Trust Operational Policy. Information Security Department. Firewall Management Policy
|
|
- Marion Morgan
- 8 years ago
- Views:
Transcription
1 Trust Operational Policy Information Security Department Firewall Management Policy Policy Reference: 3545
2 Document Control Document Title Author/Contact Document Reference 3545 Firewall Management Policy Pauline Nordoff-Tate, Information Assurance Manager Document Impact Assessed Yes/No Date: January 2012 Version 4 Status Approved Publication Date January 2012 Review Date January 2014 Approved by (Executive) Dr P Williams, Caldicott Guardian Date: 23/01/12 Ratified by (Relevant Group) Information Governance Group Date: 23/01/12 Distribution: Royal Liverpool and Broadgreen University hospitals NHS Trust-intranet using Sharepoint which will maintain the policy document in conjunction with each document author. Please note that the Intranet version of this document is the only version that is maintained. Any printed copies must therefore be viewed as uncontrolled and as such, may not necessarily contain the latest updates and amendments.
3 Document Control Document History Version Date Comments Author Phil Pearse /11/09 Reformatted Paul McGuinness /12/09 20/09/10 Minor Revisions Minor Revisions Mark Haynes Mark Haynes /01/10 Minor Revisions Mark Haynes /01/12 Format changes and changes in 4.2;4.6 and 6 Pauline Nordoff-Tate Review Process Prior to Ratification: Name of Group/Department/Specialist Committee Date IT Department March 2006 Information Governance Group by January 2010 Information Governance Group 23 January 2012 Firewall Management Policy 3
4 Table of Contents 1.0 INTRODUCTION Equality and Diversity OBJECTIVES SCOPE OF POLICY POLICY Firewall Change Procedures Firewall Security Physical Security Logical Security Firewall Monitoring Suspicious Activity Monitoring Log File Monitoring Security Monitoring Analysis Port Control ROLES AND RESPONSIBILITES ASSOCIATED DOCUMENTS AND REFERENCES TRAINING AND RESOURCES MONITORING AND AUDIT Recording and Monitoring of Equality & Diversity 9 APPENDIX 1 REQUEST FOR FIREWALL CHANGE 10 Firewall Management Policy 4
5 1.0 Introduction This document details the procedures undertaken during the operation of the Royal Liverpool & Broadgreen Hospitals NHS Trust Firewall and details the requirements involved in securing the Trust Network Facilities through the use of a firewall. 1.1 Equality and Diversity The Trust is committed to an environment that promotes equality and embraces diversity in its performance as an employer and service provider. It will adhere to legal and performance requirements and will mainstream equality and diversity principles through its policies, procedures and processes. This policy should be implemented with due regard to this commitment. To ensure that the implementation of this policy does not have an adverse impact in response to the requirements of the Race Relations (Amendment Act), the Disability Discrimination Act 2005, and the Equality Act 2006 this policy has been screened for relevance during the policy development process and a full impact assessment conducted where necessary prior to consultation. The Trust will take remedial action when necessary to address any unexpected or unwarranted disparities and monitor practice to ensure that this policy is fairly implemented. This policy and procedure can be made available in alternative formats on request including large print, Braille, moon, audio, and different languages. To arrange this please refer to the Trust translation and interpretation policy in the first instance. The Trust will endeavor to make reasonable adjustments to accommodate any employee/patient with particular equality and diversity requirements in implementing this policy and procedure. This may include accessibility of meeting/appointment venues, providing translation, arranging an interpreter to attend appointments/meetings, extending policy timeframes to enable translation to be undertaken, or assistance with formulating any written statements. 2.0 Objectives This Policy will document the procedures and mechanisms for requesting and applying changes to the firewall rule sets protecting the Trust on its Internet Gateway. Firewall Management Policy 5
6 3.0 Scope of Policy This policy covers the management of the Trust s firewall. In addition it will further define the security standards that the Trust Firewall must comply with in its operational role. 4.0 Policy 4.1 Firewall A system designed to prevent unauthorised access to or from a private network through protecting and controlling both internal and external connections. 4.2 Change Procedures Firewall changes have been deemed as business as usual (BAU) changes or standard agreed changes by the Change Advisory Board (CAB) and the following process must be followed: 1. Complete a Change Request Form (See Appendix 1) 2. Requested/required change must be assessed and approved by a senior member of the Network Team. This assessment will evaluate such areas as the potential impact upon other Network Devices and Network Services. 3. Change application must be either approved or rejected, providing justification for the change approval/rejection. 4. Change must be implemented at a time that will have the least impact upon normal Firewall/Network Operations. All of the change procedures must be fully documented and authorized and retained by the Network Team. When an emergency change is required, then the procedures set out in the Computer Emergency Response Team Policy must be followed. 4.3 Firewall Security The security of all the network devices may be addressed on two levels: the physical and the logical. These two aspects ensure that all devices are secure and that no unauthorised access is permitted. 4.4 Physical Security The Firewall physical device is located in a secure area of the Trust premises. This location is restricted through the use of secure key codes and swipe cards. These areas may only be accessed by a restricted number of authorised staff. Firewall Management Policy 6
7 The physical access to secure areas is operated in accordance with the Trusts Secure Area Access Policy. 4.5 Logical Security Access to the Trust Firewall is governed by password authentication. Only the Network Manager and the Network Engineer are permitted access to the Firewall. Any changes to the device must be performed by either of the Network or Network Engineer roles. No other member of staff is authorised or capable of accessing the Firewall. 4.6 Firewall Monitoring Regular monitoring of the Firewall will occur so that the device is functioning properly. It will also ensure that the Trust Network is being provided with the requisite protection as stipulated in NPFIT-FNT-TO- IG-GPG Suspicious Activity Monitoring The Firewall will be continually monitored for any suspicious activity occurring. This monitoring will enable the Network Manager to identify any potential threats arriving through the Firewall and enable a swift response to potential dangers. 4.8 Log File Monitoring Due to the nature and size of log files, it is accepted that regular monitoring is not always feasible. As such, monitoring of any Firewall logs will occur only under specific circumstances such as: An attempted intrusion Suspicious Inbound/Outbound activity On the request of the IT Management or Information Security Officer This list is not exhaustive. 4.9 Security Monitoring The Network Manager will perform regular auditing of the Firewall to ensure that the integrity of said devices has not been compromised. Examples of this auditing will take the form of: regularly auditing access to the devices to ensure that only authorised users have gained access monitoring the devices for any suspicious activity etc. This list is not exhaustive. Firewall Management Policy 7
8 4.10 Analysis Information gathered from the monitoring of the Firewall will be utilised to assess such areas as security. This will enable the Network Manager to efficiently assess the performance of the device and ensure that security is maintained Port Control The Firewall will provide access to the Trust Network only through a restricted number of Ports. Any Port that is not used to provide a connection will be disabled to prevent unauthorised access and ensure the Trust Network Security is maintained. 5.0 Roles and Responsibilities Operational responsibility rests with the Network Manager and the Network Engineer when the Network Manager is unavailable 6.0 Associated documents and references The International standards organisation IS is the code of practice for information security management soon to be adopted by the NHS. Section states that: actively controlling allowed source to destination communications via security gateways, e.g. firewalls 7.0 Training and resources The implementation of policies in this area will be carried out across the Trust by all involved staff and will be lead by the Information Assurance Manager at the Trust and the Information Security Manager at the HIS. Reference may be made to this policy during the Data Protection and Information Security Training. Managers will issue the policy to staff as portable device equipment is ordered and ensure they are kept updated at least annually. 8.0 Monitoring and audit The Information Governance Group is the Trust Committee with responsibility for the formulation of Information Governance Policies and approval of work programmes. This group has senior level representation from all appropriate areas to ensure the Trust steers this agenda appropriately. The Information Governance Toolkit (IGT) will be used by the Trust to conduct baseline audit and construct action plans for future compliance with this agenda. Firewall Management Policy 8
9 The Risk Manager will maintain a Trust corporate risk register which is populated on the Datix system and is the responsibility of all staff within the organisation. 8.1 Recording and Monitoring of Equality & Diversity The Trust understands the business case for equality and diversity and will make sure that this is translated into practice. Accordingly, all policies and procedures will be monitored to ensure their effectiveness. Monitoring information will be collated, analysed and published on an annual basis as part of our Single Equality and Human Rights scheme. The monitoring will cover all strands of equality legislation and will meet statutory employment duties under race, gender and disability. Where adverse impact is identified through the monitoring process the Trust will investigate and take corrective action to mitigate and prevent any negative impact. The information collected for monitoring and reporting purposes will be treated as confidential and it will not be used for any other purpose. Firewall Management Policy 9
10 Appendix 1 Request for Firewall Change This request form is for security purposes and must be completely filled in. The request will not be processed unless all fields are filled in. Section 1: For completion by the requesting organisation Requesting Organisation: Requestors Contact Details: Organisation Name Position Address Post Code Tel Number Requirement: External Host(s): Internal Host(s): IP Address(es): IP Address(es): Port Number(s): Application Protocol: TC P UD P Other (please state): Section 2: For Completion By Trust Network Manager Firewall Change Reference Number: Date Received: Action Taken: Authorised By: Designation: Firewall Management Policy 10
11 Firewall Management Policy 11
Trust Operational Policy. Information Security Department. Network Services Management Security Policy
Trust Operational Policy Information Security Department Network Services Management Security Policy Policy Reference: TIP/ISD/NSMSP Document Control Document Title Author/Contact Document Path & Filename
More informationInformatics Policy. Information Governance. Network Account and Password Management Policy
Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information
More informationTrust Informatics Policy. Information Governance. Information Governance Policy
Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference
More informationTrust Operational Policy. Information Security Department. Third Party Remote Access Policy
Trust Operational Policy Information Security Department Policy Reference: 3631 Document Control Document Title Author/Contact Document Reference 3631 Pauline Nordoff-Tate, Information Assurance Manager
More informationTrust Informatics Policy. Information Governance Department. Computer Antivirus Management Policy
Document Control Trust Informatics Policy Information Governance Department Computer Antivirus Management Policy Document Title Author/Contact Computer Antivirus Management Policy Pauline Nordoff-Tate,
More informationThe Informatics Policy Information Governance Process
Informatics Policy Information Governance Policy Ref: 3593 Policy Title Author/Contact Document Reference 3593 Pauline Nordoff-Tate, Information Assurance Manager Document Impact Assessed Yes/No Date:
More informationHow To Write A Code Of Conduct For A Trust
Healthcare Assistant, Clinical Support Worker and Assistant Practitioner Code of Conduct DOCUMENT CONTROL Policy Title Author/Contact Author has attended Equality and Diversity Impact Assessment Training
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationTrust Informatics Policy. Information Governance. Secure Transfer of Information Policy
Trust Informatics Policy Information Governance Policy Reference: 3628 Document Title Author/Contact Document Reference 3628 Document Control Pauline Nordoff-Tate, Information Assurance Manager Document
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationInformatics Policy. Information Governance. Email and Internet Use and Monitoring Policy
Informatics Policy Information Governance Document Control Document Title Author/Contact Document Reference 3539 Version 6 Pauline Nordoff-Tate, Information Assurance Manager Status Approved Publication
More informationInformation Governance Strategy
Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version
More informationInformation Governance Strategy 2015/16
Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationMOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY
MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat
More informationUSE OF PERSONAL MOBILE DEVICES POLICY
Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014
More informationRECORDS MANAGEMENT POLICY
RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal
More informationPolicy: Remote Working and Mobile Devices Policy
Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014
More informationInformation Governance Standards in Relation to Third Party Suppliers and Contractors
Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging
More informationSOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager
SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationGloucestershire Hospitals
Gloucestershire Hospitals NHS Foundation Trust TRUST POLICY In the case of hard copies of this policy the content can only be assured to be accurate on the date of issue marked on the document. The Policy
More informationINFORMATION GOVERNANCE POLICY
Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):
More informationTrust Informatics Policy. Information Governance. Information Assurance Policy
Trust Informatics Policy Information Governance (Combined DP, DP Communication, Information Security & Clear Desk Policies) Document Control Document Title Author/Contact Pauline Nordoff-Tate Document
More informationInformation Governance Strategy
Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching
More informationJOB DESCRIPTION. Information Governance Manager
JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure
More informationRemote Working and Portable Devices Policy
Remote Working and Portable Devices Policy Policy ID IG04 Version: V1 Date ratified by Governing Body 29/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review
More informationInformation Management Policy CCG Policy Reference: IG 2 v4.1
Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control
More informationInformation Governance Policy
Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath
More informationInformation Governance Policy
Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September
More informationNHS Business Services Authority Information Governance Policy
NHS Business Services Authority Information Governance Policy NHS Business Services Authority Corporate Secretariat NHSBSAIGM002 Issue Sheet Document reference NHSBSAIGM002 Document location F:\CEO\IGM\Info
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationInformation Governance Framework
Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationInformation Governance Policy
Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring
More informationIT change management policy
IT change management policy Document Description Document Type Guidance Service Application NHS Birmingham South Central CCG (BSC) Version 0.3 Ratification date 20 June, 2013 Review Date March 2014 Name
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationEquality and Diversity in Service Planning and Performance Management
Equality and Diversity in Service Planning and Performance Management Contents Using this guidance p. 1 The purpose of planning for equality and diversity p. 2 The process of service planning p. The service
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended
More informationCONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE
This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE Document Title: Contracts
More informationIS INFORMATION SECURITY POLICY
IS INFORMATION SECURITY POLICY Version: Version 1.0 Ratified by: Trust Executive Committee Approved by responsible committee(s) IS Business Continuity and Security Group Name/title of originator/policy
More informationInformation Incident Management and Reporting Procedures
` Information Incident Management and Reporting Procedures Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy may
More informationRecords Management Policy
Records Management Policy Document information Document type: Operational Policy Document title: Records Management Policy Document date: November 2014 Author: NHS South Commissioning Support Unit, Information
More informationAppendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY
Appendix 1c DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY DISTRIBUTION LIST Audit Team Prakash Gohil, Audit Manager Steven Snaith, Risk
More informationInformation Governance Framework
Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information
More informationPolicy Information Management
Policy Information Management Document Title: Policy Information Management Issue date: October 2013 Document Status: Approved IGC 23 Oct 2013 Review date: October 2014 Page 1 of 17 Document control Document
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety
More informationGEM CSU - IT Services Change Control Policy
Please note, once downloaded or printed, the document will be deemed as uncontrolled and its validity should be checked prior to use. This document is due for review by the date shown below. After this
More informationInformation Governance Policy
BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY
More informationRecords Management and Information Lifecycle Strategy
LINCOLNSHIRE PARTNERSHIP NHS FOUNDATION TRUST Records Management and Information Lifecycle Strategy DOCUMENT VERSION CONTROL Document Type and Title: Strategy New or Replacing: Revised/Updated Version
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationInformation Governance Policy
Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:
More informationInformation governance policy
Information governance policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSAIGM002a S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review IG Policy\Current
More informationInformation Governance Plan
Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet
More informationInformation Governance Policy
Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups
More informationInformation Governance Strategy
Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationData Quality Policy SH NCP 2. Version: 5. Summary:
SH NCP 2 Summary: Keywords (minimum of 5): (To assist policy search engine) Target Audience: The Trust provides a framework to ensure all data that is recorded by the Trust is accurate and complies to
More informationSALISBURY NHS FOUNDATIONTRUST
SALISBURY NHS FOUNDATIONTRUST PAPER SHC 1738 TITLE Information Governance Policy PURPOSE OF PAPER The Information Governance Policy was first approved in April 2005. It is currently due for review to ensure
More informationJOB DESCRIPTION. Corporate Governance Manager. 45 hours per week. Director of Compliance & Governance. London with national responsibilities
JOB DESCRIPTION POST: SALARY: HOURS: REPORTS TO: LOCATION: Corporate Governance Manager 40,000 per annum 45 hours per week Director of Compliance & Governance London with national responsibilities JOB
More informationBUSINESS CONTINUITY MANAGEMENT POLICY
BUSINESS CONTINUITY MANAGEMENT POLICY Version No: 1 Issue Status: awaiting Trust Board approval Date of Ratification: 11th April 2012 Ratified by: Risk Management Committee Policy Author(s): Stuart Coalwood
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy
More informationINFORMATION GOVERNANCE AND DATA PROTECTION POLICY
INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy
More informationInformation Governance Strategy
Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Strategy
NHS Waltham Forest Clinical Commissioning Group Governance Strategy Author: Zeb Alam, CCG IG Lead, (NELCSU) David Pearce, Head of Governance, WFCCG Version 3.0 Amendments to Version 2.1 Annual Review Reference
More informationD-CRIS Information Governance Assurance
D-CRIS Information Governance Assurance Date: 05 08 2013 Version: 1.0 Author: Murat Soncul Contents 1. Introduction... 3 2. CRIS Security Model... 3 3. SLaM Information Governance Framework... 4 4. Roles
More informationRemote Access and Mobile Working Policy. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.1. Approval. Review By June 2012
Remote Access and Mobile Working Policy Document Status Security Classification Version 1.1 Level 4 - PUBLIC Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More information<COMPANY> P01 - Information Security Policy
P01 - Information Security Policy Document Reference P01 - Information Security Policy Date 30th September 2014 Document Status Final Version 3.0 Revision History 1.0 09 November 2009: Initial release.
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance
More informationNHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing
More informationInformation Governance Framework and Strategy. November 2014
November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date
More informationVersion Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation
Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South
More informationINFORMATION GOVERNANCE
This document is uncontrolled once printed. Please refer to the Trusts Intranet site (Procedural Documents) for the most up to date version INFORMATION GOVERNANCE NGH-PO-233 Ratified By: Procedural Document
More informationThe Newcastle upon Tyne Hospitals NHS Foundation Trust. IT Change Management Policy and Process
The Newcastle upon Tyne Hospitals NHS Foundation Trust Version No.: 2.0 Effective From: 16 July 2015 Expiry Date: 16 July 2018 Date Ratified: 5 June 2015 Ratified By: Director of IT 1 Introduction IT Change
More informationGrievance and Disputes Policy and Procedure. Document Title. Date Issued/Approved: 10 August 2010. Date Valid From: 21 December 2015
POLICY UNDER REVIEW Please note that this policy is under review. It does, however, remain current Trust policy subject to any recent legislative changes, national policy instruction (NHS or Department
More informationInformation Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.
Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best
More informationJob Description. Line Management of a small team of staff administrating and managing patient and professional feedback and incidents.
Job Description Job Title Pay Band Base Dept./Team Responsible to Accountable to Responsible for Complaints, Incidents and Governance Manager New Alderley House, Macclesfield Eastern Cheshire Clinical
More informationRISK MANAGEMENT STRATEGY 2014-17
RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team
More informationCCG: IG06: Records Management Policy and Strategy
Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of
More informationULH-IM&T-ISP06. Information Governance Board
Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationPolicies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1
Policies for: Information Governance Information Quality Information Management Information Security Approved by: None this version Date approved: Name of originator/author: Ade Oduntan, Mike Hellier,
More informationData Breach Management Policy and Procedures for Education and Training Boards
Data Breach Management Policy and Procedures for Education and Training Boards POLICY on DATA BREACHES in SCHOOLS/COLLEGES and OTHER EDUCATION and ADMINISTRATIVE CENTRES UNDER the REMIT of TIPPERARY EDUCATION
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Policy
NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation
More informationInternet Security Good Practice Guide. August 2009
Internet Security Good Practice Guide August 2009 contents 1 Introduction to Good Practice Guides 3 2 Internet Security Overview 3 3 Internet Security Good Practice Guidelines 4 4 Appendix A: Definitions
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment
More information