Information Integrity & Data Management

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Information Integrity & Data Management"

Transcription

1 Group Standard Information Integrity & Data Management Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is accurate, consistent and produced in a timely manner in order to enable effective decision making. SMS GS-II1 Information Integrity & Data Management December 2014 V1.1 Serco Public

2 Document Details Contents Document Details erence SMS GS-II1: Information Integrity & Data management Approval Date December 2014 Serco Public Version 1.1 Date for next review December 2016 Applicability Serco Group covering all business regions, operating companies and business units throughout the world 1 Authority Chief Executive, Serco Group plc Accountable Policy Owner (Group) Chief Information Officer (Group) Additional Information Supporting standards, standard operating procedures and guidance relating to this Group Standard are available on Our World under Serco Management System Governance Our policies and standards, together with any regional or market requirements and enhancements to them, are authorised through a robust governance process. The SMS Quality Manual describes this process and is available on Our World under Serco Management System Consequence Management As a Group Standard the requirements detailed in this document are mandated and must be adhered to. Non-compliance will have consequences which may include disciplinary action. The Consequence Management Group Standard (SMS-GS-G1) details how instances of noncompliance will be dealt with 1 As used herein, Serco Group and its affiliates, subsidiaries and operating companies are referred to as Serco, the Company or company, or we, us or our. 1 Objectives Policy Standards Data integrity management Contract document management Incident reporting Freedom of information Document retention Document and record management Responsibilities & Accountabilities Processes and Governance processes and controls Key processes and controls Supporting documentation and guidance Definitions Further information and support SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

3 1 Objectives Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is accurate, consistent and produced in a timely manner in order to enable effective decision making. To achieve this we will: demonstrate data and information integrity internally, externally and with our customers by providing accurate, consistent and timely responses not make misleading, false or exaggerated claims mandate and monitor acceptable use standards regarding employees access, processing and publishing of information (including the use of social media) 1 manage the access to information available on Our World, the Company s intranet classify information in accordance with the Security Group Standard 2 record all commercial, business and legal transactions and securely maintain all material documents, including signed contract documents and variations ensure consistency of response and accurate reporting of incidents and accidents 3 manage requests for information from public authorities in accordance with relevant laws and regulations 4 retain documents and records appropriately and in accordance with business and legislative requirements 5 implement effective document management processes and controls to ensure all documents and records are handled, stored, reviewed and disposed of appropriately 2 Policy Standards 2.1 Data integrity management S1. When providing information internally or externally, or responding to customer enquiries, tenders and bids as well as media, regulatory agencies and other external audiences, the information issued on behalf of the Company will be accurate, consistent, complete and timely. We will not make misleading, false or exaggerated claims concerning the Company, or competitors S2. All business information of Serco will be treated with confidentiality, including information obtained regarding Serco s customers and other business partners S3. Sensitive information will be protected by appropriate confidentiality agreements and applicable security protocols and encryption, distinguished from information that is freely disclosable and clearly marked 6 S4. All information created on the internet or other social media will be fair to and respect all religions, political, economic and racial differences and opinions and show proper consideration for others privacy S5. Customer information will remain confidential unless the customer has given written consent, or the al Legal Representative has confirmed that the law or the contract requires its disclosure S6. All employees will ensure that the information they access, process and publish which relate to Serco (whether in or outside of work) comply with: our values and Governing Principles our Code of Conduct relevant Serco policy standards and operating procedures all applicable laws (including copyright, trademarks, the fair use of material owned by others and data protection legislation), and do not result in harm or damage to Serco s reputation 1 See Acceptable Use Group Standard : SMS-GS-BC1 2 See Security Group Standard : SMS-GS-S1 3 See Incident Reporting & Management GSOP : SMS GSOP O1-2 4 See Freedom of Information GSOP : SMS GSOP II1-1 5 See Document Retention GSOP : SMS GSOP II1-2 6 See Acceptable Use Group Standard (Privacy) : SMS-GS-BC1 2 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

4 S7. Financial records and reports will be accurate and complete and will conform to relevant international and national legislation and regulations 7 S8. Internal and external performance and compliance information will be verifiably accurate. If this information cannot be verified, this should be noted when the information is reported. An action plan will be developed to ensure information can be verified as accurate in the future. If this is not possible then the issue will be reported to the next level of management S9. Serco employees will not falsify records or misrepresent facts S10. Material which refers to Serco or uses the Company s name on multimedia and social networking websites may be published, providing that this is done in a professional and responsible manner, does not harm or tarnish the image, reputation and goodwill of Serco and our employees and meets our Acceptable Use Group Standard 8 S11. Where mistakes occur in the provision of information, these must be corrected in a timely manner 2.2 Contract document management S12. All commercial, business and legal transactions, including information relating to contract change, contractual negotiation, financial and service performance, will be properly and accurately recorded with input from the al Legal Representative S13. All material documents that govern Serco s contractual relationships, including signed contract documents and variations, must be held in a safe and secure manner and in accordance with document retention requirements 9 S14. Where contractual documentation is stored electronically it must be securely stored on a Serco managed network with adequate security controls (as required by the security classification) 10 S15. Where documents are stored on a customer network, and there is no secondary store in a Serco managed network, a document register must be maintained, stating document location and access methods, to ensure information is accessible by Serco employees S16. Where contractual documentation must be retained in hard-copy format, this must be stored in appropriately secured file storage location on Serco premises, on a contract site or at an approved 3 rd party archive location S17. Hard copy documents must be recorded in a document register that is stored within the contract s electronic document management system S18. A clear audit trail of contractual documents and their changes will be maintained to preserve commercial and contractual integrity during the lifetime of service delivery and beyond. All documents must be clearly marked with a version number and provide a change history S19. It is recognised that contracts relating to Government secure or restricted goods or services may implement additional security requirements, which will impact on the nature of both the physical and electronic locations for document storage and access to this storage. Where such requirements are in place, they will be complied with S20. Contracts and other documents relating to a contractual dispute or claim (for instance internal and external correspondence) will be maintained and not released or destroyed except as directed by Serco s legal representatives 2.3 Incident reporting S21. All incidents, accidents and significant events will be categorised and reported using the Serco Incident Reporting Scale (SIRS), subject to any applicable limitations, e.g. confidential reporting and other regulated activity, and in a manner so as to properly preserve defences, legal privileges and other rights and interests of Serco 11 7 See Finance Group Standard : SMS-GS-F1 8 See Acceptable Use Group Standard : SMS-GS-BC1 9 See Document Retention GSOP : SMS GSOP II See Security Group Standard : SMS-GS-S1 11 SIRS is detailed in Annex A of Incident Reporting & Management GSOP : SMS GSOP O1-2 3 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

5 S22. All incidents, accidents and significant events will be entered onto ASSURE and reported to any other appropriate national or other regulatory body in accordance with legal requirements S23. All incidents, accidents and significant events will be investigated and escalated in accordance with Serco Incident Reporting Scale (SIRS) 12 S24. Corrective and preventive actions will be implemented and communicated following investigations 2.4 Freedom of information S25. Processes will be in place to handle requests for information by the public where there is a statutory or regulatory requirement to do so. In the UK this relates to the Freedom of Information Act 2000 and the Environment Information Regulation S26. Where such requests are made, Serco will work with the customer to ensure an appropriate and proportionate response S27. Any information that is published must not compromise personal security of the individual, their colleagues, our customers or our business. Particular care must be taken regarding government or public sector clients; in these cases vetting status or the sensitivity of the work being done must not be disclosed S28. All commercially sensitive, trade secrets or confidential information should be clearly marked Document retention S29. Document retention systems and procedures will be established which address the manner in which the particular organisation and employees deal with documents in the various jurisdictions they operate within S30. Procedures will be implemented for the retention and destruction of hard and soft copies of documents created and received by Serco S31. The Document Retention Group Standard Operating Procedure 15 must be referred to when considering the appropriate retention periods for documentation. However, consideration should also be given to local retention requirements agreed with customers S32. Records will be kept for as long as is necessary for the business purposes of Serco which may be defined in legislation, regulatory or contractual requirements. Other circumstances may also need to be considered such as litigation, government investigation or those identified by the al Legal Representative or their designee(s) S33. Where the al Legal Representative has identified a need to retain records, they will notify appropriate departments and retain relevant records until further notice, ensuring disposal of those records when no longer required in an appropriate manner and timeframe 2.6 Document and record management S34. All documents and records must be controlled, handled, stored, reviewed and disposed of, appropriate to their security classification, document type and retention period 16 S35. Documentation handled and stored but not owned by Serco will be managed in line with customer contractual requirements S36. Document ownership will be clearly defined where operating procedures or supporting documentation are shared with the customer. Such documents will be appropriately identified and classified to ensure the correct Intellectual Property Rights and Data Classification status are established as defined 12 See Incident Reporting and Management GSOP : SMS GSOPO See Freedom of Information GSOP : SMS GSOP II See Information Privacy Classification GSOP : SMS-GSOP-S See Document Retention GSOP : SMS GSOP II See Quality Policy Statement : SMS-PS-Q and Security Group Standard : SMS-GS-S1 4 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

6 3 Responsibilities & Accountabilities S37. The following responsibilities will apply to the delivery of the defined standards. If these are not completed effectively, the person responsible will be accountable for any consequences 17. Group S38. The Group CEO will appoint a Group Information and Data Management Lead responsible for: a. developing and maintaining Group information and data management policy b. ensuring standards and associated procedures and key controls remain fit for purpose, reflect legislative and regulatory requirements and effectively manage information and data management risks c. providing oversight and reporting S39. The al CEO will ensure an individual(s) is allocated responsibility for: a. Information and Data Management b. Freedom of Information Act 18 c. Document Retention S40. al Information and Data Management Leads are responsible for: a. implementing Information and Data Management policy, standards, procedures and key controls across the ; which may include the development of country/region/al procedures and management systems b. ensuring appropriate Information and Data Management resources are available to support the business c. providing oversight and reporting divisional performance d. implementing a management assurance framework to provide confidence that key controls are being implemented effectively S41. al Freedom of Information Leads are responsible for: a. completing an information audit and notifying relevant public authorities b. handling queries concerning new or existing confidentiality clauses in contracts with public authorities c. handling notifications from a public authority that it has received a Freedom of Information request relating to Serco information and responding to those requests S42. al Document Retention Leads are responsible for: a. implementing document retention procedures b. ensuring appropriate training is provided c. providing oversight and reporting divisional performance S43. The Managing Director is responsible for: a. ensuring Information and Data Management requirements are implemented across the b. ensuring appropriate processes and controls are implemented and effective across their Contract/Function S44. Contract Managers/Functional Areas are accountable for: a. ensuring Information and Data management responsibility is clearly defined and appropriate controls are in place b. providing assurance that these requirements are being implemented effectively c. ensuring training is provided to identified data handlers and data owners to ensure they understand local processes, roles and responsibilities d. ensuring all records and documentation (including contractual documentation) are held in a safe and secure manner and in accordance with document management and retention requirements 19 e. liaising with the Legal/Contracts Team for advice and guidance, where required, regarding data and information retention, security and disclosure f. ensuring all incidents and accidents are entered into ASSURE within defined timescales and categorised according to the SIRS scale See Consequence Management Group Standard : SMS-GS-G1 18 Where legislation is in place in regard to the handling of information in public authorities 19 See Document Retention GSOP : SMS GSOP II See Incident Reporting & Management GSOP : SMS GSOP O1-2 5 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

7 All employees S45. All employees are responsible for: a. undertaking training provided and ensuring any mandatory training is kept up to date b. following defined procedures, work instructions, method statements and risk assessments c. telling a line manager or Information and Data Management Lead of any information or data management concerns 6 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

8 4 Processes and 4.1 Governance processes and controls Process for ensuring controls are in place and operating effectively P1 Responsibilities are defined and understood C1 A Group Information and Data Management Lead is appointed by the Group CEO with responsible for: developing and maintaining Group policy ensuring standards and associated procedures and key controls remain fit for purpose and manage risks providing oversight and reporting 7 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

9 Process for ensuring controls are in place and operating effectively C2 A al Information and Data Management Lead is appointed by the al CEO with responsibility for: implementing policy, standards, procedures and key controls across the division; which may include the development of country/region/divisional procedures and management systems ensuring appropriate resources are available to support the business providing oversight and reporting divisional performance implementing a management assurance framework to provide confidence that key controls are effective 8 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

10 Process for ensuring controls are in place and operating effectively C3 A al Freedom of Information Lead is appointed by the al CEO with responsibility for: completing an information audit and notifying relevant public authorities handling queries concerning new or existing confidentiality clauses in contracts with public authorities handling notifications from a public authority relating to Serco information and responding to those requests C4 A al Document Retention lead is appointed with responsibility for: implementing document retention procedures ensuring appropriate training is provided providing oversight and reporting divisional performance 9 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

11 Process C5 MDs are responsible for: ensuring information and data management requirements are implemented across the ensuring appropriate processes and controls are implemented and effective across their C6 Contract Managers/Functional Leads are responsible for: ensuring Information and Data management responsibility is clearly defined and appropriate controls are in place providing assurance that these requirements are being implemented effectively ensuring training is provided to identified data handlers and data owners to ensure they understand local processes, roles and responsibilities ensuring all records and documentation (including contractual documentation) are held in a safe and secure manner and in accordance with document management and retention requirements for ensuring controls are in place and operating effectively 10 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

12 Process liaising with the Legal/Contracts Team for advice and guidance, where required, regarding data and information retention, security and disclosure ensuring all incidents and accidents are entered onto ASSURE within defined timescales and categorised according to the SIRS scale C7 Data handlers and data owners responsibilities are defined with local procedures implemented and training provided for ensuring controls are in place and operating effectively P2 Establish Information Integrity & Data Management policy C8 Policy, standards and Group procedures are defined and published C9 Policy, standards and Group procedures are communicated and implemented P3 Establish Information Integrity and Data Management systems and processes C10 A Data Integrity Management Procedure is defined, implemented and communicated C11 Contract document management procedures are defined, implemented and communicated 11 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

13 Process C12 Incident Reporting procedures are defined, implemented and communicated C13 Freedom of Information procedures are defined, implemented and communicated C14 Document Retention Procedures are defined, implemented and communicated to address: the creation of documents in the context of potential litigation the decision-making process to be undertaken in determining whether a document should be retained and, if so, for how long the method and format of retention for particular types of documents the review to be undertaken in relation to retained documents the disposal of documents in an appropriate manner C15 Document and Record Management procedures are defined, implemented and communicated for ensuring controls are in place and operating effectively 12 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

14 Process C16 Information Integrity and Data Management systems with supporting procedures and work instructions are periodically reviewed in light of any compliance assessment and audit results, legal changes, changing circumstances and the commitment to continuous improvement C17 Legal and regulatory Information Integrity and Data Management requirements are monitored with changes reflected in systems, procedures and work instructions for ensuring controls are in place and operating effectively P4 Information Integrity and Data Management Compliance C18 An Information Integrity and Data Management compliance plan is in place C19 Agreed actions are closed out 13 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

15 4.2 Key processes and controls Process for ensuring controls are in place and operating effectively P5 Manage Information/Data Integrity C20 All data handlers and owners are trained in and understand local processes for the handling of information C21 Data Handlers and data owners have data integrity as one of their performance objectives C22 All information is classified in accordance with the Group Security Standard and Information Privacy Classification GSOP C23 Customer information is treated as confidential (unless otherwise stated in law or written consent is given by the customer or the al Legal Representative) C24 Records of written consent from customers are maintained where customer information has been publicly disclosed 14 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

16 Process for ensuring controls are in place and operating effectively C25 Sensitive information is clearly marked and protected (by confidentiality agreements, security protocols, encryption etc.) to distinguish it from information that is freely disclosable C26 Local controls are in place to verify that any records produced or information provided is accurate C27 All internal and external performance and compliance information is verifiably accurate and where this cannot be the case, mitigating actions are implemented C28 Where mitigating actions cannot be taken to verify the accuracy of performance and compliance information, this has been escalated 15 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

17 Process for ensuring controls are in place and operating effectively P6 Contract Document Management C29 Accurate records are maintained of all commercial, business and legal transactions. These include: contract changes contractual negotiation financial performance service performance C30 All material documents that govern contractual relationships, including signed contract documents and variations are securely and safely stored in accordance with document retention requirements C31 A document register is maintained and stored within the contract s electronic document management system, which includes document location and access methods for: any material contractual documents stored on a customer network any hard copies of material contractual documents held C32 All contractual documentation is clearly marked with a version number 16 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

18 Process for ensuring controls are in place and operating effectively C33 al Legal Representatives are consulted prior to releasing or destroying any material contractual documents relating to a contractual dispute or claim P7 Incident Reporting C34 Accidents, incidents and significant events are categorised and reported using the Serco Incident Reporting Scale (SIRS), subject to applicable limitations C35 All accidents and incidents, which much include HSE and security incidents, are entered onto ASSURE C36 All accidents, incidents and significant events are investigated and escalated in accordance with Serco Incident Reporting Scale (SIRS) C37 Corrective and preventive actions arising from accident and incident investigations are implemented and communicated 17 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

19 Process for ensuring controls are in place and operating effectively P8 Freedom of Information C38 Where there is a statutory or regulatory requirement to do so, processes are in place to ensure compliance in regard to handling requests for information by the public C39 All commercially sensitive, trade secrets or confidential information is clearly marked P9 Document Retention C40 All documents are retained in accordance with Statutory and Regulatory record retention requirements and the Document Retention GSOP P10 Document and Record Management C41 All documents and records are controlled, handled, stored, reviewed and disposed of, appropriate to their security classification, document type and retention period C42 Document ownership and classification is clearly defined for operating procedures and supporting documentation shared with the customer 18 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

20 5 Supporting documentation and guidance 6 Definitions Term Definition The following should be read in conjunction with this standard: Document SMS-GS-G1 Consequence Management Group Standard SMS-GSOP-II1-2 Document Retention SMS-GSOP-II1-1 Freedom of Information SMS-GSOP-O1-2 Incident Reporting & Management SMS-GS-S1 Security Group Standard SMS-GS-F1 Finance Group Standard SMS-GS-BC1 Acceptable Use Group Standard SMS-PS-Q Quality Policy Statement Accountability Group Being accountable means being not only responsible for something but also answerable for your actions. A responsible person is the individual who completes the task required. can be shared and delegated. All responsible persons will also be accountable for completing tasks effectively. Non-compliance will have consequences which may include disciplinary action as defined within the Consequence Management Group Standard. Serco Group plc is the administrative centre of the organisation, responsible for setting corporate strategy, defining governance requirements and supporting the business in its day to day operations The Group will define a set of business divisions which will be responsible for business delivery within a defined set of markets or geographies. A is a cluster of contracts which provide a similar service e.g. Health, Defence, Transport etc. Where appropriate, a separate legal entity wholly owned or where Serco has a controlling share may also be referred to as a, where appropriate. This may also refer to Counties/Territories 19 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

21 Contract Organisation Contract Manager Data Handler Data Owner A Contract provides specified requirements to a customer (either directly with Serco or to a consortium/joint Venture in which Serco is a party) A Contract will also refer to a corporate/functional area. Corporate/functional areas are functions which support the business and they include finance, HR, procurement etc. Organisation refers to a site, Contract, Business Unit and. This refers to a manager with responsibility for managing the performance of a contract and can include a Contract Manager on a day-to-day basis (or Operational Manager with devolved responsibility), a Contract Director, Partnership Director and/or a Managing Director A data-handler is any employee who collates, inputs or processes data A data-owner is the person who is accountable for the integrity and handling of the data, and will often be the Contract Manager 7 Further information and support If you require any further information or support regarding this Group Standard, or if you have any suggestions for improvement, please contact the Accountable Policy Owner (Group) or 20 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

Compliance. Group Standard

Compliance. Group Standard Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public

More information

Reputation, Brand & Communications

Reputation, Brand & Communications Group Standard Reputation, Brand & Communications Serco is committed to building a positive reputation with its stakeholders, wherever we operate SMS-GS-BC4 Reputation, Brand and Communication December

More information

Business Continuity & Crisis Management

Business Continuity & Crisis Management Group Standard Business Continuity & Crisis Management The need to plan and respond effectively is critical to the successful management of any crisis situation. Business Continuity Management is the holistic

More information

Consequence Management

Consequence Management Group Standard Consequence Management Serco is committed to creating an open and transparent environment, where good behaviour is rewarded and where employees feel safe in the knowledge that poor behaviour

More information

Operations. Group Standard. Business Operations process forms the core of all our business activities

Operations. Group Standard. Business Operations process forms the core of all our business activities Standard Operations Business Operations process forms the core of all our business activities SMS-GS-O1 Operations December 2014 v1.1 Serco Public Document Details Document Details erence SMS GS-O1: Operations

More information

Risk Management. Group Standard

Risk Management. Group Standard Group Standard Risk Management Effective risk management allows Serco to improve customer service, maximize opportunities and reduce business loss from overruns and cost from risks that materialise SMS

More information

Speaking Up. Group Standard

Speaking Up. Group Standard Group Standard Speaking Up Where someone believes they have information which demonstrates malpractice, wrongdoing or violations of our Code of Conduct or Governing principles, they are required to Speak

More information

Procurement & Supply Chain

Procurement & Supply Chain Group Standard Procurement & Supply Chain An effective procurement and supply chain is a critical success factor in driving competitive advantage for Serco and driving benefits for our customers SMS GS-PSC1

More information

CONTRACT MANAGEMENT POLICY

CONTRACT MANAGEMENT POLICY CONTRACT MANAGEMENT POLICY Section Finance Approval Date 25/08/2014 Approved by Directorate Next Review Aug 2016 Responsibility Chief Operating Officer Key Evaluation Question 6 PURPOSE The purpose of

More information

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013 Information Governance Policy Version 1.0 June 2013 Copyright Notification Copyright London Borough of Islington 2012 This document is distributed under the Creative Commons Attribution 2.5 license. This

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

Information and records management. Purpose. Scope. Policy

Information and records management. Purpose. Scope. Policy Information and records management NZQA Quality Management System Policy Purpose The purpose of this policy is to establish a framework for the management of corporate information and records within NZQA.

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security

More information

Information & ICT Security Policy Framework

Information & ICT Security Policy Framework Information & ICT Security Framework Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT & Regulation Group and IMG January

More information

Corporate Policy and Strategy Committee

Corporate Policy and Strategy Committee Corporate Policy and Strategy Committee 10am, Tuesday, 30 September 2014 Information Governance Policies Item number Report number Executive/routine Wards All Executive summary Information is a key asset

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Data Protection Policy June 2014

Data Protection Policy June 2014 Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND

More information

Business Ethics Policy

Business Ethics Policy Business Ethics Policy Page 1 of 12 Preface and document control This document is intended to provide information in respect of G4S Group Head Office policy, procedure, standards or guidance and will be

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

BIG LOTTERY FUND Document archive and retention policy

BIG LOTTERY FUND Document archive and retention policy BIG LOTTERY FUND Document archive and retention policy December 2010 Sonia Howe Head of Information Governance For further information regarding retention schedules please contact Page 1 of 18 Version

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath

More information

Version No: 2 Date: 27 July 2015. Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy

Version No: 2 Date: 27 July 2015. Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy Version No: 2 Date: 27 July 2015 Data Quality Policy Assistant Chief Executive Planning & Performance Data Quality Policy Contents 1. Summary Statement 2. Context 3. Purpose 4. Scope 5. Detail of the policy

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

COMPLIANCE PROGRAM FOR XL GROUP PLC

COMPLIANCE PROGRAM FOR XL GROUP PLC 1 COMPLIANCE PROGRAM FOR XL GROUP PLC I. PURPOSE The purpose of the XL Group plc Compliance Program (the Program ) is to (a) help protect XL Group plc companies from financial or reputational harm that

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

-17 2015 OUTSOURCING POLICY

-17 2015 OUTSOURCING POLICY Outsourcing Policy TABLE OF CONTENTS EXECUTIVE SUMMARY... 3 Aim & Introduction... 3 POLICY PARAMETERS... 4 Key Terms... 4 Outsourcing Agreement Requirements... 5 MATERIAL OUTSOURCING AGREEMENTS... 6 Board

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Preparation of a Rail Safety Management System Guideline

Preparation of a Rail Safety Management System Guideline Preparation of a Rail Safety Management System Guideline Page 1 of 99 Version History Version No. Approved by Date approved Review date 1 By 20 January 2014 Guideline for Preparation of a Safety Management

More information

Clause 1. Definitions and Interpretation

Clause 1. Definitions and Interpretation [Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy?... 2. 2 Scope of this Policy... 2. 3 Principles of data quality...

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy?... 2. 2 Scope of this Policy... 2. 3 Principles of data quality... Data Quality Policy Appendix A Updated August 2011 Contents 1. Why do we need a Data Quality Policy?... 2 2 Scope of this Policy... 2 3 Principles of data quality... 3 4 Applying the policy... 4 5. Roles

More information

Information and Compliance Management Information Management Policy

Information and Compliance Management Information Management Policy Aurora Energy Group Information Management Policy Information and Compliance Management Information Management Policy Version History REV NO. DATE REVISION DESCRIPTION APPROVAL 1 11/03/2011 Revision and

More information

GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK

GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK This Guideline does not purport to be a definitive guide, but is instead a non-exhaustive

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

TATE RECORDS MANAGEMENT POLICY

TATE RECORDS MANAGEMENT POLICY TATE RECORDS MANAGEMENT POLICY Adopted November 2013 Date of next review: November 2018 1. Introduction 1.1 Link to legislation and strategy Records management is linked to Tate s overall strategy outlined

More information

A Best Practice Guide

A Best Practice Guide A Best Practice Guide Contents Introduction [2] The Benefits of Implementing a Privacy Management Programme [3] Developing a Comprehensive Privacy Management Programme [3] Part A Baseline Fundamentals

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:

More information

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY CONTENTS 1. POLICY STATEMENT... 3 2. PRINCIPLES... 3 DEFINITIONS... 4 3. OBJECTIVES... 4 4. SCOPE... 4 5. OWNERSHIP & RESPONSIBILITIES...

More information

Disposal Schedule for Functional records of Retirement Benefits Fund. Disposal Authorisation No. 2416

Disposal Schedule for Functional records of Retirement Benefits Fund. Disposal Authorisation No. 2416 Disposal Schedule for Functional records of Retirement Benefits Fund Disposal Authorisation No. 2416 TABLE OF CONTENTS INTRODUCTION Page 4 Archives legislation Page 4 Schedule elements and arrangement

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

Personal Health Information Privacy Policy

Personal Health Information Privacy Policy Personal Health Information Privacy Policy Privacy Office Document ID: 2478 Version: 6.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights

More information

HORIZON OIL LIMITED (ABN: 51 009 799 455)

HORIZON OIL LIMITED (ABN: 51 009 799 455) HORIZON OIL LIMITED (ABN: 51 009 799 455) CORPORATE CODE OF CONDUCT Corporate code of conduct Page 1 of 7 1 Introduction This is the corporate code of conduct ( Code ) for Horizon Oil Limited ( Horizon

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

Information Governance and Assurance Framework Version 1.0

Information Governance and Assurance Framework Version 1.0 Information Governance and Assurance Framework Version 1.0 Page 1 of 19 Document Control Title: Original Author(s): Owner: Reviewed by: Quality Assured by: Meridio Location: Approval Body: Policy and Guidance

More information

Information and records management. Purpose. Scope

Information and records management. Purpose. Scope Information and records management NZQA Quality Management System Policy Purpose The purpose of this policy is to establish a framework for the management of information and records within NZQA and assign

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Department of the Premier and Cabinet Circular. PC030 Protective Security Policy Framework

Department of the Premier and Cabinet Circular. PC030 Protective Security Policy Framework Department of the Premier and Cabinet Circular PC030 Protective Security Policy Framework February 2012 PROTECTIVE SECURITY MANAGEMENT FRAMEWORK TABLE OF CONTENTS TABLE OF CONTENTS 2 1. PURPOSE 3 2. SCOPE

More information

Records Management plan

Records Management plan Records Management plan Prepared for 31 October 2013 Audit Scotland is a statutory body set up in April 2000 under the Finance and Accountability (Scotland) Act 2000. We help the Auditor General for Scotland

More information

NSW Data & Information Custodianship Policy. June 2013 v1.0

NSW Data & Information Custodianship Policy. June 2013 v1.0 NSW Data & Information Custodianship Policy June 2013 v1.0 CONTENTS 1. PURPOSE... 4 2. INTRODUCTION... 4 2.1 Information Management Framework... 4 2.2 Data and information custodianship... 4 2.3 Terms...

More information

Government Owned Corporations. Guidelines for Joint Venture Agreements

Government Owned Corporations. Guidelines for Joint Venture Agreements Government Owned Corporations Guidelines for Joint Venture Agreements Version 2.1 The State of Queensland (Queensland Treasury and Trade) The Queensland Government supports and encourages the dissemination

More information

43: DATA SECURITY POLICY

43: DATA SECURITY POLICY 43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:

More information

Quick Guide To Information Governance Policies

Quick Guide To Information Governance Policies Quick Guide To Information Governance Policies Data Protection The Data Protection Act 1998 established principles and rights in relation to the collection, use and storage of personal information by organisations.

More information

NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records

NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records Author: Responsible Lead Executive Director: Endorsing Body: Governance

More information

4.10 Information Management Policy

4.10 Information Management Policy Policy Statement Information is a strategic business resource that the must manage as a public trust on behalf of Nova Scotians. Effective information management makes program and service delivery more

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

Protective security governance guidelines

Protective security governance guidelines Protective security governance guidelines Security of outsourced services and functions Approved 13 September 2011 Version 1.0 Commonwealth of Australia 2011 All material presented in this publication

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Policy Checklist. Head of Information Governance

Policy Checklist. Head of Information Governance Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust

More information

Information Governance Framework

Information Governance Framework Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information

More information

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

Complaints Standard. for Suppliers. Categorised as Basic (B or F)

Complaints Standard. for Suppliers. Categorised as Basic (B or F) Complaints Standard for Suppliers Categorised as Basic (B or F) (UK version) Contents Introduction 3 Definitions 3 1. Process, Procedures and Controls 5 2. Regulatory Standards 7 3. Employees 7 4. Publicising

More information

SOCIAL MEDIA POLICY. Introduction

SOCIAL MEDIA POLICY. Introduction Introduction Throughout this Policy, the words Translink Company and/or the Group refer to all corporate entities under the ownership of the Northern Ireland Transport Holding Company (NITHC). This includes

More information

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871

More information

INFORMATION SECURITY MANAGEMENT POLICY

INFORMATION SECURITY MANAGEMENT POLICY INFORMATION SECURITY MANAGEMENT POLICY Security Classification Level 4 - PUBLIC Version 1.3 Status APPROVED Approval SMT: 27 th April 2010 ISC: 28 th April 2010 Senate: 9 th June 2010 Council: 23 rd June

More information

Exhibit 2. Business Associate Addendum

Exhibit 2. Business Associate Addendum Exhibit 2 Business Associate Addendum This Business Associate Addendum ( Addendum ) governs the use and disclosure of Protected Health Information by EOHHS when functioning as a Business Associate in performing

More information

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

University of Aberdeen Information Security Policy

University of Aberdeen Information Security Policy University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...

More information

Information Management Policy CCG Policy Reference: IG 2 v4.1

Information Management Policy CCG Policy Reference: IG 2 v4.1 Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

University of Liverpool

University of Liverpool University of Liverpool IT Asset Disposal Policy Reference Number Title CSD 015 IT Asset Disposal Policy Version Number v1.2 Document Status Document Classification Active Open Effective Date 22 May 2014

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY 1. POLICY OBJECTIVE 1.1 The University of South Africa (Unisa) has the responsibility to manage, store and retain certain documentation, records and other forms of information

More information

Data Protection Policy

Data Protection Policy Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and

More information

LGRF. Procurement Probity Plan. July 2012

LGRF. Procurement Probity Plan. July 2012 LGRF July 2012 When to develop a : A probity plan is best used for any procurement of medium complexity and size and above. A probity plan can be implemented without use of a probity advisor/auditor. Description

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY Draft Final R Version: 1 Identifier: CCS 3.2.3 Policy Section: Records Management Date Adopted: 17 July 2015 Review Date: July 2018 Author: Jenny Kennedy Review Officer: Deputy

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

Date of review: Information Governance Group January 2016. Policy Category: CONTENT SECTION DESCRIPTION PAGE

Date of review: Information Governance Group January 2016. Policy Category: CONTENT SECTION DESCRIPTION PAGE Title: Date Approved: January 2015 Division/Department: Corporate Services Corporate Records Policy Approved by: Date of review: Information Governance Group January 2016 Author (post-holder): Interim

More information