEMENT STRATEGIC FRAMEWORK In the context of the Information Management Strategic Framework, information is defined as: information

More information

Institutional Data Governance Policy

Institutional Data Governance Policy Institutional Data Governance Policy Policy Statement Institutional Data is a strategic asset of the University. As such, it is important that it be managed according to sound data governance procedures.

More information

Information Handling Policy

Information Handling Policy Information Handling Policy 10 December 2015 Information Handling Policy 1. Who We Are 1.1 In this Information Handling Policy, references to we, our, us and ClearView are to ClearView Wealth Limited and

More information

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide Standard 1 Governance for Safety and Quality in Health Service Organisations Safety and Quality Improvement Guide 1 1 1October 1 2012 ISBN: Print: 978-1-921983-27-6 Electronic: 978-1-921983-28-3 Suggested

More information