Information Governance Toolkit Assessment 2009/10

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Information Governance Toolkit Assessment 2009/10"

Transcription

1 Information Governance Toolkit Assessment 2009/10 Document Reference: Version: Ratified by: Date ratified: Name of originator/author: Name of responsible committee/individual: Document owner: Document Profile Box Final Trust Board Rahima Hoque Information Governance Manager Information Governance Working Group Colin Cessford Director of Strategy and Business Development

2 TABLE OF CONTENTS PAGE 1. EXECUTIVE SUMMARY 1 2. ACTIONS REQUESTED 1 3. INFORMATION GOVERNANCE ASSESSMENT SCORES 1 4. CURRENT POSITION 2 5. ACTION PLAN 3 6. INFORMATION GOVERNANCE TOOLKIT V8 4 APPENDIX A FINAL SUBMISSION FOR INFORMATION GOVERNANCE TOOLKIT VERSION 7 5

3 1. Executive Summary 1.1. The Information Governance Toolkit (IGT) report is based on the scores achieved in the fiscal year 2009/10 and the scores have been submitted to Connecting for Health for validation. The attainment levels are shown alongside the 2008/09 score for comparison In this fiscal year 2009/10 the IGT results scored an overall 68% whilst in 2008/09 the overall score was 65%. The Trust has an amber status of achievement The final assessment has been approved via the IGWG and each of the initiative leads with recommendation for sign-off by the Trust Board Sunderland Internal Audit Services have concluded that there is significant assurance that there is a generally sound system of internal control designed to meet the organisation s objectives and that controls are generally being applied consistently. 5 IGT requirements were audited. 2. Actions Requested 2.1. The NEAS Board is asked to approve the IGT assessment scores and the action plan for 2010/ Information Governance Assessment s 3.1. The table below shows the comparative scores over the last 4 years. The IGT scores are based on RAG principles: RED AMBER GREEN. Initiative 2006/07 Version /08 Version /09 Version /10 Version 7 Clinical Information Assurance 33% 41% 50% 58% Confidentiality and Data Protection Assurance 62% 79% 87% 75% Corporate Information Assurance 41% 75% 50% 75% Information Governance Management 74% 69% 71% 71% Information Security Assurance 40% 50% 57% 62% Overall 54% 62% 65% 68% Red 0 39% Amber 40 69% Green % Page - 1 -

4 3.2. The individual initiative in the area of Confidentiality and Data Protection has gone down from 87% to 75%. Clinical Information Assurance and Information Security Assurance have risen slightly 50% - 58% and 57% - 62% respectively. There has been a significant increase in Corporate Information Assurance from 50% to 75%. Information Governance Management has maintained the same scores as last year The IGT is also linked to the various assessments which are required to be submitted by the Trust including: Care Quality Commission Core Standards Auditor s Local Evaluation NHSLA assessments 4. Current Position 4.1. The table below shows the number of requirements at each level against each of the 5 initiative areas. Initiative / Level Total Information Governance Management Confidentiality and Data Protection Assurance Information Security Assurance Clinical Information Assurance Corporate Information Assurance Total The Informatics Planning Guidance 2010/11 states that level 2 performance must be achieved against all requirements by 31 March Page - 2 -

5 5. Action Plan The key areas of work for the IGWG for the forthcoming year are: 5.1. Information Governance Management Requirement How would you assess your AMT's ability to access expertise across the Information Quality and Records Management Agenda? Information Quality and Records Management arrangements need to be coordinated by the lead manager/officers but incorporated within broader IG arrangements. The IGWG needs to receive routine reports from the Information Quality and Records Management Functions and sign off the appropriate components of the IG assessment before its submission to the Board Requirement Does the AMT have up to date and tested business continuity plans for all critical infrastructure components and core information systems? The SIRO (Senior Information Risk Owner) and IAOs (Information Asset Owners) should ensure ongoing review and testing of Trust business continuity plans for relevance and effectiveness. Training should be provided to all affected staff to ensure that awareness of these plans and competency in the event of their execution can be assured Requirement 108: Has the AMT implemented its Information Governance management arrangements to ensure the NHS CFH Statement of Compliance (SoC) is satisfied? The Trust should implement an independent audit and assurance programme to ensure that it continues to be able to comply with the requirements of its current Statement of Compliance 5.2. Confidentiality and Data Protection Assurance Requirement 210: Does the AMT ensure that all new processes, software and hardware, comply with confidentiality and data protection requirements? The AMT should monitor compliance with the guidance by reviewing any new processes that have been introduced. The approval process must be regularly reviewed to ensure that it continues to be followed Information Security Assurance Requirement 311: Does the AMT ensure that its information systems are capable of the rapid detection, isolation and removal of malicious code and unauthorised mobile code? The AMT SIRO and IAOs should routinely review all existing Information Assets to ensure that appropriate controls are in place, are up to date and are operating according to the agreed specification. Alerts should be proactively monitored and investigated, and IAOs should continually review implemented controls and procedures in order to provide effective protection of their information assets. Any instances of implemented anti-virus software being tampered with, switched off or bypassed must be considered a serious security incident and be investigated accordingly with appropriate actions taken. Page - 3 -

6 Requirement 312: Does the AMT have in place appropriate procedures for ensuring that the development and introduction of any new Information Systems, or other relevant Information Assets of the AMT are conducted in a secure and structured manner? This requirement includes the development and maintenance of appropriate IG accreditation documentation. The SIRO and IAOs should ensure that all Trust Information Assets implementations follow the agreed project management process. This should ensure that security requirements are well defined, selected, and that information security risks and issues are identified early and addressed routinely within the Trust s Information Asset lifecycle process. Robust change control processes should be applied Requirement 314: Does the AMT have appropriate procedures for ensuring that mobile computing and teleworking are conducted in a secure manner? The AMT should ensure all relevant staff are effectively informed of the procedures and guidelines and have received appropriate instruction in the use of remote access solutions. The AMT must also ensure that mobile devices and removable media contain adequate information security capability, including reliable data encryption where patient, personal or otherwise confidential information is to be processed Clinical Information Assurance Requirement 401: Does the AMT have a strategy to ensure the correct NHS Number is recorded for each active patient and ensure that it is used routinely in clinical communications? The AMT must be able to demonstrate commitment to improving NHS number retrieval to achieve the IQAP standard of 100% coverage for active patient records in the MPI. The AMT must ensure that the NHS number is routinely used in all clinical communications Requirement 408: Does the AMT have procedures in place to ensure that when new services are provided, or where changes within the system are made, that these do not adversely impact on information quality? Compliance with the procedures should be monitored and enforced and any evidence that the procedures have not been followed should be followed up. 6. Information Governance Toolkit V The 2009/10 submission is based on V7 of the toolkit. Version 8 is due to be released in June 2010 which will now require evidence upload to the site as opposed to a tick box exercise. It is anticipated that there will be a reduction in the IGT scores for 2010/11 submission as much of the level 3 criteria has been mapped to level 2 which is the cause in the drop in scores. Page - 4 -

7 Appendix A Final submission for Information Governance Toolkit Version 7 No. Standard 08/09 09/ Does the AMT have adequate governance in place to support the current and evolving Information Governance agenda? How would you assess your AMT's ability to access expertise across the Confidentiality & Data Protection Assurance agenda? How would you assess your AMT's ability to access expertise across the Information Security agenda? 104 How would you assess your AMT's ability to access expertise across the Information Quality and Records Management Agenda? Does the AMT have in place comprehensive IG Policy and associated Strategy and Improvement Plans all signed off by the Board? Does the AMT have up to date and tested business continuity plans for all critical infrastructure components and core information systems? Does the AMT have a comprehensive Board endorsed Information Lifecycle Management Policy and Strategy / implementation plan? Has the AMT implemented its Information Governance management arrangements to ensure the NHS CFH Statement of Compliance (SoC) is satisfied? Does the AMT ensure that staff and those working on behalf of the AMT comply with the terms and conditions set out on the RA01 form? Does the AMT ensure that it has formal contractual arrangements that include compliance with information governance requirements, with all contractors and support organisations? Does the AMT ensure that all individuals carrying out work on behalf of the AMT have employment contracts which require compliance with information governance standards? Does the AMT's staff induction procedures effectively raise the awareness of Information Governance? Does the AMT assess staff training needs and ensure job/role specific information governance training is provided to all staff? 3 2 Page - 5 -

8 No Standard Does the AMT ensure that its registration authority (RA) managers, agents and sponsors have sufficient knowledge and skills (including latest software, operational process guidance and its integration into AMT policies and procedures) to discharge its RA responsibilities? Does the AMT have a Board level Senior Information Risk Owner (SIRO) who takes ownership of the AMT s information risk policy, acts as advocate for information risk on the board and provides written advice to the accounting officer on the content of their Statement of Internal Control in regard to information risk? Does the AMT have a confidentiality code of conduct that provides staff with clear guidance on the disclosure of patient personal information? Does the AMT ensure that patients are generally asked before their personal information is used in ways that do not directly contribute to, or support the delivery of, their care and that patients' decisions to restrict the disclosure of their personal information are appropriately respected? Does the AMT ensure that patients are informed about the proposed uses of their personal information and the importance of providing accurate information to NHS staff? Does the AMT have effective procedures for ensuring that detailed questions, raised by patients about how their information may be used, can be answered? 08/09 09/ Does the AMT have appropriate procedures for recognising and responding to patient requests for access to their health records? Has the AMT established appropriate confidentiality audit procedures to monitor access to confidential patient information? 208 Has the AMT mapped all flows of person identifiable information, assessed risks in line with Department of Health guidelines and put in place safe haven procedures for all routine flows of person identifiable information to the organisation? Does the AMT ensure that all new processes, software and hardware, comply with confidentiality and data protection requirements? Does the AMT have a formal information security risk assessment and management programme that is adequately documented, implemented and regularly reviewed? Does the AMT have documented and accessible information security event reporting and management procedures in place that are explained to all staff? Has the AMT established business processes that ensure all staff smartcards and access profiles issued are appropriate and satisfy their obligations as Registration Authorities? Page - 6 -

9 No. 305 Standard Does the AMT ensure that operating and application information systems under its control support appropriate access control functionality? 08/09 09/ Are there defined, documented and agreed access rights for all users of AMT based information systems and services? 307 Has the AMT established a register of all its major information assets and assigned responsibility or ownership for each? 308 Does the AMT ensure that digital information shared with other organisations is secured in transit? Does the AMT have adequate procedures in place to ensure the availability of information assets, data processing facilities, communications services and data? Does the AMT have procedures in place to prevent information processing being interrupted or disrupted through equipment failure, environmental hazard or human error? Does the AMT ensure that its information systems are capable of the rapid detection, isolation and removal of malicious code and unauthorised mobile code? Does the AMT have in place appropriate procedures for ensuring that the development and introduction of any new Information Systems, or other relevant Information Assets of the AMT are conducted in a secure and structured manner? This requirement includes the development and maintenance of appropriate IG accreditation documentation. Does the AMT have appropriate procedures in place to ensure that communication networks under the AMT's control operate in a secure manner? Does the AMT have appropriate procedures for ensuring that mobile computing and teleworking are conducted in a secure manner? Does the AMT satisfy its security management requirements to protect the Airwave communications service? Does the AMT ensure that Registration Authority equipment (hardware and software) and consumables meet current specifications, is adequately maintained and securely stored? Does the AMT have a strategy to ensure the correct NHS Number is recorded for each active patient and ensure that it is used routinely in clinical communications? Does the AMT have an organisation-wide, multi-professional audit of clinical record keeping standards, including accuracy, for all professional groups in all specialities? Page

10 No. Standard 08/09 09/ Does the AMT have robust procedures and processes for monitoring all data collection activities across the AMT? Does the AMT have procedures in place to ensure that when new services are provided, or where changes within the system are made, that these do not adversely impact on information quality? Does the AMT have documented and implemented procedures for the creation and filing of electronic corporate records to enable efficient retrieval and effective records management? Does the AMT have documented and implemented procedures for the creation, filing and tracking/tracing of paper corporate records to enable efficient retrieval and effective records management? Does the AMT have publicly available, documented and implemented procedures to ensure compliance with the Freedom of Information Act 2000? Has the AMT carried out an inventory of its corporate records and information as part of the information lifecycle management strategy? 1 2 Page - 8 -

Information Governance Toolkit Report 2013/14

Information Governance Toolkit Report 2013/14 TAUNTON AND SOMERSET NHS FOUNDATION TRUST Information Governance Toolkit Report 2013/14 Report to: Trust Board on: 28 May 2014 Purpose of the Report: This report is presented to the Trust Board for information

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

Trust Board Meeting: Wednesday 12 November 2014 TB

Trust Board Meeting: Wednesday 12 November 2014 TB Trust Board Meeting: Wednesday 12 November 2014 Title Update on Information Governance: Mid-Year Selfassessment against Information Governance Toolkit Status History For discussion Bi-annual Update Board

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance

More information

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head

More information

Further to reports to EAG in February and March 2014, the purpose of this report is to;

Further to reports to EAG in February and March 2014, the purpose of this report is to; Report to: Trust Board of Directors Date of Meeting: 29 May 2014 Report Title: Annual Information Governance Report 13/14 Status: Mark relevant box with X Prepared by: Executive Sponsor (presenting): Appendices

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

Information Security Policy

Information Security Policy Information Security Policy Reference No: Version: 5 Ratified by: CG007 Date ratified: 26 July 2010 Name of originator/author: Name of responsible committee/individual: Date approved by relevant Committee:

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

Policy: D9 Data Quality Policy

Policy: D9 Data Quality Policy Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of

More information

INFORMATION RISK MANAGEMENT POLICY

INFORMATION RISK MANAGEMENT POLICY INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

UCL Information Governance Framework Trevor Peacock UCL School of Life and Medical Sciences

UCL Information Governance Framework Trevor Peacock UCL School of Life and Medical Sciences UCL Information Governance Framework Trevor Peacock UCL School of Life and Medical Sciences NHS-HE Forum, 28 th November 2013 UCL IG Framework Where we ve got to The IG Framework Services to support the

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE

More information

Information Governance Strategy. Version No 2.1

Information Governance Strategy. Version No 2.1 Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

South East Coast Ambulance Service NHS Trust. Information Governance Working Group. Terms of Reference

South East Coast Ambulance Service NHS Trust. Information Governance Working Group. Terms of Reference South East Coast Ambulance Service NHS Trust Information Governance Working Group Terms of Reference 1. Constitution 1.1. The Board hereby resolves to establish a Working Group of the Risk Management &

More information

Information Security Assurance Plan 2015/16

Information Security Assurance Plan 2015/16 Information Security Assurance Plan 2015/16 Policy number: N/A Version 2.0 Approved by Name of author/originator Owner (Exec Director) Date of approval August 2015 Date of last review July 2015 Next due

More information

Information Governance Framework

Information Governance Framework Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:

More information

Information Governance Standards in Relation to Third Party Suppliers and Contractors

Information Governance Standards in Relation to Third Party Suppliers and Contractors Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging

More information

Standard Operating Procedure for the Management of Information Governance Serious Incidents Requiring Investigation (IG SIRI)

Standard Operating Procedure for the Management of Information Governance Serious Incidents Requiring Investigation (IG SIRI) Standard Operating Procedure for the Management of Information Governance Serious Incidents Requiring Investigation (IG SIRI) DOCUMENT CONTROL: Version: V1 Ratified by: Risk Management Sub Group Date ratified:

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Introduction to the NHS Information Governance Requirements

Introduction to the NHS Information Governance Requirements Introduction to the NHS Information Governance Requirements 2 Version April 2014 Information Governance ensures necessary safeguards for, and appropriate use of, patient and personal information. The widely

More information

Information Governance Framework and Strategy. November 2014

Information Governance Framework and Strategy. November 2014 November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

Job Description. Information Governance & Health Records Manager

Job Description. Information Governance & Health Records Manager Job Description POST: GRADE: RESPONSIBLE TO: ACCOUNTABLE TO: Information Governance Facilitator A4C Band 3 0.93 WTE 35 Hours per week Information Governance & Health Records Manager Head of Information

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

Date: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR:

Date: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR: TRUST BOARD IN PUBLIC Date: 30 th May 2013 Agenda Item: 5.5 REPORT TITLE: Information Governance Annual Report EXECUTIVE SPONSOR: Ian Mackenzie Director of Information and Estates REPORT AUTHOR: Sarah

More information

INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT

INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT Prepared By: Alistair Stewart Responsible Person: Endorsed by: Information Governance Committee Date: May 2008 Review: June 2009 Issue Number Draft

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

INFORMATION GOVERNANCE STRATEGY NO.CG02

INFORMATION GOVERNANCE STRATEGY NO.CG02 INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.

More information

N3 Protecting the Network through Information Governance and Assurance

N3 Protecting the Network through Information Governance and Assurance N3 Protecting the Network through Information Governance and Assurance NHS CFH Operational Security Team cfh.ost@nhs.net Introductions The NHS CFH Operational Security Team: Tony Hodgson Operational Security

More information

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

Information Governance and Data Protection Policy

Information Governance and Data Protection Policy Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

Central London Community Healthcare NHS Trust. Data protection audit report

Central London Community Healthcare NHS Trust. Data protection audit report Central London Community Healthcare NHS Trust Data protection audit report Executive Summary July 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with

More information

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose... IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This

More information

Information Security Policy

Information Security Policy Information Security Policy JUNE 2014 Author Responsibility Lynda Harris, Head of Information Governance, Central Eastern CSU, Bedfordshire and Luton All staff Effective Date June 2014 Review Date June

More information

Information Governance Policy

Information Governance Policy BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY

More information

Surrey & Sussex Healthcare NHS Trust

Surrey & Sussex Healthcare NHS Trust Surrey & Sussex Healthcare NHS Trust An Organisation-wide Policy for Information Governance (IG) Version 1.3 Status Ratified Date Ratified March 2008 Name of Owner Name of Sponsor Group Name of Ratifying

More information

An Approach to Records Management Audit

An Approach to Records Management Audit An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

D-CRIS Information Governance Assurance

D-CRIS Information Governance Assurance D-CRIS Information Governance Assurance Date: 05 08 2013 Version: 1.0 Author: Murat Soncul Contents 1. Introduction... 3 2. CRIS Security Model... 3 3. SLaM Information Governance Framework... 4 4. Roles

More information

Information Governance Training Plan v13

Information Governance Training Plan v13 Information Governance Training Plan To meet requirements of IGT v13 Lincolnshire East Clinical Commissioning Group Page 1 of 17 Contents Introduction Page 3 Training Provision Page 4 Staff Induction Awareness

More information

Information Governance Toolkit Policy

Information Governance Toolkit Policy Information Governance Toolkit Policy UNIQUE REF NUMBER: AC/IG/014/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

NHS Information Risk Management

NHS Information Risk Management NHS Information Risk Management Digital Information Policy NHS Connecting for Health January 2009 Contents Introduction Roles and Responsibilities Information Assets Information Risk Policies Links with

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

NHS Information Governance: 2010/11 UPDATE

NHS Information Governance: 2010/11 UPDATE NHS Information Governance: 2010/11 UPDATE JANUARY 2011 Contents Outline of the Changes Quick reference to additional evidence requirements Guide to using the online Toolkit Frequently asked questions

More information

Information Security and Governance Policy

Information Security and Governance Policy Information Security and Governance Policy Version: 1.0 Ratified by: Information Governance Group Date ratified: 19 th October 2012 Name of organisation / author: Derek Wilkinson Name of responsible Information

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

Trust Informatics Policy. Information Governance. Information Governance Policy

Trust Informatics Policy. Information Governance. Information Governance Policy Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference

More information

Information Governance Lead

Information Governance Lead Peninsula Community Health Information Governance Policy Title: Information Governance Policy Procedural Document Type: Policy Reference: CO-IG-P04 CQC Outcome: Version: 2.0 Approved by: Information Governance

More information

TERMS OF REFERENCE: REVIEW OF THE INFORMATION GOVERNANCE TOOLKIT

TERMS OF REFERENCE: REVIEW OF THE INFORMATION GOVERNANCE TOOLKIT TERMS OF REFERENCE: REVIEW OF THE INFORMATION GOVERNANCE TOOLKIT The Information Governance Professional Leadership Group hosted by the NHS Commissioning Board is committed to conducting a strategic review

More information

Information Security Policy

Information Security Policy Information Security Policy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval

More information

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff. Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best

More information

Information Governance Policy. Church Road Medical Practice

Information Governance Policy. Church Road Medical Practice Information Governance Policy Church Road Medical Practice Version No: 1.0 Issue Date: March 2015 INFORMATION GOVERNANCE POLICY 1. Summary Information is a vital asset, both in terms of the clinical management

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May

More information

General Register Office for Scotland information about Scotland s people. Paper NHSCR GB 1/08. NHSCR Scotland Information Governance Standards

General Register Office for Scotland information about Scotland s people. Paper NHSCR GB 1/08. NHSCR Scotland Information Governance Standards General Register Office for Scotland information about Scotland s people Paper NHSCR GB 1/08 NHSCR Scotland Information Governance s This is a draft on which the Board s comments would be welcome. Contents

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for: CONTROLLED DOCUMENT Risk Management Strategy and Policy CATEGORY: CLASSIFICATION: PURPOSE: Controlled Number: Document Version Number: 4 Controlled Sponsor: Controlled Lead: Approved By: Document Document

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

Lauren Hamill, Information Governance Officer

Lauren Hamill, Information Governance Officer Document No: IG10a Version: 1.0 Name of Document: General Information Governance Checklist Author: Release Date: Review Date: Lauren Hamill, Information Governance Officer Version Control Version Release

More information

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 3.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality Assurance Group Ratification date: March 2015 Review date: March 2016

More information

Information Governance Support Pack

Information Governance Support Pack PCTI Solutions Document Version: 0,1 19 February 2013 Pioneer Court, Pioneer Way, Whitwood, Castleford, West Yorkshire, WF10 5QU T: 01977 66 44 96 F: 01977 66 44 99 E: info@pcti.co.uk W: www.pcti.co.uk

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy

More information

Lancashire County Council Information Governance Framework

Lancashire County Council Information Governance Framework Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice

More information