CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY
|
|
- Basil Freeman
- 8 years ago
- Views:
Transcription
1 CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY Version 1.0
2 CONTENTS Security Risks 3 Information Assurance Risk 3 Spreading Best Practice 3 Reporting Risks Upwards 4 Typical Risk Escalation Routes.. 4 Process.. 4 Risk Tolerance Prohibited Risk Areas 5 Security and Information Management Risk Key Roles and Responsibilities 6 CPS Board 6 Board Objectives. 7 Role of the SIRO 7 Role of the SIMG. 7 Standards and Compliance 8 The development and availability of the right products and services 8 Improved professionalism across all areas of the IA sector 9 Leadership..9 Delivery..9 Implementation and Maintenance.10 2 Version 1.0
3 Crown Prosecution Service Risk Management: Policy Statement Security Risks Security risks and external threats to the safety and security of CPS staff and all people visiting its premises; its information, facilities and operational capability will be assessed in accordance with policies, procedures and responsibilities set out in the departmental Security Manual. Additional assessments of threats and the appropriate response will be determined from time to time by the Departmental Security Officer (DSO) and Chief Executive (CEO) following central security guidance. Information Assurance Risk CPS policy is to integrate information risk management into existing business and project risk as far as possible. Specific threats are managed via our ISO assurance programme. Additional assessments of threats and the appropriate response will be determined from time to time by the DSO, Chief Information Officer (CIO) and the departmental Senior Information Risk Officer (SIRO). Spreading Best Practice We will foster a culture of spreading best practice, the lessons learnt, and the expertise acquired from our risk management activities across CPS. We will do this by providing: Direct feedback from quality assurance and Area Performance Reviews undertaken by the Corporate Risk Management Advisor; Reviewing and Analysing results from the Annual Certificate of Assurance (which contains specific questions related to the current 3 Version 1.0
4 measures and controls in place in relation to Security and Information Management) Maintaining a statement of best practice standards; The creation, maintenance and annual training (delivered by the centre) of the IMA. Providing relevant, bespoke and up to date guidance on all aspects of security and information assurance best practice guides, advice and hints and tips on the CPS Infonet. The establishment and ongoing improvement of an Information Management Unit which incorporates the following skilled and experienced staff: Combined Departmental Security and IT Security Unit. Data Protection and Freedom of Information Unit. All units are headed up by a designated senior manager responsible for overseeing all security and information management risks and reporting progress into the SIRO. Promoting bespoke security and information management training to managers at all levels. Reporting Risks Upwards When security and / or information management risks materialise or cannot be managed down to an acceptable level, risk owners should ensure that these are reported to the next level of management. The table on the following page shows typical escalation routes. 4 Version 1.0
5 The Corporate Risk Management Advisor will help risk owners to identify unmanaged Area and HQ Directorate risks for escalation through the ongoing review of risk registers and will assess whether activities remain within the CPS risk tolerance level. Typical Risk Escalation Routes Overall Risk Owner Escalate Through Escalate To Corporate Risks Directors Group (DG) CPS Board HQ Directors Corporate Risk Management Advisor/ CPS Board DG DSO / Head of IMU / Security Information Management CPS Board SIRO Group CCP Chief Operating Officer CPS Board HQ Heads of HQ Director/ Corporate Risk DG Division Management Advisor Project Managers Project Board/ DG CPS Board Unit Heads Area Management Team Group Chair/ CCP Process Risks will be systematically identified and objectively assessed. The CPS risk management process is outlined in CPS Risk Management: a Practical Guide; available on the CPS Infonet. CPS Risks will be managed and recorded using formal risk registers and the departmental risk appetite is recorded in the Annual Resource Accounts. Good internal control in operational systems and processes is an integral part of risk management. The existing framework of internal control manages many generic systems risks. The framework of internal control includes: The establishment of policies, standards, processes and procedures; The clear definition of responsibilities; 5 Version 1.0
6 Measurements of resources used against the achievement of objectives and outcomes delivered; Performance management; Financial and budgetary controls. To underpin the framework of internal control, risks to business critical systems and all security and information management processes should be identified, assessed and managed by local management supported by the designated Information Management Advisor (IMA). The Information Asset Owner (IAO) in each HQ Directorate and Area retains ultimate responsible for the management of all security and information management risks within their HQ Directorate / Area. Risk Tolerance Risk Tolerance is the total amount of risk that the CPS or business unit is prepared to accept at any point in time. It is used to as a guide to help decide whether it should take on additional risks (i.e. an additional major change initiative or project). It can also be used to define the level of exposure deemed to be acceptable when managing down individual risks. The Board sets the Service s overall risk tolerance. One of the ways it uses to constrain the department s overall exposure to risk is to set authority limits for managers within its policies, processes and governance structure. Risk tolerance may vary over time, different risk type or between different business units. It is a subjective judgement. However, risk tolerance within CPS should reflect these key principles: The Director, Chief Executive and the Board encourage the taking of controlled risks in pursuing new opportunities and the use of innovative 6 Version 1.0
7 approaches. In broad terms the Service has demonstrated a fairly high tolerance for taking on additional risks. Prohibited Risk Areas CPS policies and guidance manuals define where there are mandatory processes and procedures. Compliance with these standards is required and non-compliance with prescribed procedures constitutes an unacceptable risk. Some risks are acceptable provided the prescribed CPS process is followed (e.g. expenditure proposals, staff recruitment, specific CPS Security and Information Management guidance / processes) and designated responsibilities/ delegated authorities are adhered to. Headquarters Directors, CCPs and ABMs may take risk management decisions on the basis of their delegated financial authority and their devolved responsibilities and accountabilities. 7 Version 1.0
8 Security and Information Management Risk Key Roles and Responsibilities Error! Objects cannot be created from editing field codes. CPS Board The CPS Board is chaired by the Director and its members are the Chief Executive, Chief Operating Officer, Finance Director, and four non-executive directors. The Board's non-executive Directors provide an external challenge and perspective on CPS work and specific expertise to the discussions. The Board is collectively responsible for delivering the CPS Vision, underpinned by the corporate strategic objectives. The Board does this by:- Providing clear direction and visible leadership; Communicating the Vision and strategic objectives to all CPS staff; Monitoring and driving performance improvement; Working with partners to develop opportunities to improve efficiency across the Criminal Justice System; Setting the Service s risk appetite and owning the corresponding risk register Board Objectives for 2012/13 To realise the CPS Vision, the Board's work programme will be guided by five priorities this year: 1. Identifying and managing the strategic challenges and risks to the organisation; 2. Ensuring Driving full implementation of our People Strategy and improved Employee Engagement Index; 3. Embedding effective digital working across the CJS; 4. Ensuring delivery against our Core Quality Standards and performance improvement across all other key indicators; 8 Version 1.0
9 5. Ensuring effective allocation and management of the CPS' staff and financial resources. Role of the SIRO The key role of the SIRO, who also holds the role of Chief Operating Officer, is to ensure that the direction of the Security and Information Management Programme is aligned with the business Role of the Security Information Management Group (SIMG) The strategic outcomes will be achieved by focusing on the following three key objectives. These will have important implications for the way that CPS does its business. Objective 1: Clear and effective information risk management. Clear board-level ownership and accountability for information risks; and Where information is shared, a single point of risk ownership will be identified. Objective 2: Agreement upon and compliance with approved and appropriate Information Assurance (IA) standards CPS will operate within a national framework of IA common standards; and Trust and confidence in the use of information will be maintained through an effective model of compliance with these standards. Objective 3: The development and availability of appropriate IA Capabilities. CPS will work more closely with wider government and its ICT suppliers in the development of IA Capabilities to enable the better management of information risks; and 9 Version 1.0
10 These capabilities include: availability of the right products and services; coordinated and appropriate efforts on innovation, improved professionalism and awareness. Standards and Compliance A national framework of IA Standards provides CPS with the confidence that we are managing information risks appropriately. Establishing confidence and trust lies at the heart of enabling effective and responsible information sharing. These standards will define a segmented model for information and information system requirements. Systems will operate within one of a number of broad segments, according to the level of impact that failure of the information carried on those systems would have. Segments will be informed by impact levels based upon the Government s designated Infosec Standards. Within each of these segments, the level of IA achieved by adherence to the segment s IA standards will be broadly comparable. However, the balance of adherence to various types of IA standard may differ within the segment depending upon the user s IA specific requirements and risk appetite. For example, CPS may choose to apply a higher standard than the minimum within the segment, if one element of IA (e.g. confidentiality) is of particular importance. Where CPS has systems that lie within more than one segment, it will need to determine whether to enable full connectivity between the segments, in the wider context of business planning and delivery considerations. These common standards will provide a level of confidence when connecting systems or sharing information with other organisations within the same segment. In the context of Shared Services, for example, this will mean that CPS will be able to assure itself that shared information will be appropriately managed by other organisations. To ensure that the standards remain relevant, they will need to be responsive to rapidly evolving business needs. The delivery approach will set out how work to develop an appropriate set of IA standards and a compliance model is to be taken forward. 10 Version 1.0
11 Information Assurance Capabilities In order for CPS to be able to own and to manage its information risks to the appropriate standards, CPS will require appropriate IA Capabilities. These capabilities describe the IA elements that should be embedded within all parts of everyday business processes. CPS will engage with its ICT suppliers and wider government to ensure that knowledge and best practice is shared wherever possible in the delivery of these capabilities. The Development and Availability of the Right Products and Services CPS has adopted the Information Assurance Maturity Model for assuring confidence in the development of products and services. The model will help to ensure that IA is effectively and consistently embedded within ICT products as an ongoing through-life activity, beginning at the earliest design stage and continuing throughout the usage stage. As part of this approach CPS will look to: Develop improved operational assurance capability; Establish and operate a clear model for the provision of IA advice and services to stakeholders; and Exploit the investment in the present IA technical programme to embrace a wider range of IA products, while retaining primary focus on the needs of CPS and high threat areas of activity. Improved Professionalism across All Areas of the Information Assurance Sector Greater professionalism across the IA community is an important part of ensuring that staff within CPS are able to implement the approach set out in this Strategy. Government efforts to establish an Institute of Information Security Professionals (IISP), InfoSec training and an Accreditors Forum provided a useful start. Every effort will be made to ensure that IA 11 Version 1.0
12 professionals are given the same recognition and training opportunities as those within the Government IT Profession. At the same time other staff such as senior managers, IAOs and IMAs will improve their Information Management and Security skills through a programme of learning and development. Leadership Business Information Systems Directorate will provide the required leadership and expert knowledge to implement this Strategy. A key part of this will be to provide IA advice and guidance to the rest of the CPS to assist the implementation of activities. Reporting and direction will be via the Security and Information Management Group, chaired by the SIRO. With oversight of the DSO, the CPS IT Security Officer (ITSO) will lead on the provision of technical IA risk management guidance, standards of good practice, advice and assurance services across the CPS, fully supported by our ICT supplier partner. Reporting will be through the Head of Information Management Division to the Security and Information Management Group. Delivery Recognition of the importance of an effective governance structure to provide leadership on IA and appropriate mechanisms for the delivery of these objectives is at the heart of this Strategy. Within the CPS, a commitment at the top to provide clear leadership on this issue is vital to effecting the change required and ongoing maturity in IA. On behalf of the CPS Board, the IA Strategy is owned by the CPS SIMG, to ensure that a business approach to IA is taken across CPS. The SIMG will look to oversee delivery through the Information Assurance Programme Board (IAPB). The SIRO and the CIO work closely together to enable implementation of this Strategy, aligning the ICT Strategy to other appropriate strategies and policies. 12 Version 1.0
13 Where the approach to IA set by the SIMG has a direct bearing on closely related agendas, for example around protective security or counter-terrorism, the SIMG will ensure that the appropriate bodies are aware of and brought into the decision-making process, as required. In parallel, the governance structure will bring in wider elements of the organisation to ensure implementation of the Strategy in all appropriate areas of business activity. Implementation and Maintenance The delivery approach will develop the three strategic objectives of this Strategy into actions and activities to be implemented under the direction of the SIMG and IAPB. Wherever possible, these activities will build on or incorporate existing IA work and utilise existing mechanisms or channels for delivery. The delivery approach and IAPB will be guided by the mandatory requirements of the Security Policy Framework (SPF) and other best practice guidance. Jackie Ronchetti Head of Information Management 13 Version 1.0
Central Sponsor for Information Assurance. A National Information Assurance Strategy
Central Sponsor for Information Assurance A National Information Assurance Strategy A NATIONAL INFORMATION ASSURANCE STRATEGY i Foreword Information and communications technology is changing the way that
More informationNational Approach to Information Assurance 2014-2017
Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version
More informationInformation Security Management System (ISMS) Policy
Information Security Management System (ISMS) Policy April 2015 Version 1.0 Version History Version Date Detail Author 0.1 18/02/2015 First draft Andy Turton 0.2 20/02/2015 Updated following feedback from
More informationConfident in our Future, Risk Management Policy Statement and Strategy
Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents
More informationHMG Security Policy Framework
HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of
More informationFebruary 2015 Issue No: 5.2. CESG Certification for IA Professionals
February 2015 Issue No: 5.2 CESG Certification for IA Professionals Issue No: 5.2 February 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or
More informationPolicy and Procedure Statement
Policy and Procedure Statement SUBJECT: Enterprise Risk CATEGORY: General Administration NO. 502-G PREAMBLE Risk exists in all activities and cannot be avoided, nor can it always be eliminated. However,
More informationRISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer
RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.
More informationMANAGING DIGITAL CONTINUITY
MANAGING DIGITAL CONTINUITY Project Name Digital Continuity Project DRAFT FOR CONSULTATION Date: November 2009 Page 1 of 56 Contents Introduction... 4 What is this Guidance about?... 4 Who is this guidance
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationRisk Management Policy
Risk Management Policy Risk Management Policy Record Number D14/79827 Responsible Manager Manager Strategy and Governance Last reviewed 10 March 2015 Adoption reference Council Resolution number 90.5 Previous
More informationThe CPS incorporates RCPO. CPS Data Protection Policy
The CPS incorporates RCPO CPS Data Protection Policy Contents Introduction 3 Scope 4 Roles and Responsibilities 4 Processing Criminal Cases 4 Information Asset Owners 5 Information Asset Register 5 Information
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationProject, Programme and Portfolio Management Delivery Plan 6
Report title Agenda item Project, Programme and Portfolio Management Delivery Plan 6 Meeting Performance Management and Community Safety Panel 27 April 2009 Date Report by Document number Head of Strategy
More informationThe Department for Business, Innovation and Skills IMA Action Plan PRIORITY RECOMMENDATIONS
PRIORITY RECOMMENDATIONS R1 BIS to elevate the profile of information risk in support of KIM strategy aims for the protection, management and exploitation of information. This would be supported by: Establishing
More informationInformation Governance Strategy
Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:
More informationInformation governance strategy 2014-16
Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope
More information1.0 Policy Statement / Intentions (FOIA - Open)
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
More informationMiddlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager
Middlesbrough Manager Competency Framework + = Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework Background Middlesbrough Council is going through significant
More informationInformation Governance Framework
Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationAPPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES
APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company
More informationInformation, Communications and Technology Strategy. Purpose 2. Strategic Aims 2. Introduction 2. ICT Vision for 2015-2020 3. Key themes and aims: 4
Brigade Order Operations Brigade Order Administration 16 Part Part 1 Section Title Information, Communications and Technology Strategy Contents No. Purpose 2 Strategic Aims 2 Introduction 2 ICT Vision
More informationAvondale College Limited Enterprise Risk Management Framework 2014 2017
Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.
More informationRisk Management Plan 2012-2015
Risk Management Plan 2012-2015 This controlled document shall not be copied in part or whole without the express permission of the author or the author s representative. Revision Date Previous Revision
More informationNOT PROTECTIVELY MARKED
Information Management Strategy SPSA 0062 Version V3 23 rd June 2011 Review Date June 2012 Owner Senior Information Risk Owner Copyright SCDEA 2010. All rights reserved. NOT PROTECTIVELY MARKED This document
More informationAPPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014
WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles
More informationBoard Charter. HCF Life Insurance Company Pty Ltd (ACN 001 831 250) (the Company )
Board Charter HCF Life Insurance Company Pty Ltd (ACN 001 831 250) (the Company ) Board approval date: 27 October 2015 Contents 1. Introduction and Purpose of this Charter...1 2. Role of the Board...1
More informationGood Practice Guide: the internal audit role in information assurance
Good Practice Guide: the internal audit role in information assurance Janaury 2010 Good Practice Guide: the internal audit role in information assurance January 2010 Official versions of this document
More informationThe Standards for Leadership and Management: supporting leadership and management development December 2012
DRIVING FORWARD PROFESSIONAL STANDARDS FOR TEACHERS The Standards for Leadership and Management: supporting leadership and management development December 2012 Contents Page The Standards for Leadership
More informationChief Information Officer
Security manager Job description Job title Security manager Location Wellington Group Organisation Development Business unit / team IT Solutions Grade and salary range Pay Group 1, Pay Band 6 Reports to
More informationInformation Governance Standards in Relation to Third Party Suppliers and Contractors
Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging
More informationManaging ICT contracts in central government. An update
Managing ICT contracts in central government An update Prepared by Audit Scotland June 2015 Auditor General for Scotland The Auditor General s role is to: appoint auditors to Scotland s central government
More informationDelphi Automotive PLC. Corporate Governance Guidelines
Delphi Automotive PLC Corporate Governance Guidelines TABLE OF CONTENTS DELPHI VISION AND VALUES... 3 Delphi Vision: Why We Exist and the Essence of Our Business... 3 Delphi Values: How We Conduct Ourselves...
More informationIFAD Policy on Enterprise Risk Management
Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationJob No. (Office Use) Directorate Corporate Services Department Programme Management Office Reports to (Job Title) If No state reason
ROLE PROFILE Transformation Programmes Manager Role Profile Job Title Transformation Programme Manager Job No. (Office Use) C6074 Grade (Office Use) Directorate Corporate Services Department Programme
More informationSample risk committee charter
Sample risk committee charter 1 Next This sample risk committee charter is based on leading practices observed by Deloitte in the analysis of a variety of materials. It is important to note that the Risk
More informationSCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT
SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT Issue 1.0 Date 24/03/2011 Logica is a business and technology service company, employing 39,000 people. It provides business consulting, systems integration
More informationInformation Governance Strategy
Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version
More informationTrust Board Report. Review of the effectiveness of the IM&T Committee
1. Introduction Trust Board Report Review of the effectiveness of the The meets every eight weeks, with a specific responsibility for governance, strategic direction, approval and direction of developments
More informationCOMPLIANCE CHARTER 1
COMPLIANCE CHARTER 1 Contents 1. Compliance Policy Statement... 2 2. Purpose... 2 3. Mission and objective of the Directorate: Compliance... 2 3.1 Mission... 2 3.2 Objective... 3 4. Compliance risk management...
More informationInformatics: The future. An organisational summary
Informatics: The future An organisational summary DH INFORMATION READER BOX Policy HR/Workforce Management Planning/Performance Clinical Document Purpose Commissioner Development Provider Development Improvement
More informationDORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy
Not Protectively Marked Item 6 Appendix B DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Management Policy The Dorset & Wiltshire Fire and Rescue Authority () is the combined fire and rescue authority for
More informationCorporate Information Security Policy
Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives
More informationStrategy and 2015 Business Plan. The Specialist Property Law Regulator
Strategy and 2015 Business Plan The Specialist Property Law Regulator Contents Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 FOREWORD OUR VISION, MISSION AND VALUES THE REGULATORY FRAMEWORK THE POLICY ENVIRONMENT
More informationHouse of Commons Corporate Governance Framework
House of Commons Corporate Governance Framework What is Corporate Governance? 1. Good corporate governance is fundamental to any effective organisation and is the hallmark of any well-managed corporate
More informationP3M3 Portfolio Management Self-Assessment
Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction
More informationRisk Management Policy and Process Guide
Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including
More informationRisk Management Strategy
Risk Management Strategy Version: 8 Approved by: Quality and Governance Committee Date approved: 31 July 2014 Ratified by: Trust Board of Directors Date ratified: Name of originator/author: Head of Patient
More informationVersion No: 2 Date: 27 July 2015. Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy
Version No: 2 Date: 27 July 2015 Data Quality Policy Assistant Chief Executive Planning & Performance Data Quality Policy Contents 1. Summary Statement 2. Context 3. Purpose 4. Scope 5. Detail of the policy
More informationPolicy Checklist. Head of Information Governance
Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February
More informationCSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.
Introduction CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.com June 2015 Companies which adopt CSR or sustainability 1
More informationRisk Management Policy
Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012
More informationInformation Governance Policy
Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route
More informationCITY OF HOUSTON. Executive Order. Information Technology (IT) Governance
CITY OF HOUSTON Executive Order E.O. No: 1-44 Effective Date: December 20, 2012 1. AUTHORITY 1.1 Article VI, Section 7a, of the City Charter of the City of Houston. 2. PURPOSE 2.1 The City of Houston seeks
More informationRisk Management Policy. Corporate Governance Risk Management Policy
Corporate Governance Risk Management Policy Approved by the Council of Ministers, May 2006 1. Background The Isle of Man Government is working to promote better risk management, with emphasis on the importance
More informationHead of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2
Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications
More informationRISK MANAGEMENT POLICY (Revised October 2015)
UNIVERSITY OF LEICESTER RISK MANAGEMENT POLICY (Revised October 2015) 1. This risk management policy ( the policy ) forms part of the University s internal control and corporate governance arrangements.
More informationD-CRIS Information Governance Assurance
D-CRIS Information Governance Assurance Date: 05 08 2013 Version: 1.0 Author: Murat Soncul Contents 1. Introduction... 3 2. CRIS Security Model... 3 3. SLaM Information Governance Framework... 4 4. Roles
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...
More informationPeople Strategy 2013/17
D a t a L a b e l : P U B L I C West Lothian Council People Strategy 2013/17 Contents 1 Overview 2 2 Council Priorities 8 3 Strategy Outcomes 10 1 Engaging and motivating our employees 13 2 Recognised
More informationA Health and Social Care Research and Development Strategic Framework for Wales
IMPROVING HEALTH IN WALES A Health and Social Care Research and Development Strategic Framework for Wales a consultation document February 2002 Please send your comments by 17 May 2002 to: Gerry Evans
More informationConsultation Paper CP18/15. Corporate governance: Board responsibilities
Consultation Paper CP18/15 Corporate governance: Board responsibilities May 2015 Prudential Regulation Authority 20 Moorgate London EC2R 6DA Prudential Regulation Authority, registered office: 8 Lothbury,
More informationCrown Prosecution Service, London Business Plan 2014-15
Crown Prosecution Service, London Business Plan 2014-15 0 Introduction from the Chief Crown Prosecutor This document sets out the key business activities that CPS London will deliver over the next 12 months
More informationUNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework
UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.
More informationOperations. Group Standard. Business Operations process forms the core of all our business activities
Standard Operations Business Operations process forms the core of all our business activities SMS-GS-O1 Operations December 2014 v1.1 Serco Public Document Details Document Details erence SMS GS-O1: Operations
More informationHuman Resources and Organisational Development. Job No. (Office Use)
ROLE PROFILE Human Resources and Organisational Development Role Profile Job Title Head of Business and Technical Architecture Job No. (Office Use) F27 Grade (Office Use) Directorate Transformation and
More informationMARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc
MARCH 2012 Version 1.10 Strategic Risk Policy Update March 2012 v1.10.doc Document History Current Version Document Name Risk Management Policy Statement and Strategic Framework Last Updated By Alan Till
More informationSenate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University
SEN15-P17 11 March 2015 Senate Paper Title: Enhancing Information Governance at Loughborough University Author: Information Technology & Governance Committee 1. Specific Decision Required by Committee
More informationINFORMATION GOVERNANCE POLICY
Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):
More informationAPPENDIX 50. Enterprise risk management - Risk management overview
APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...
More informationCatherine Booth College: School for Learning & Development. The Salvation Army Capability Framework: Generic Matrix
Catherine Booth College: School for Learning & Development The Salvation Army Capability Framework: Generic Matrix V3.0 Sep 2014 Contents ATTRIBUTES... 5 SERVICE USER PERSPECTIVE... 6 TEAM PERSPECTIVE...
More informationProgramme Manager Relationship Management System
Programme Manager Relationship Management System Russam Ref 4573 Job Profile This document is a generic description for the role. Any specific requirements in the published advert should also be taken
More informationEmbedding Digital Continuity in Information Management
Embedding Digital Continuity in Information Management This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage risks to digital
More informationLancashire County Council Information Governance Framework
Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice
More informationCompliance Management Framework. Managing Compliance at the University
Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance
More informationEnterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management
Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationChair Cabinet Committee on State Sector Reform and Expenditure Control
Office of the Minister of State Services Chair Cabinet Committee on State Sector Reform and Expenditure Control REPORT OF THE GOVERNMENT CHIEF INFORMATION OFFICER ON THE REVIEW OF PUBLICLY ACCESSIBLE INFORMATION
More informationGuidance on Supervisory Interaction with Financial Institutions on Risk Culture. A Framework for Assessing Risk Culture
Guidance on Supervisory Interaction with Financial Institutions on Risk Culture A Framework for Assessing Risk Culture 7 April 2014 Table of Contents Page Background... i Introduction... 1 1. Foundational
More informationHMG Security Policy Framework
HMG Security Policy Framework Version 11.0 October 2013 Contents Introduction... 4 Government Security Responsibilities... 4 Role of the Centre... 5 Policy Context... 7 Critical National Infrastructure
More informationRISK MANAGEMENT STRATEGY 2014-17
RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team
More informationGovernance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca
Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship
More informationAudit, Risk Management and Compliance Committee Charter
Audit, Risk Management and Compliance Committee Charter Woolworths Limited Adopted by the Board on 27 August 2013 page 1 1 Introduction This Charter sets out the responsibilities, structure and composition
More informationNorthern Ireland Social Care Council. Job Description
Northern Ireland Social Care Council Job Description Post: Location: Band: Reporting to: Responsible to: Head of Workforce Development Northern Ireland Social Care Council, 7 th Floor, Millennium House,
More informationRisk Management Policy Adopted by:
Risk Management Policy Adopted by: Infigen Energy Limited Infigen Energy (Bermuda) Limited Infigen Energy RE Limited in its capacity as Responsible Entity of Infigen Energy Trust Adopted: 17 December 2009
More informationIT Charter and IT Governance Framework
IT Charter and IT Governance Framework Status: Custodian: Approved Director: Information Technology Date approved: 2013-12-04 Implementation date: 2013-12-05 Decision number: SAQA 02102/13 Due for review:
More informationA Question of Balance
A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What
More informationPERFORMANCE MANAGEMENT STRATEGY
PERFORMANCE MANAGEMENT STRATEGY Date published: May 2013 South Essex Homes Keeping you informed www.southessexhomes.co.uk 0800 833 160 1 of 12 SOUTH ESSEX HOMES: PERFORMANCE MANAGEMENT STRATEGY This strategy
More informationRisk Management. National Occupational Standards February 2014
Risk Management National Occupational Standards February 2014 Skills CFA 6 Graphite Square, Vauxhall Walk, London, SE11 5EE T: 0207 0919620 F: 0207 0917340 E: info@skillscfa.org www.skillscfa.org Skills
More informationRisk Management Framework
Risk Management Framework Mandate and commitment Design of framework for managing risks Continual improvement of the framework Implementing risk management Monitoring and review of the framework Source:
More informationCareNZ Job Description GENERAL MANAGER HUMAN RESOURCES
CareNZ Job Description GENERAL MANAGER HUMAN RESOURCES Responsible to: Responsible for: Chief Executive HR and Payroll Administrator HR Interns and Volunteers Dimensions Location of work Other information
More informationReport to Parliament No. 4 for 2011 Information systems governance and security. Financial and Assurance audit. Enhancing public sector accountability
Financial and Assurance audit Report to Parliament No. 4 for 2011 Information systems governance and security ISSN 1834-1128 Enhancing public sector accountability RTP No. 4 cover.indd 1 15/06/2011 3:19:31
More informationManager Service Transition
Revised Manager Service Transition Your position description Your: Location Group Business unit / team Wellington Organisation Capability & Services IT Solutions / Service Transition Pay Group MGR Band
More informationHow To Be Accountable To The Health Department
CQC Corporate Governance Framework Introduction This document describes the components of CQC s Corporate Governance Framework: what it is intended to achieve, what the components of the Framework are
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More information