INFORMATION RISK MANAGEMENT POLICY

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "INFORMATION RISK MANAGEMENT POLICY"

Transcription

1 INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible Executive Director of Business Assurance committee/individual: Date issued: 20 December 2012 Review date: November 2015 Target Audience It is the responsibility of all staff to adhere to the principles set out in this document.

2 CONTENTS SECTION PAGE NO 1. INTRODUCTION 3 2. PURPOSE 3 3. SCOPE 3 4. RESPONSIBILITIES, ACCOUNTABILITIES AND DUTIES 4 5. PROCEDURE/IMPLEMENTATION 5.1 Framework 5.2 Communication TRAINING IMPLICATIONS 7 7 MONITORING ARRANGEMENTS 8 8. EQUALITY IMPACT ASSESSMENT SCREENING 8.1 Privacy, Dignity and Respect 8.2 Mental Capacity Act LINKS TO ANY ASSOCIATED DOCUMENTS REFERENCES APPENDIX 1 - EXAMPLES OF INFORMATION ASSETS 11 Page 2 of 11

3 1. INTRODUCTION 1.1 This policy outlines how Rotherham Doncaster and South Humber NHS Foundation Trust will implement the NHS Risk Management Guidelines. These guidelines are based on NHS guidance materials and are compliant with the NHS adopted ISO/IEC27001 and ISO/IEC27002 information security management standards. 1.2 The Trust Board fully endorse the proposals to introduce and embed information Risk management into the key controls and approval process of all major processes and functions of the Trust. 1.3 The Trust Board confirm that information risk is inherent in all administrative and business activities and everyone working for or on behalf of the Trust continuously manages information risk. The Board also recognises that the aim of information risk management is not to eliminate risk, but to provide the structural means to identify prioritise and manage the risks involved in all Trust activities to an acceptable level. It requires a balance between the cost of managing and treating information risks with the anticipated benefits that will be derived. 1.4 The Trust Board acknowledges that information risk management is an essential element of broader information governance and is an integral part of good management practice. The intent is to embed information risk management in a very practical way into business processes and functions. This will be achieved through key approval and review processes/controls and not to impose risk management as an extra requirement. 2. PURPOSE 2.1 The purpose of the policy is to protect patient, staff and corporate information and ensure that it is held securely and used appropriately. 2.2 The following provides some examples of information risk. Loss of data held on portable data storage devices (e.g. laptops, memory sticks and Dictaphone (electronic and tapes) Incorrect use of passwords Incorrect use of smartcards Inappropriate access to personal information Insecure transfer of personal information 2.3 The above list is not exhaustive or comprehensive; if further advice is required please contact the Department. 3. SCOPE 3.1 This policy covers information held and processed by Rotherham Doncaster and South Humber NHS Foundation Trust. 3.2 The information and guidelines within this policy are important and apply to; All full-time and part-time employees of the organisation, and to non- Page 3 of 11

4 executive directors, contracted third parties (including agency staff), locums, students and trainees, secondees and other staff on temporary placements with the organisation, and staff of partner organisations with approved access; Other individuals and agencies who may gain access to data, such as volunteers, visiting professionals or researchers, and companies providing IT services to the organisation. All records in any format or medium: current, non-active, or archived; clinical or non clinical; held by, or under the control of, Rotherham Doncaster and South Humber NHS Foundation Trust. 4. RESPONSIBILITIES, ACCOUNTABILITIES AND DUTIES 4.1 The Chief Executive The Accounting Officer (Chief Executive) has overall responsibility for ensuring that information risks are assessed and mitigated to an acceptable level. risks should be handled in a similar manner to other major risks such as financial, legal and reputational risks. 4.2 The Senior Risk Owner (SIRO) The Trust s Senior Risk Owner (SIRO) is an executive who is responsible for coordinating the development and maintenance of information risk management policies, procedures and standards for the Trust. The SIRO is responsible for the ongoing development and day-to-day management of the Trust s Risk Management programme for information privacy and security. The SIRO chairs the Steering Group and is supported by the Caldicott Guardian, Manager, Officer, and Informatics Security Specialist. 4.3 Executive Directors and Strategic Business Unit Directors Executive Directors are responsible for the implementation of the standards of compliance specified in this policy within their areas of responsibility. 4.4 Steering Group The Steering Group is responsible for collating all identifiable information risks and maintaining the organisation s Risk Log. The Steering Group is responsible for communicating identified risks and their assessed impacts and suggested mitigation to the SIRO and the Risk Management Sub Group and the Performance and Assurance Group. 4.5 Organisational Learning Forum The Organisational Learning Forum is responsible for developing and managing a structured approach to active organisational learning, where lessons learned are embedded in the Trust s culture and practice. The Organisational Learning Forum includes membership from Page 4 of 11

5 and Records Management 4.6 The Caldicott Guardian The Trust s Medical Director is the Caldicott Guardian who plays a key role in ensuring that NHS and partner organisations satisfy the highest practical standards for handling patient information. Acting as the conscience of an organisation, the Guardian should also actively support work to facilitate and enable information sharing, advising on options for lawful and ethical processing of information as required. However, this post is advisory in nature, rather than accountable, as the SIRO is. 4.7 Informatics Security Specialist The Informatics Security Specialist shall work with the Asset Owners (IAO s) and Asset Administrators (IAAs) in order to achieve compliance with this policy and report to the Steering Group and SIRO as required. 4.8 Records Manager The Records Manager is responsible for records management within the Trust. The Records Manager plays a key role in providing advice and guidance on handling information and associated risks 4.9 Asset Owners Trust Asset Owners (IAO s) are senior individuals who shall ensure that all key information assets are identified and recorded on the Asset Register; and that information risk assessments are performed regularly on all information assets where they have been assigned ownership, following guidance from the SIRO and Manager on assessment method, format, content, and frequency. Risk assessments will include data flow analysis i.e. studying the flow of data to identify risks. IAO s shall submit the risk assessment results and associated mitigation plans to the SIRO for review, along with details of any assumptions or external dependencies. Mitigation plans shall include specific actions with expected completion dates, as well as an account of residual risks. IAOs will ensure that System Specific Security Policies are written and maintained for critical systems. IAOs may delegate responsibility for one or more information assets to Asset Administrators (IAAs) who will support the IAO in the activities set out in this document Asset Administrators The Asset Administrators (IAAs) are operational staff with day to day responsibility for managing risks to their information asset and shall work with the IAO and the Informatics Security Specialist to manage information risk to their asset Managers The Trust will ensure that Managers are responsible for making sure that: Staff are aware of their roles and responsibilities in relation to managing information risk Staff carry out their roles in accordance with this policy They identify the level of training required for each member of staff Page 5 of 11

6 Staff have time to carry out the appropriate level of training and have access to appropriate supervision and support 4.12 All Staff It is the responsibility of all staff to abide by the conditions detailed within this policy. Any staff member found to have breached this policy could face disciplinary action that may lead to dismissal. 5. PROCEDURE/IMPLEMENTATION 5.1 Framework Rotherham Doncaster and South Humber NHS Foundation Trust Board (Chief Executive / Accounting Officer) Performance & Assurance Group (1.Chaired by Chief Executive 2. SIRO member of group) Risk Management Sub Group Chaired by SIRO Business Intelligence Group, (BIG) SIRO is a member of BIG. (IG) Steering Group Chaired by SIRO Manager (Member of IG Steering Group) Asset Owners Senior Staff responsible for Asset Register Caldicott Guardian (Member of IG Steering Group) Informatics Security Specialist (Member of IG Steering Group) Asset Administrators Manage information risk on a daily basis 5.2 Communication This policy is to be made available to all personnel as listed above and will be made publicly available on the Trust s intranet. 5.3 Trust Asset Owners (IAO s) are senior individuals who shall ensure that all key information assets are identified and recorded on the Asset Register; and that information risk assessments are performed regularly on all information assets where they have been assigned ownership, following guidance from the SIRO and Manager on assessment method, format, content, and frequency. Risk assessments will include data flow analysis i.e. studying the flow of data to identify risks. IAO s shall submit the risk assessment results and associated Page 6 of 11

7 mitigation plans to the SIRO for review, along with details of any assumptions or external dependencies. Mitigation plans shall include specific actions with expected completion dates, as well as an account of residual risks. IAOs will ensure that System Specific Security Policies are written and maintained for critical systems. IAOs may delegate responsibility for one or more information assets to Asset Administrators (IAAs) who will support the IAO in the activities set out in this document. 5.4 The SIRO shall advise the Chief Executive and the Trust Board on information risk management strategies and provide periodic reports and briefing on program progress including an annual report for inclusion in the Statement on Internal Control (SIC). 5.5 All Serious Incidents relating to will be reported through the Strategic Electronic System (STEIS) and all incidents are reported to the Steering Group. 5.6 The output from risk assessments and lessons learned from SI reports will be used to create and maintain improvement plans. Incidents will be discussed at the Trust s Organisation Learning Forum. 6. TRAINING IMPLICATIONS 6.1 Training for this policy is part of the Trust s training needs analysis and is part of the mandatory risk management training policy. 6.2 All line managers are responsible for ensuring that all staff training with regards to is up to date and relevant to their staff. 6.3 Specific training requirements are outlined below:- INFORMATION RISK POLICY Staff groups requiring training Caldicott Guardian and supporting staff Senior Asset Owner and Asset Owners How often should this be undertaken Annually Annually Length of training It should take about 1 hour and there is a short assessment at the end. It should take about 1 hour and there is a short assessment at the end. Delivery method Via Connecting for Health Training Site. Via Connecting for Health Training Site. Training delivered by whom If you are IT competent and happy to work unassisted If you are IT competent and happy to work unassisted Where are the records of attendance held? Electronic Staff Record system (ESR) Electronic Staff Record system (ESR) Page 7 of 11

8 As a Trust policy, all staff need to be aware of the key points that the policy covers. Staff can be made aware through: Team Brief Weekly Newsletter Team meetings Local Induction The Training Needs Analysis (TNA) for this policy is required to be monitored for the NHS Litigation Authority. The TNA can be found in the Training Needs Analysis documentation which is part of the Mandatory Risk Management Training Policy in the Trust Extranet publications section. 7. MONITORING ARRANGEMENTS 7.1 The Steering Group will:- Area for Monitoring How Who by Reported to Frequency Risk Policy Reviewed following publication of Toolkit or to implement any changes in legislation Manager Steering Group Annually Incidents Review incidents for trends or patterns and impacts on controls in place Manager Steering Group Quarterly 8. EQUALITY IMPACT ASSESSMENT SCREENING - The completed Equality Impact Assessment for this Policy has been published on the Equality and Diversity webpage of the RDaSH website click here 8.1 Privacy, Dignity and Respect The NHS Constitution states that all patients should feel that their privacy and dignity are respected while they are in hospital. High Quality Care for All (2008), Lord Darzi s review of the NHS, identifies the need to organise care around the individual, not just clinically but in terms of dignity and respect. Indicate how this will be met As a consequence the Trust is required to articulate its intent to deliver care with privacy and dignity that treats all service users with respect. Therefore, all procedural documents will be considered, if relevant, to reflect the requirement to treat everyone Page 8 of 11

9 with privacy, dignity and respect, (when appropriate this should also include how same sex accommodation is provided). 8.2 Mental Capacity Act Central to any aspect of care delivered to adults and young people aged 16 years or over will be the consideration of the individuals capacity to participate in the decision making process. Consequently, no intervention should be carried out without either the individuals informed consent, or the powers included in a legal framework, or by order of the Court Indicate How This Will Be Achieved. All individuals involved in the implementation of this policy should do so in accordance with the Guiding Principles of the Mental Capacity Act (Section 1) Therefore, the Trust is required to make sure that all staff working with individuals who use our service are familiar with the provisions within the Mental Capacity Act. For this reason all procedural documents will be considered, if relevant to reflect the provisions of the Mental Capacity Act 2005 to ensure that the interests of an individual whose capacity is in question can continue to make as many decisions for themselves as possible. 9. LINKS TO ANY ASSOCIATED DOCUMENTS Strategy Policy Data Protection Policy Lifecycle and Records Management Policy Informatics Security Policy Policy for the Secure Storage and Transfer of Person Identifiable Data Laptop and Mobile Working Policy Policy for the Investigation of Untoward and Serious Untoward Incidents Trust Risk Management Framework 10 REFERENCES The Data Protection Act (1998) The Freedom of Act (2000) Environmental Regulations (2004) European Directive 2003/4/EC Access to Health Records Act (1990) Human Rights Act (1998) European Directive 95/46C (Data Protection Directive) Crime and Disorder Act (1998) Criminal Procedures and Investigations Act (1996) Regulatory and Investigatory Powers Act (2000) ICO Framework Code of Practice for Sharing Personal Page 9 of 11

10 (2007) Children Act (2004) Working together to Safeguard Children (2006) NHS Act (2006) Multi-Agency Public Protection Arrangements (MAPPA) Mental Capacity Act 2005 and Code of Practice (2007) Sharing Guidance for Practitioners and Managers (2008) Confidentiality NHS Code of Practice (2003) Confidentiality Guidance for Doctors (GMC 2009) Confidentiality and Disclosure of Health Toolkit (BMA 2008) The NMC Code of Professional Conduct: Standards for Conduct, Performance and Ethics (NMC 2004) No Secrets: Guidance on developing and implementing multiagency policies and procedures to protect vulnerable adults from abuse. Data Protection and Sharing Guidance for Emergency Planners and Responders (HMG 2007) Data Sharing Review Report (Thomas and Walport 2008) Health and Social Care Act (2001) Caldicott Guidance (2010) Computer Misuse Act 1990 Department of Health, Records Management: NHS Code of Practice (2006) NHS Connecting for Health NHS, Guidance on Legal and Professional Obligations (Department of Health, 2007) Page 10 of 11

11 APPENDIX 1 - EXAMPLES OF INFORMATION ASSETS Personal Content Databases and data files Back-up and archive data Audit data Paper records (patient case notes/staff records) Paper reports Software Applications and System Software Data encryption utilities Development and Maintenance tools Other Content Databases and data files Back-up and archive data Audit data Paper records and reports Hardware Computing hardware including PCs, Laptops, communications devices e.g. blackberry and removable media System/Process Documentation System information and documentation Operations and support procedures Manuals and training materials Contracts and agreements Business continuity plans Miscellaneous Environmental services e.g. power and air-conditioning People skills and experience Shared service including Networks and Printers Computer rooms and equipment Page 11 of 11

Data Quality Policy. DOCUMENT CONTROL: Version: 4.0

Data Quality Policy. DOCUMENT CONTROL: Version: 4.0 Data Quality Policy DOCUMENT CONTROL: Version: 4.0 Ratified By: Risk Management Sub Group Date Ratified 27 August 2013 Name of Originator/Author: Head of Information Services Name of Responsible Risk Management

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

Scanning of Physical Documentation Policy

Scanning of Physical Documentation Policy Scanning of Physical Documentation Policy DOCUMENT CONTROL: Version: 1 Ratified by: Risk Management Sub Group Date ratified: 17 February 2016 Name of originator/author: Records Manager Name of responsible

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

Financial Procedures

Financial Procedures Financial Procedures LOSSES AND SPECIAL PAYMENTS PROCEDURE DOCUMENT CONTROL: Version: 3 Ratified by: Finance Infrastructure and Business Development Group Date ratified: 22 August 2013 Name of originator/author:

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

Information Governance Framework and Strategy. November 2014

Information Governance Framework and Strategy. November 2014 November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

Standard Operating Procedure for the Management of Information Governance Serious Incidents Requiring Investigation (IG SIRI)

Standard Operating Procedure for the Management of Information Governance Serious Incidents Requiring Investigation (IG SIRI) Standard Operating Procedure for the Management of Information Governance Serious Incidents Requiring Investigation (IG SIRI) DOCUMENT CONTROL: Version: V1 Ratified by: Risk Management Sub Group Date ratified:

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

Information Governance Strategy. Version No 2.1

Information Governance Strategy. Version No 2.1 Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

Information Governance Policy

Information Governance Policy BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

POLICY FOR THE RECEIPT OF DONATIONS TO CHARITABLE FUNDS

POLICY FOR THE RECEIPT OF DONATIONS TO CHARITABLE FUNDS POLICY FOR THE RECEIPT OF DONATIONS TO CHARITABLE FUNDS DOCUMENT CONTROL: Version: 3 Ratified by: Finance, Infrastructure and Business Development Group Date ratified: 18 October 2012 Name of originator/author:

More information

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Policy: D9 Data Quality Policy

Policy: D9 Data Quality Policy Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

Trust Informatics Policy. Information Governance. Information Governance Policy

Trust Informatics Policy. Information Governance. Information Governance Policy Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference

More information

POLICY RELATING TO EMPLOYEE USAGE OF SOCIAL MEDIA

POLICY RELATING TO EMPLOYEE USAGE OF SOCIAL MEDIA POLICY RELATING TO EMPLOYEE USAGE OF SOCIAL MEDIA DOCUMENT CONTROL: Version: 1 Ratified by: Human Resources and Organisational Development Group Date ratified: 02 February 2012 Name of originator/author:

More information

Information Governance Framework

Information Governance Framework Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March

More information

Policy Checklist. Head of Information Governance

Policy Checklist. Head of Information Governance Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust

More information

Information Governance and Data Protection Policy

Information Governance and Data Protection Policy Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

Courier Policy. 1 P age

Courier Policy. 1 P age Courier Policy UNIQUE REF NUMBER: AC/IG/009/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY VERSION DATE AMENDMENT

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

Information Security Policy

Information Security Policy Information Security Policy Reference No: Version: 5 Ratified by: CG007 Date ratified: 26 July 2010 Name of originator/author: Name of responsible committee/individual: Date approved by relevant Committee:

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

Information Security Policy

Information Security Policy Information Security Policy v2.0 Target Audience: Policy Endorsed by: ESCC Staff, members and other agencies handling ESCC information Governance Committee Final V2.0 Page 1 of 13 Information Security

More information

Information Security and Governance Policy

Information Security and Governance Policy Information Security and Governance Policy Version: 1.0 Ratified by: Information Governance Group Date ratified: 19 th October 2012 Name of organisation / author: Derek Wilkinson Name of responsible Information

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and

More information

Information Governance Training Plan v13

Information Governance Training Plan v13 Information Governance Training Plan To meet requirements of IGT v13 Lincolnshire East Clinical Commissioning Group Page 1 of 17 Contents Introduction Page 3 Training Provision Page 4 Staff Induction Awareness

More information

Information Security Policy

Information Security Policy Information Security Policy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

POLICY. Use of Text Messages (SMS) to Communicate With Patients

POLICY. Use of Text Messages (SMS) to Communicate With Patients POLICY Use of Text Messages (SMS) to Communicate With Patients DOCUMENT CONTROL: Version: 1 Ratified by: Risk Management Sub Group Date ratified: 30 April 2014 Name of originator/author: Information Governance

More information

RISK MANAGEMENT STRATEGY 2014-17

RISK MANAGEMENT STRATEGY 2014-17 RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat

More information

Information Security Policy

Information Security Policy Information Security Policy JUNE 2014 Author Responsibility Lynda Harris, Head of Information Governance, Central Eastern CSU, Bedfordshire and Luton All staff Effective Date June 2014 Review Date June

More information

This Policy supersedes the following Policy, which must now be destroyed :

This Policy supersedes the following Policy, which must now be destroyed : Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Removable Media: Data Encryption Policy NTW(O)30 Lisa Quinn Executive Director of Performance and Assurance Sue

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

NHS Information Risk Management

NHS Information Risk Management NHS Information Risk Management Digital Information Policy NHS Connecting for Health January 2009 Contents Introduction Roles and Responsibilities Information Assets Information Risk Policies Links with

More information

REQUSITIONING, ORDERING AND RECEIPT OF GOODS PROCEDURE

REQUSITIONING, ORDERING AND RECEIPT OF GOODS PROCEDURE REQUSITIONING, ORDERING AND RECEIPT OF GOODS PROCEDURE DOCUMENT CONTROL: Version: 3 Ratified by: Finance Infrastructure and Business Development Group Date ratified: 23 May 2013 Name of originator/author:

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

Improving the Emotional Wellbeing of Children in Care. Policy and Guidance on the Strengths and Difficulties Questionnaire for Looked After Children.

Improving the Emotional Wellbeing of Children in Care. Policy and Guidance on the Strengths and Difficulties Questionnaire for Looked After Children. Improving the Emotional Wellbeing of Children in Care Policy and Guidance on the Strengths and Difficulties Questionnaire for Looked After Children. DOCUMENT CONTROL: Version: 1 Ratified by: Clinical Assurance

More information

CORE SKILLS FRAMEWORK INFORMATION GOVERNANCE LESSON NOTES AND TIPS FOR A SUGGESTED APPROACH

CORE SKILLS FRAMEWORK INFORMATION GOVERNANCE LESSON NOTES AND TIPS FOR A SUGGESTED APPROACH CORE SKILLS FRAMEWORK INFORMATION GOVERNANCE LESSON NOTES AND TIPS FOR A SUGGESTED APPROACH These notes are designed to be used in conjunction with the core training PowerPoint slides. The purpose of the

More information

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1 Policies for: Information Governance Information Quality Information Management Information Security Approved by: None this version Date approved: Name of originator/author: Ade Oduntan, Mike Hellier,

More information

Information Governance Toolkit Assessment 2009/10

Information Governance Toolkit Assessment 2009/10 Information Governance Toolkit Assessment 2009/10 Document Reference: Version: Ratified by: Date ratified: Name of originator/author: Name of responsible committee/individual: Document owner: Document

More information

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment

More information

DATA ENCRYPTION POLICY

DATA ENCRYPTION POLICY DATA ENCRYPTION POLICY Contents 1. Introduction...4 2. Purpose...4 3. Audience...4 4. Responsibilities/Duties...4 4.1 Individual Staff Responsibilities...4 4.2 Accountable Officer...5 4.3 Director of Strategy

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

Information governance strategy 2014-16

Information governance strategy 2014-16 Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope

More information

Bulk Data Transfer Guidelines

Bulk Data Transfer Guidelines Bulk Data Transfer Guidelines This procedural document supersedes: CORP/ICT 20 v.1 Bulk Data Transfer. Did you print this document yourself? The Trust discourages the retention of hard copies of policies

More information

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff. Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

INFORMATION ASSURANCE DOCUMENTED PLAN

INFORMATION ASSURANCE DOCUMENTED PLAN NHS South West Lincolnshire Clinical Commissioning Group (CCG) INFORMATION ASSURANCE DOCUMENTED PLAN Document History: Document Reference: Document Purpose: IG18 To provide guidance to all CCG staff about

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

Date: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR:

Date: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR: TRUST BOARD IN PUBLIC Date: 30 th May 2013 Agenda Item: 5.5 REPORT TITLE: Information Governance Annual Report EXECUTIVE SPONSOR: Ian Mackenzie Director of Information and Estates REPORT AUTHOR: Sarah

More information

Information Management Policy CCG Policy Reference: IG 2 v4.1

Information Management Policy CCG Policy Reference: IG 2 v4.1 Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control

More information

POLICY FOR PERSONAL PROTECTIVE EQUIPMENT (PPE)

POLICY FOR PERSONAL PROTECTIVE EQUIPMENT (PPE) POLICY FOR PERSONAL PROTECTIVE EQUIPMENT (PPE) Version: 4 Ratified by: DOCUMENT CONTROL Risk Management Sub Group Date Ratified: 23 October 2013 Name of originator / author: Name of responsible committee/individual:

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information

Information Governance Strategy

Information Governance Strategy Policy No: IG01 Version: 3.0 Name of Policy: Information Governance Strategy Effective From: 02/06/2015 Date Ratified 06/05/2015 Ratified Health Informatics Assurance Group (HIAG) Review Date 01/05/2017

More information

INFORMATION ASSURANCE DOCUMENTED PLAN

INFORMATION ASSURANCE DOCUMENTED PLAN INFORMATION ASSURANCE DOCUMENTED PLAN Document Reference: Document Purpose: IG20 Date Approved: Approving Committee: To provide guidance to all CCG staff about the CCG s documented plan for Information

More information