CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY

Size: px
Start display at page:

Download "CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY 2013-2014"

Transcription

1 CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY Version 1.0

2 CONTENTS Security Risks 3 Information Assurance Risk 3 Spreading Best Practice 3 Reporting Risks Upwards 4 Typical Risk Escalation Routes.. 4 Process.. 4 Risk Tolerance Prohibited Risk Areas 5 Security and Information Management Risk Key Roles and Responsibilities 6 CPS Board 6 Board Objectives. 7 Role of the SIRO 7 Role of the SIMG. 7 Standards and Compliance 8 The development and availability of the right products and services 8 Improved professionalism across all areas of the IA sector 9 Leadership..9 Delivery..9 Implementation and Maintenance.10 2 Version 1.0

3 Crown Prosecution Service Risk Management: Policy Statement Security Risks Security risks and external threats to the safety and security of CPS staff and all people visiting its premises; its information, facilities and operational capability will be assessed in accordance with policies, procedures and responsibilities set out in the departmental Security Manual. Additional assessments of threats and the appropriate response will be determined from time to time by the Departmental Security Officer (DSO) and Chief Executive (CEO) following central security guidance. Information Assurance Risk CPS policy is to integrate information risk management into existing business and project risk as far as possible. Specific threats are managed via our ISO assurance programme. Additional assessments of threats and the appropriate response will be determined from time to time by the DSO, Chief Information Officer (CIO) and the departmental Senior Information Risk Officer (SIRO). Spreading Best Practice We will foster a culture of spreading best practice, the lessons learnt, and the expertise acquired from our risk management activities across CPS. We will do this by providing: Direct feedback from quality assurance and Area Performance Reviews undertaken by the Corporate Risk Management Advisor; Reviewing and Analysing results from the Annual Certificate of Assurance (which contains specific questions related to the current 3 Version 1.0

4 measures and controls in place in relation to Security and Information Management) Maintaining a statement of best practice standards; The creation, maintenance and annual training (delivered by the centre) of the IMA. Providing relevant, bespoke and up to date guidance on all aspects of security and information assurance best practice guides, advice and hints and tips on the CPS Infonet. The establishment and ongoing improvement of an Information Management Unit which incorporates the following skilled and experienced staff: Combined Departmental Security and IT Security Unit. Data Protection and Freedom of Information Unit. All units are headed up by a designated senior manager responsible for overseeing all security and information management risks and reporting progress into the SIRO. Promoting bespoke security and information management training to managers at all levels. Reporting Risks Upwards When security and / or information management risks materialise or cannot be managed down to an acceptable level, risk owners should ensure that these are reported to the next level of management. The table on the following page shows typical escalation routes. 4 Version 1.0

5 The Corporate Risk Management Advisor will help risk owners to identify unmanaged Area and HQ Directorate risks for escalation through the ongoing review of risk registers and will assess whether activities remain within the CPS risk tolerance level. Typical Risk Escalation Routes Overall Risk Owner Escalate Through Escalate To Corporate Risks Directors Group (DG) CPS Board HQ Directors Corporate Risk Management Advisor/ CPS Board DG DSO / Head of IMU / Security Information Management CPS Board SIRO Group CCP Chief Operating Officer CPS Board HQ Heads of HQ Director/ Corporate Risk DG Division Management Advisor Project Managers Project Board/ DG CPS Board Unit Heads Area Management Team Group Chair/ CCP Process Risks will be systematically identified and objectively assessed. The CPS risk management process is outlined in CPS Risk Management: a Practical Guide; available on the CPS Infonet. CPS Risks will be managed and recorded using formal risk registers and the departmental risk appetite is recorded in the Annual Resource Accounts. Good internal control in operational systems and processes is an integral part of risk management. The existing framework of internal control manages many generic systems risks. The framework of internal control includes: The establishment of policies, standards, processes and procedures; The clear definition of responsibilities; 5 Version 1.0

6 Measurements of resources used against the achievement of objectives and outcomes delivered; Performance management; Financial and budgetary controls. To underpin the framework of internal control, risks to business critical systems and all security and information management processes should be identified, assessed and managed by local management supported by the designated Information Management Advisor (IMA). The Information Asset Owner (IAO) in each HQ Directorate and Area retains ultimate responsible for the management of all security and information management risks within their HQ Directorate / Area. Risk Tolerance Risk Tolerance is the total amount of risk that the CPS or business unit is prepared to accept at any point in time. It is used to as a guide to help decide whether it should take on additional risks (i.e. an additional major change initiative or project). It can also be used to define the level of exposure deemed to be acceptable when managing down individual risks. The Board sets the Service s overall risk tolerance. One of the ways it uses to constrain the department s overall exposure to risk is to set authority limits for managers within its policies, processes and governance structure. Risk tolerance may vary over time, different risk type or between different business units. It is a subjective judgement. However, risk tolerance within CPS should reflect these key principles: The Director, Chief Executive and the Board encourage the taking of controlled risks in pursuing new opportunities and the use of innovative 6 Version 1.0

7 approaches. In broad terms the Service has demonstrated a fairly high tolerance for taking on additional risks. Prohibited Risk Areas CPS policies and guidance manuals define where there are mandatory processes and procedures. Compliance with these standards is required and non-compliance with prescribed procedures constitutes an unacceptable risk. Some risks are acceptable provided the prescribed CPS process is followed (e.g. expenditure proposals, staff recruitment, specific CPS Security and Information Management guidance / processes) and designated responsibilities/ delegated authorities are adhered to. Headquarters Directors, CCPs and ABMs may take risk management decisions on the basis of their delegated financial authority and their devolved responsibilities and accountabilities. 7 Version 1.0

8 Security and Information Management Risk Key Roles and Responsibilities Error! Objects cannot be created from editing field codes. CPS Board The CPS Board is chaired by the Director and its members are the Chief Executive, Chief Operating Officer, Finance Director, and four non-executive directors. The Board's non-executive Directors provide an external challenge and perspective on CPS work and specific expertise to the discussions. The Board is collectively responsible for delivering the CPS Vision, underpinned by the corporate strategic objectives. The Board does this by:- Providing clear direction and visible leadership; Communicating the Vision and strategic objectives to all CPS staff; Monitoring and driving performance improvement; Working with partners to develop opportunities to improve efficiency across the Criminal Justice System; Setting the Service s risk appetite and owning the corresponding risk register Board Objectives for 2012/13 To realise the CPS Vision, the Board's work programme will be guided by five priorities this year: 1. Identifying and managing the strategic challenges and risks to the organisation; 2. Ensuring Driving full implementation of our People Strategy and improved Employee Engagement Index; 3. Embedding effective digital working across the CJS; 4. Ensuring delivery against our Core Quality Standards and performance improvement across all other key indicators; 8 Version 1.0

9 5. Ensuring effective allocation and management of the CPS' staff and financial resources. Role of the SIRO The key role of the SIRO, who also holds the role of Chief Operating Officer, is to ensure that the direction of the Security and Information Management Programme is aligned with the business Role of the Security Information Management Group (SIMG) The strategic outcomes will be achieved by focusing on the following three key objectives. These will have important implications for the way that CPS does its business. Objective 1: Clear and effective information risk management. Clear board-level ownership and accountability for information risks; and Where information is shared, a single point of risk ownership will be identified. Objective 2: Agreement upon and compliance with approved and appropriate Information Assurance (IA) standards CPS will operate within a national framework of IA common standards; and Trust and confidence in the use of information will be maintained through an effective model of compliance with these standards. Objective 3: The development and availability of appropriate IA Capabilities. CPS will work more closely with wider government and its ICT suppliers in the development of IA Capabilities to enable the better management of information risks; and 9 Version 1.0

10 These capabilities include: availability of the right products and services; coordinated and appropriate efforts on innovation, improved professionalism and awareness. Standards and Compliance A national framework of IA Standards provides CPS with the confidence that we are managing information risks appropriately. Establishing confidence and trust lies at the heart of enabling effective and responsible information sharing. These standards will define a segmented model for information and information system requirements. Systems will operate within one of a number of broad segments, according to the level of impact that failure of the information carried on those systems would have. Segments will be informed by impact levels based upon the Government s designated Infosec Standards. Within each of these segments, the level of IA achieved by adherence to the segment s IA standards will be broadly comparable. However, the balance of adherence to various types of IA standard may differ within the segment depending upon the user s IA specific requirements and risk appetite. For example, CPS may choose to apply a higher standard than the minimum within the segment, if one element of IA (e.g. confidentiality) is of particular importance. Where CPS has systems that lie within more than one segment, it will need to determine whether to enable full connectivity between the segments, in the wider context of business planning and delivery considerations. These common standards will provide a level of confidence when connecting systems or sharing information with other organisations within the same segment. In the context of Shared Services, for example, this will mean that CPS will be able to assure itself that shared information will be appropriately managed by other organisations. To ensure that the standards remain relevant, they will need to be responsive to rapidly evolving business needs. The delivery approach will set out how work to develop an appropriate set of IA standards and a compliance model is to be taken forward. 10 Version 1.0

11 Information Assurance Capabilities In order for CPS to be able to own and to manage its information risks to the appropriate standards, CPS will require appropriate IA Capabilities. These capabilities describe the IA elements that should be embedded within all parts of everyday business processes. CPS will engage with its ICT suppliers and wider government to ensure that knowledge and best practice is shared wherever possible in the delivery of these capabilities. The Development and Availability of the Right Products and Services CPS has adopted the Information Assurance Maturity Model for assuring confidence in the development of products and services. The model will help to ensure that IA is effectively and consistently embedded within ICT products as an ongoing through-life activity, beginning at the earliest design stage and continuing throughout the usage stage. As part of this approach CPS will look to: Develop improved operational assurance capability; Establish and operate a clear model for the provision of IA advice and services to stakeholders; and Exploit the investment in the present IA technical programme to embrace a wider range of IA products, while retaining primary focus on the needs of CPS and high threat areas of activity. Improved Professionalism across All Areas of the Information Assurance Sector Greater professionalism across the IA community is an important part of ensuring that staff within CPS are able to implement the approach set out in this Strategy. Government efforts to establish an Institute of Information Security Professionals (IISP), InfoSec training and an Accreditors Forum provided a useful start. Every effort will be made to ensure that IA 11 Version 1.0

12 professionals are given the same recognition and training opportunities as those within the Government IT Profession. At the same time other staff such as senior managers, IAOs and IMAs will improve their Information Management and Security skills through a programme of learning and development. Leadership Business Information Systems Directorate will provide the required leadership and expert knowledge to implement this Strategy. A key part of this will be to provide IA advice and guidance to the rest of the CPS to assist the implementation of activities. Reporting and direction will be via the Security and Information Management Group, chaired by the SIRO. With oversight of the DSO, the CPS IT Security Officer (ITSO) will lead on the provision of technical IA risk management guidance, standards of good practice, advice and assurance services across the CPS, fully supported by our ICT supplier partner. Reporting will be through the Head of Information Management Division to the Security and Information Management Group. Delivery Recognition of the importance of an effective governance structure to provide leadership on IA and appropriate mechanisms for the delivery of these objectives is at the heart of this Strategy. Within the CPS, a commitment at the top to provide clear leadership on this issue is vital to effecting the change required and ongoing maturity in IA. On behalf of the CPS Board, the IA Strategy is owned by the CPS SIMG, to ensure that a business approach to IA is taken across CPS. The SIMG will look to oversee delivery through the Information Assurance Programme Board (IAPB). The SIRO and the CIO work closely together to enable implementation of this Strategy, aligning the ICT Strategy to other appropriate strategies and policies. 12 Version 1.0

13 Where the approach to IA set by the SIMG has a direct bearing on closely related agendas, for example around protective security or counter-terrorism, the SIMG will ensure that the appropriate bodies are aware of and brought into the decision-making process, as required. In parallel, the governance structure will bring in wider elements of the organisation to ensure implementation of the Strategy in all appropriate areas of business activity. Implementation and Maintenance The delivery approach will develop the three strategic objectives of this Strategy into actions and activities to be implemented under the direction of the SIMG and IAPB. Wherever possible, these activities will build on or incorporate existing IA work and utilise existing mechanisms or channels for delivery. The delivery approach and IAPB will be guided by the mandatory requirements of the Security Policy Framework (SPF) and other best practice guidance. Jackie Ronchetti Head of Information Management 13 Version 1.0

Central Sponsor for Information Assurance. A National Information Assurance Strategy

Central Sponsor for Information Assurance. A National Information Assurance Strategy Central Sponsor for Information Assurance A National Information Assurance Strategy A NATIONAL INFORMATION ASSURANCE STRATEGY i Foreword Information and communications technology is changing the way that

More information

National Approach to Information Assurance 2014-2017

National Approach to Information Assurance 2014-2017 Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

Information Security Management System (ISMS) Policy

Information Security Management System (ISMS) Policy Information Security Management System (ISMS) Policy April 2015 Version 1.0 Version History Version Date Detail Author 0.1 18/02/2015 First draft Andy Turton 0.2 20/02/2015 Updated following feedback from

More information

HMG Security Policy Framework

HMG Security Policy Framework HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of

More information

February 2015 Issue No: 5.2. CESG Certification for IA Professionals

February 2015 Issue No: 5.2. CESG Certification for IA Professionals February 2015 Issue No: 5.2 CESG Certification for IA Professionals Issue No: 5.2 February 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Risk Management Policy Record Number D14/79827 Responsible Manager Manager Strategy and Governance Last reviewed 10 March 2015 Adoption reference Council Resolution number 90.5 Previous

More information

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

Project, Programme and Portfolio Management Delivery Plan 6

Project, Programme and Portfolio Management Delivery Plan 6 Report title Agenda item Project, Programme and Portfolio Management Delivery Plan 6 Meeting Performance Management and Community Safety Panel 27 April 2009 Date Report by Document number Head of Strategy

More information

Revenue Scotland. Risk Management Framework

Revenue Scotland. Risk Management Framework Revenue Scotland Risk Management Framework Contents 1. Introduction... 3 1.1 Overview of risk management... 3 2. Policy statement... 4 3. Risk management approach... 5 3.1 Risk management objectives...

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework + = Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework Background Middlesbrough Council is going through significant

More information

MANAGING DIGITAL CONTINUITY

MANAGING DIGITAL CONTINUITY MANAGING DIGITAL CONTINUITY Project Name Digital Continuity Project DRAFT FOR CONSULTATION Date: November 2009 Page 1 of 56 Contents Introduction... 4 What is this Guidance about?... 4 Who is this guidance

More information

Policy and Procedure Statement

Policy and Procedure Statement Policy and Procedure Statement SUBJECT: Enterprise Risk CATEGORY: General Administration NO. 502-G PREAMBLE Risk exists in all activities and cannot be avoided, nor can it always be eliminated. However,

More information

The CPS incorporates RCPO. CPS Data Protection Policy

The CPS incorporates RCPO. CPS Data Protection Policy The CPS incorporates RCPO CPS Data Protection Policy Contents Introduction 3 Scope 4 Roles and Responsibilities 4 Processing Criminal Cases 4 Information Asset Owners 5 Information Asset Register 5 Information

More information

Group Corporate Responsibility Policy

Group Corporate Responsibility Policy London Stock Exchange Group Group Corporate Responsibility Policy December 2015 WEB VERSION FOR EXTERNAL DISCLOSURE 1 Contents 1.0 Introduction 3 2.0 Objectives 3 3.0 Scope and application 3 4.0 Corporate

More information

Information governance strategy 2014-16

Information governance strategy 2014-16 Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope

More information

1.0 Policy Statement / Intentions (FOIA - Open)

1.0 Policy Statement / Intentions (FOIA - Open) Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies

More information

Good Practice Guide The Information Assurance Maturity Model and Assessment Framework

Good Practice Guide The Information Assurance Maturity Model and Assessment Framework October 2015 Issue No: 2.1 Good Practice Guide The Information Assurance Maturity Model and Assessment Framework Customers can continue to use this guidance. The content remains current, although may contain

More information

RISK MANAGEMENT POLICY (Revised October 2015)

RISK MANAGEMENT POLICY (Revised October 2015) UNIVERSITY OF LEICESTER RISK MANAGEMENT POLICY (Revised October 2015) 1. This risk management policy ( the policy ) forms part of the University s internal control and corporate governance arrangements.

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

The Department for Business, Innovation and Skills IMA Action Plan PRIORITY RECOMMENDATIONS

The Department for Business, Innovation and Skills IMA Action Plan PRIORITY RECOMMENDATIONS PRIORITY RECOMMENDATIONS R1 BIS to elevate the profile of information risk in support of KIM strategy aims for the protection, management and exploitation of information. This would be supported by: Establishing

More information

Good Practice Guide: the internal audit role in information assurance

Good Practice Guide: the internal audit role in information assurance Good Practice Guide: the internal audit role in information assurance Janaury 2010 Good Practice Guide: the internal audit role in information assurance January 2010 Official versions of this document

More information

Purchasing and Supply Management

Purchasing and Supply Management Purchasing and Supply Management 1 Policy objective 1.1 To ensure that Aviva optimises and sustains commercial advantage, it is important that minimum standards are applied to the activities of purchasing

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

Risk Management Plan 2012-2015

Risk Management Plan 2012-2015 Risk Management Plan 2012-2015 This controlled document shall not be copied in part or whole without the express permission of the author or the author s representative. Revision Date Previous Revision

More information

Board Charter. HCF Life Insurance Company Pty Ltd (ACN 001 831 250) (the Company )

Board Charter. HCF Life Insurance Company Pty Ltd (ACN 001 831 250) (the Company ) Board Charter HCF Life Insurance Company Pty Ltd (ACN 001 831 250) (the Company ) Board approval date: 27 October 2015 Contents 1. Introduction and Purpose of this Charter...1 2. Role of the Board...1

More information

Information Governance Framework

Information Governance Framework Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information

More information

Risk Management Policy and Process Guide

Risk Management Policy and Process Guide Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February

More information

Information Governance Standards in Relation to Third Party Suppliers and Contractors

Information Governance Standards in Relation to Third Party Suppliers and Contractors Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging

More information

Risk Management Policy. Corporate Governance Risk Management Policy

Risk Management Policy. Corporate Governance Risk Management Policy Corporate Governance Risk Management Policy Approved by the Council of Ministers, May 2006 1. Background The Isle of Man Government is working to promote better risk management, with emphasis on the importance

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

House of Commons Corporate Governance Framework

House of Commons Corporate Governance Framework House of Commons Corporate Governance Framework What is Corporate Governance? 1. Good corporate governance is fundamental to any effective organisation and is the hallmark of any well-managed corporate

More information

The Standards for Leadership and Management: supporting leadership and management development December 2012

The Standards for Leadership and Management: supporting leadership and management development December 2012 DRIVING FORWARD PROFESSIONAL STANDARDS FOR TEACHERS The Standards for Leadership and Management: supporting leadership and management development December 2012 Contents Page The Standards for Leadership

More information

Leadership, Governance and Management ACUTE HOSPITAL SERVICES. Supporting services to deliver quality healthcare JUNE 2013

Leadership, Governance and Management ACUTE HOSPITAL SERVICES. Supporting services to deliver quality healthcare JUNE 2013 QUALITY ASSESSMENT & IMPROVEMENT ACUTE HOSPITAL SERVICES JUNE 2013 Leadership, Governance and Management Supporting services to deliver quality healthcare Effective Care and Support Safe Care and Support

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Chief Information Officer

Chief Information Officer Security manager Job description Job title Security manager Location Wellington Group Organisation Development Business unit / team IT Solutions Grade and salary range Pay Group 1, Pay Band 6 Reports to

More information

Delphi Automotive PLC. Corporate Governance Guidelines

Delphi Automotive PLC. Corporate Governance Guidelines Delphi Automotive PLC Corporate Governance Guidelines TABLE OF CONTENTS DELPHI VISION AND VALUES... 3 Delphi Vision: Why We Exist and the Essence of Our Business... 3 Delphi Values: How We Conduct Ourselves...

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

Job No. (Office Use) Directorate Corporate Services Department Programme Management Office Reports to (Job Title) If No state reason

Job No. (Office Use) Directorate Corporate Services Department Programme Management Office Reports to (Job Title) If No state reason ROLE PROFILE Transformation Programmes Manager Role Profile Job Title Transformation Programme Manager Job No. (Office Use) C6074 Grade (Office Use) Directorate Corporate Services Department Programme

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

Procurement Strategy. June Procurement Strategy

Procurement Strategy. June Procurement Strategy June 2015 Procurement Strategy Contents 1. VISION 2. PURPOSE 3. PROCUREMENT OBJECTIVES 4. PROCUREMENT AIMS 5. PROCUREMENT MEASURES 6. KEY PERFORMANCE INDICATORS 7. REVIEW Page 2 of 10 1 VISION Proactive

More information

NOT PROTECTIVELY MARKED

NOT PROTECTIVELY MARKED Information Management Strategy SPSA 0062 Version V3 23 rd June 2011 Review Date June 2012 Owner Senior Information Risk Owner Copyright SCDEA 2010. All rights reserved. NOT PROTECTIVELY MARKED This document

More information

Information, Communications and Technology Strategy. Purpose 2. Strategic Aims 2. Introduction 2. ICT Vision for 2015-2020 3. Key themes and aims: 4

Information, Communications and Technology Strategy. Purpose 2. Strategic Aims 2. Introduction 2. ICT Vision for 2015-2020 3. Key themes and aims: 4 Brigade Order Operations Brigade Order Administration 16 Part Part 1 Section Title Information, Communications and Technology Strategy Contents No. Purpose 2 Strategic Aims 2 Introduction 2 ICT Vision

More information

SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT

SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT Issue 1.0 Date 24/03/2011 Logica is a business and technology service company, employing 39,000 people. It provides business consulting, systems integration

More information

IFAD Policy on Enterprise Risk Management

IFAD Policy on Enterprise Risk Management Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012

More information

COMPLIANCE CHARTER 1

COMPLIANCE CHARTER 1 COMPLIANCE CHARTER 1 Contents 1. Compliance Policy Statement... 2 2. Purpose... 2 3. Mission and objective of the Directorate: Compliance... 2 3.1 Mission... 2 3.2 Objective... 3 4. Compliance risk management...

More information

Roles, Responsibilities & Structures in Successful Public Social Partnerships

Roles, Responsibilities & Structures in Successful Public Social Partnerships Guidance: Roles, Responsibilities & Structures in Successful Public Social Partnerships A guidance document to support appropriate allocation of roles and responsibilities within Public Social Partnerships

More information

Informatics: The future. An organisational summary

Informatics: The future. An organisational summary Informatics: The future An organisational summary DH INFORMATION READER BOX Policy HR/Workforce Management Planning/Performance Clinical Document Purpose Commissioner Development Provider Development Improvement

More information

Policy Checklist. Head of Information Governance

Policy Checklist. Head of Information Governance Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust

More information

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg. Introduction CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.com June 2015 Companies which adopt CSR or sustainability 1

More information

Managing ICT contracts in central government. An update

Managing ICT contracts in central government. An update Managing ICT contracts in central government An update Prepared by Audit Scotland June 2015 Auditor General for Scotland The Auditor General s role is to: appoint auditors to Scotland s central government

More information

Powerhouse Ventures Limited (PVL) ROLE OF THE MANAGING DIRECTOR/CHIEF EXECUTIVE OFFICER (CEO)

Powerhouse Ventures Limited (PVL) ROLE OF THE MANAGING DIRECTOR/CHIEF EXECUTIVE OFFICER (CEO) Powerhouse Ventures Limited (PVL) ROLE OF THE MANAGING DIRECTOR/CHIEF EXECUTIVE OFFICER (CEO) Page 1 of 5 THE ROLE OF THE MANAGING DIRECTOR/CHIEF EXECUTIVE OFFICER (CEO) For the purposes of this Policy,

More information

Trust Board Report. Review of the effectiveness of the IM&T Committee

Trust Board Report. Review of the effectiveness of the IM&T Committee 1. Introduction Trust Board Report Review of the effectiveness of the The meets every eight weeks, with a specific responsibility for governance, strategic direction, approval and direction of developments

More information

ITHealthBoard. Health Sector Architecture Governance Terms of Reference V 0 7

ITHealthBoard. Health Sector Architecture Governance Terms of Reference V 0 7 ITHealthBoard Health Sector Architecture Governance Terms of Reference V 0 7 Versions Version Date Name Reason for Change 0.1 25/5/10 Darren Douglass 0.2 13/8/10 Darren Douglass 0.3 30/8/10 Tony Cooke

More information

Northern Ireland Social Care Council. Job Description

Northern Ireland Social Care Council. Job Description Northern Ireland Social Care Council Job Description Post: Location: Band: Reporting to: Responsible to: Head of Workforce Development Northern Ireland Social Care Council, 7 th Floor, Millennium House,

More information

Information Sharing Lessons Learned from Gateway Reviews: Gate 3 Investment Decision Review

Information Sharing Lessons Learned from Gateway Reviews: Gate 3 Investment Decision Review Information Sharing Lessons Learned from Gateway Reviews: Gate 3 Investment Decision Review October 2013 The purpose of this document is to share lessons learned to support agencies to better identify

More information

DUBLIN CITY COUNCIL CORPORATE PROCUREMENT PLAN

DUBLIN CITY COUNCIL CORPORATE PROCUREMENT PLAN DUBLIN CITY COUNCIL CORPORATE PROCUREMENT PLAN 2015 2017 1 CORPORATE PROCUREMENT PLAN 2015-2017 CONTENTS 1. Introduction 3 2. Objectives 4-5 3. The Procurement Plan 6 4. Implementation 7-8 5. Procurement

More information

In accordance with section 15 of the Queensland Rail Transit Authority (QRTA) Act (2013) the Board s specific functions include:

In accordance with section 15 of the Queensland Rail Transit Authority (QRTA) Act (2013) the Board s specific functions include: Corporate Governance Queensland Rail is committed to ensuring that its systems, procedures and practices reflect the highest standards of corporate governance. Processes have been established to ensure

More information

Sample risk committee charter

Sample risk committee charter Sample risk committee charter 1 Next This sample risk committee charter is based on leading practices observed by Deloitte in the analysis of a variety of materials. It is important to note that the Risk

More information

IMPLEMENTATION GUIDELINE FOR CORPORATE GOVERNANCE OF INFORMATION AND COMMUNICATION TECHNOLOGY POLICY FRAMEWORK. Version 1

IMPLEMENTATION GUIDELINE FOR CORPORATE GOVERNANCE OF INFORMATION AND COMMUNICATION TECHNOLOGY POLICY FRAMEWORK. Version 1 IMPLEMENTATION GUIDELINE FOR CORPORATE GOVERNANCE OF INFORMATION AND COMMUNICATION TECHNOLOGY POLICY FRAMEWORK Version 1 January 2013 1 Executive Summary Information and Communication Technology (ICT)

More information

DRAFT. London Borough of Merton Procurement Strategy

DRAFT. London Borough of Merton Procurement Strategy DRAFT London Borough of Merton Procurement Strategy 2013-2016 3 Foreword Welcome to Merton s procurement strategy, which outlines our aims for the period 2013 2016 and shows how procurement will contribute

More information

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and

More information

Version No: 2 Date: 27 July 2015. Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy

Version No: 2 Date: 27 July 2015. Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy Version No: 2 Date: 27 July 2015 Data Quality Policy Assistant Chief Executive Planning & Performance Data Quality Policy Contents 1. Summary Statement 2. Context 3. Purpose 4. Scope 5. Detail of the policy

More information

Programme Manager Relationship Management System

Programme Manager Relationship Management System Programme Manager Relationship Management System Russam Ref 4573 Job Profile This document is a generic description for the role. Any specific requirements in the published advert should also be taken

More information

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits

More information

Crown Prosecution Service, London Business Plan 2014-15

Crown Prosecution Service, London Business Plan 2014-15 Crown Prosecution Service, London Business Plan 2014-15 0 Introduction from the Chief Crown Prosecutor This document sets out the key business activities that CPS London will deliver over the next 12 months

More information

IT Charter and IT Governance Framework

IT Charter and IT Governance Framework IT Charter and IT Governance Framework Status: Custodian: Approved Director: Information Technology Date approved: 2013-12-04 Implementation date: 2013-12-05 Decision number: SAQA 02102/13 Due for review:

More information

Executive Director - Corporate Services

Executive Director - Corporate Services Job details Job title: Executive Director - Corporate Services Responsible to: Chief Executive Responsible for: Director of Finance, Director of Human Resources, Director of Business Assurance and Director

More information

Human Resources and Organisational Development. Job No. (Office Use)

Human Resources and Organisational Development. Job No. (Office Use) ROLE PROFILE Human Resources and Organisational Development Role Profile Job Title Head of Business and Technical Architecture Job No. (Office Use) F27 Grade (Office Use) Directorate Transformation and

More information

Approved by Board of Directors on 2 August 2016 (Revision 2016) FRASER & NEAVE HOLDINGS BHD. Board Charter

Approved by Board of Directors on 2 August 2016 (Revision 2016) FRASER & NEAVE HOLDINGS BHD. Board Charter FRASER & NEAVE HOLDINGS BHD 1. Introduction The Board of Directors (the Board ) of Fraser & Neave Holdings Bhd (the Company ) is committed to observing and maintaining the highest standards of corporate

More information

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc MARCH 2012 Version 1.10 Strategic Risk Policy Update March 2012 v1.10.doc Document History Current Version Document Name Risk Management Policy Statement and Strategic Framework Last Updated By Alan Till

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

Manager Service Transition

Manager Service Transition Revised Manager Service Transition Your position description Your: Location Group Business unit / team Wellington Organisation Capability & Services IT Solutions / Service Transition Pay Group MGR Band

More information

P3M3 Portfolio Management Self-Assessment

P3M3 Portfolio Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction

More information

Review of Risk Management and Insurance. Public Accounts Committee

Review of Risk Management and Insurance. Public Accounts Committee Review of Risk Management and Insurance Public Accounts Committee April 2012 Contents Executive Summary 1 Maturity Model 6 Understanding the Causes and the Way Forward 7 Risk Management Recommendations

More information

Operations. Group Standard. Business Operations process forms the core of all our business activities

Operations. Group Standard. Business Operations process forms the core of all our business activities Standard Operations Business Operations process forms the core of all our business activities SMS-GS-O1 Operations December 2014 v1.1 Serco Public Document Details Document Details erence SMS GS-O1: Operations

More information

Corporate Governance Framework June 2015

Corporate Governance Framework June 2015 Corporate Governance Framework June 2015 This publication has been compiled by Don Clunes of the Office of the Director-General, Department of Energy and Water Supply. State of Queensland, 2015. The Queensland

More information

Chief Executive Officer, Ministry of Education, Sports & Culture

Chief Executive Officer, Ministry of Education, Sports & Culture Responsible to: Chief Executive Officer, Ministry of Education, Sports & Culture Role of Division: The key purpose of the Division is to contribute to MESC Strategic Policies and Plans and Education Sector

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

PERFORMANCE MANAGEMENT STRATEGY

PERFORMANCE MANAGEMENT STRATEGY PERFORMANCE MANAGEMENT STRATEGY Date published: May 2013 South Essex Homes Keeping you informed www.southessexhomes.co.uk 0800 833 160 1 of 12 SOUTH ESSEX HOMES: PERFORMANCE MANAGEMENT STRATEGY This strategy

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT 1 Scope of Internal Audit 1.1 Terms of Reference 1.1.1 Do terms of reference: (a) establish the responsibilities and objectives

More information

Business Plan 2012/13

Business Plan 2012/13 Business Plan 2012/13 Contents Introduction 3 About the NFA..4 Priorities for 2012/13 4 Resources.6 Reporting Arrangements.6 Objective 1 7 To raise the profile and awareness of fraud among individuals,

More information

Quality and risk management

Quality and risk management www.pwc.co.uk/annualreport Quality and risk management Annual Report 2015 Introduction Managing risk is a clear strategic priority for the Executive Board and senior management of the firm. We have a clear

More information

London Borough of Sutton Equality & Diversity Framework 2014/ /19

London Borough of Sutton Equality & Diversity Framework 2014/ /19 London Borough of Sutton Equality & Diversity Framework 2014/15 2018/19 1 Contents 1. Statement of Intent... 3 2. Governance... 5 3. Roles and Responsibilities... 8 4. Equality & Diversity Principles...

More information

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS. www.fic.gov.bc.ca Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship

More information

Chair Cabinet Committee on State Sector Reform and Expenditure Control

Chair Cabinet Committee on State Sector Reform and Expenditure Control Office of the Minister of State Services Chair Cabinet Committee on State Sector Reform and Expenditure Control REPORT OF THE GOVERNMENT CHIEF INFORMATION OFFICER ON THE REVIEW OF PUBLICLY ACCESSIBLE INFORMATION

More information

RISK MANAGEMENT STRATEGY 2014-17

RISK MANAGEMENT STRATEGY 2014-17 RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team

More information

Administration and General Order No. AD/1/TBC

Administration and General Order No. AD/1/TBC COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority

More information

Risk Management Strategy

Risk Management Strategy Risk Management Strategy Version: 8 Approved by: Quality and Governance Committee Date approved: 31 July 2014 Ratified by: Trust Board of Directors Date ratified: Name of originator/author: Head of Patient

More information

D-CRIS Information Governance Assurance

D-CRIS Information Governance Assurance D-CRIS Information Governance Assurance Date: 05 08 2013 Version: 1.0 Author: Murat Soncul Contents 1. Introduction... 3 2. CRIS Security Model... 3 3. SLaM Information Governance Framework... 4 4. Roles

More information

People Strategy 2013/17

People Strategy 2013/17 D a t a L a b e l : P U B L I C West Lothian Council People Strategy 2013/17 Contents 1 Overview 2 2 Council Priorities 8 3 Strategy Outcomes 10 1 Engaging and motivating our employees 13 2 Recognised

More information