DATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:
|
|
- Sherilyn Miller
- 7 years ago
- Views:
Transcription
1 DATA PROTECTION SELF-ASSESSMENT TOOL Protecture:
2 Instructions for use touches many varied aspects of an organisation. Across six key areas, the self-assessment notes where a decision should have been made, or an action taken, in order to ensure compliance across your organisation. The Position column is where you indicate one of three possible positions: 1. Yes you consider yourself compliant. Record your evidence for this position. 2. No you believe you do not need to address the issue (e.g. because of the size of your organisation). Record your rationale for this position. 3. Under Review the issue is under. Record the actions you plan to address the issue, e.g. who has been allocated responsibility and the timescale / next date. The results of your self-assessment should then be summarised on the following page. This will enable you to prioritise actions and changes in the areas of greatest risk. Subscribers Subscribers to our data protection service get four hours of data protection advice and guidance i.e. we would work though the self-assessment tool with you, if needed. We would then address any gaps you might have. For example, work with you to make changes to existing policies; deliver any onsite training; audit systems or processes. Our Subscribers also have access to guidance, template policies and checklists via the Members Area of our website (the Reference column of this Self-assessment Tool refers to these). P a g e 1 of 12
3 Index Number of Action Points Position Y N Action Plan 01 Roles and Responsibilities staff, agency workers and service providers 4 02 Your staff 3 03 Your day-to-day handling of personal information 5 04 Your buildings (physical security) and offsite working 2 05 Your handling of information security incidents 1 06 Your handling of requests for access to personal information 2 Top 3 priorities: P a g e 2 of 12
4 01 Action point A : Roles and Responsibilities staff, agency workers and service providers Your employees: Appoint or confirm the following roles: 1. Senior Management Glossary Y N Under 2. Oversight Glossary Y N Under 3. Audit Glossary Y N Under 4. Senior Information Risk Owner (SIRO) Glossary Y N Under 5. Information Asset Owners (IAOs) Glossary Y N Under 6. Managers Glossary Y N Under 7. Human Resources Glossary Y N Under 8. Users Glossary Y N Under 9. Officer Glossary Y N Under 10. Information Security Officer Glossary Y N Under 11. Facilities Management Glossary Y N Under 12. Legal Services Glossary Y N Under 13. Business Continuity Glossary Y N Under P a g e 3 of 12
5 01 Action point B: Roles and Responsibilities staff, agency workers and service providers Your employees: Adopt or amend Human Resources policy, to address the following areas: 1. Before employment prior to access to personal data 2. During employment accessing personal data 3. After employment no longer accessing personal data 4. Emergency suspension of a User s access Y N Under Action point C: Agency workers and service providers: Adopt or amend contract clauses / terms and conditions to address the following: 1. Third parties with temporary access to personal data 2. Engaging third parties on a contractual basis 3. Engaging third parties on a non-contractual (information sharing) basis Action point D: Glossary DP Guide 01 Y N Under Your organisation: Ensure notification with the Information Commissioner s Office (ICO) 1. Notification with the ICO Y N Under 2. Annual of notification Y N Under P a g e 4 of 12
6 02 Your staff Action point A: Provide data protection training and awareness, and maintain evidence it has been received for each User 1. At induction DP Guide 02 Y N Under 2. Annually DP Guide 02 Y N Under 3. When new systems / policies are introduced Action point B: DP Guide 02 Y N Under Adopt or amend an Acceptable Use Policy (AUP) 1. Evidence maintained of Users receiving and signing their AUP AUP addresses the following areas 2. Sharing and disclosing personal information DP Guide 02 Y N Under DP Guide 02 Y N Under 3. Use of DP Guide 02 Y N Under 4. Use of the internet DP Guide 02 Y N Under 5. Monitoring DP Guide 02 Y N Under 6. Personal use DP Guide 02 Y N Under 7. Computer Misuse DP Guide 02 Y N Under 8. Adherence to policies and procedures DP Guide 02 Y N Under P a g e 5 of 12
7 02 Your staff Action point C: Adopt or amend the following Policies and / or guidance for use by all Users: 1. Password Policy 03.C.4 below Y N Under 2. Clear Desk, Clear Screen and Secure Waste Policy 03.C.7 below Y N Under 3. Offsite Working Policy 04.B. below Y N Under 4. Removable Media Policy 03.B.4 below Y N Under 5. Sharing Personal Information Policy 03.B.5 below Y N Under For access to the complete Self-Assessment Tool please get in touch. Call help@protecture.org.uk Complete the Contact Us form: P a g e 6 of 12
Nottinghamshire County Council. Data protection audit report
Nottinghamshire County Council Data protection audit report Executive summary October 2015 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data
More informationInformation Governance Policy
Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route
More informationCardiff Council. Data protection audit report. Executive summary June 2014
Cardiff Council Data protection audit report Executive summary June 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act 1998
More informationCentral London Community Healthcare NHS Trust. Data protection audit report
Central London Community Healthcare NHS Trust Data protection audit report Executive Summary July 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationInformation Governance Strategy. Version No 2.1
Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of
More informationAUDIT COMMITTEE 10 DECEMBER 2014
AUDIT COMMITTEE 10 DECEMBER 2014 AGENDA ITEM 8 Subject Report by MANAGEMENT OF INFORMATION RISKS DIRECTOR OF CORPORATE SERVICES Enquiries contact: Tony Preston, Ext 6541, email tony.preston@chelmsford.gov.uk
More informationRenfrewshire Council. Data protection audit report. Executive summary January 2013
Renfrewshire Council Data protection audit report Executive summary January 2013 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection
More informationHow To Protect School Data From Harm
43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:
More informationInformation Governance Policy
Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact
More informationWe then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective.
Good Practice Audit outcomes analysis Police Forces April 2013 to April 2014 This report is based on the final audit reports the ICO completed in the Criminal Justice sector, specifically of Police forces,
More informationPublic Records (Scotland) Act 2011. Healthcare Improvement Scotland and Scottish Health Council Assessment Report
Public Records (Scotland) Act 2011 Healthcare Improvement Scotland and Scottish Health Council Assessment Report The Keeper of the Records of Scotland 30 October 2015 Contents 1. Public Records (Scotland)
More informationINFORMATION GOVERNANCE STRATEGY NO.CG02
INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.
More informationLauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L.
Document No: IG10d Version: 1.1 Name of Procedure: Third Party Due Diligence Assessment Author: Release Date: Review Date: Lauren Hamill, Information Governance Officer Version Control Version Release
More informationInformation Governance Standards in Relation to Third Party Suppliers and Contractors
Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationAuditing data protection a guide to ICO data protection audits
Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit
More informationDocument No: IG10f. Version: 1.0. Information Governance Contracts Guidance. Name of Procedure: Version Control
Document No: IG10f Version: 1.0 Name of Procedure: Information Governance Contracts Guidance Author: Release Date: Review Date: Lauren Hamill, Information Governance Officer Version Control Version Release
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationInformation Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.
Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationINFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationInformation governance strategy 2014-16
Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope
More informationHighland Council Information Security Policy
Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationInformation Governance Training Plan v13
Information Governance Training Plan To meet requirements of IGT v13 Lincolnshire East Clinical Commissioning Group Page 1 of 17 Contents Introduction Page 3 Training Provision Page 4 Staff Induction Awareness
More informationInformation Governance Strategy Includes Information risk & incident management methodology
Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Strategy
NHS Waltham Forest Clinical Commissioning Group Governance Strategy Author: Zeb Alam, CCG IG Lead, (NELCSU) David Pearce, Head of Governance, WFCCG Version 3.0 Amendments to Version 2.1 Annual Review Reference
More informationAUDITOR GUIDELINES. Responsibilities Supporting Inputs. Receive AAA, Sign and return to IMS with audit report. Document Review required?
1 Overview of Audit Process The flow chart below shows the overall process for auditors carrying out audits for IMS International. Stages within this process are detailed further in this document. Scheme
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationA Question of Balance
A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What
More informationCleveland Police. Data protection audit report. Executive summary November 2014
Cleveland Police Data protection audit report Executive summary November 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act
More informationInformation Security and Governance Policy
Information Security and Governance Policy Version: 1.0 Ratified by: Information Governance Group Date ratified: 19 th October 2012 Name of organisation / author: Derek Wilkinson Name of responsible Information
More informationInformation Governance Plan
Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.
More informationInformation Governance Strategy 2015-2018
Introduction Information Governance Strategy 2015-2018 This strategy sets out the approach to be taken within Children s Hearings Scotland (CHS) to develop a robust Information Governance (IG) framework
More informationThe Professional Standards Team is also available to discuss any aspect of the Code with you, so please do contact us if you have any queries.
The guide to complying with the REC Code of Professional Practice provides you with a page by page checklist on what you can do to ensure your agency is working to best practice. The Professional Standards
More informationBirmingham Women s NHS Foundation Trust
Birmingham Women s NHS Foundation Trust Data protection audit report Executive summary January 2015 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with
More informationInformation Governance Checklist and Privacy Impact Assessments
Information Governance Checklist and Privacy Impact Assessments Authorship: Committee Approved: Chris Wallace Information Governance Manager Quality and Clinical Governance Committee Approved date: 1 Feb
More informationTHE MORAY COUNCIL. Guidance on data security breach management DRAFT. Information Assurance Group. Evidence Element 9 appendix 31
THE MORAY COUNCIL Guidance on data security breach management Information Assurance Group DRAFT Based on the ICO Guidance on data security breach management under the Data Protection Act 1 Document Control
More informationPolicy: D9 Data Quality Policy
Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of
More informationData Protection Audit Report - Southampton City Council
Southampton City Council Data protection audit report Executive summary March 2016 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection
More informationINFORMATION RISK MANAGEMENT POLICY
INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible
More informationIP-PGN-14 Part of NTW(O)05 Incident Policy
Incident Policy Practice Guidance Note Information Governance Incident Reporting Management V01 Date Issued Planned Review PGN No: Issue 1 October 2014 October 2017 IP-PGN-14 Part of NTW(O)05 Incident
More informationPolicy. VBA Enterprise Risk Management. Governance Unit
Policy VBA Enterprise Risk Management Governance Unit Keywords: Policy; risk; governance. ID: Version no: Status: VBAPOL-0074 2.0 Final Issue date: Date of effect: Next review date: 14/07/2015 14/07/2015
More informationOFFICIAL. NCC Records Management and Disposal Policy
NCC Records Management and Disposal Policy Issue No: V1.0 Reference: NCC/IG4 Date of Origin: 12/11/2013 Date of this Issue: 14/01/2014 1 P a g e DOCUMENT TITLE NCC Records Management and Disposal Policy
More informationOperations. Group Standard. Business Operations process forms the core of all our business activities
Standard Operations Business Operations process forms the core of all our business activities SMS-GS-O1 Operations December 2014 v1.1 Serco Public Document Details Document Details erence SMS GS-O1: Operations
More informationRecords Management plan
Records Management plan Prepared for 31 October 2013 Audit Scotland is a statutory body set up in April 2000 under the Finance and Accountability (Scotland) Act 2000. We help the Auditor General for Scotland
More informationInformation Governance and Assurance Framework Version 1.0
Information Governance and Assurance Framework Version 1.0 Page 1 of 19 Document Control Title: Original Author(s): Owner: Reviewed by: Quality Assured by: Meridio Location: Approval Body: Policy and Guidance
More informationQueensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers
Queensland Government Human Services Quality Framework Quality Pathway Kit for Service Providers July 2015 Introduction The Human Services Quality Framework (HSQF) The Human Services Quality Framework
More informationFindings from ICO audits and reviews of community healthcare providers. June 2013 to December 2014
Findings from ICO audits and reviews of community healthcare providers June 2013 to December 2014 Introduction The Information Commissioner s Office (ICO) is the regulator responsible for ensuring that
More informationPOLICY CONTRACT MANAGEMENT POLICY POLICY STATEMENT
POLICY CONTRACT MANAGEMENT POLICY POLICY STATEMENT The intent of this policy is to establish a University-wide governance structure for managing contracts and other legally binding documents. The Policy
More informationPrivacy and Electronic Communications Regulations
ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3
More informationSelf assessment tool. Using this tool
Self assessment tool How well does your organisation comply with the 12 guiding principles of the surveillance camera code of practice? Complete this easy to use self assessment tool to find out if you
More informationLauren Hamill, Information Governance Officer
Document No: IG10a Version: 1.0 Name of Document: General Information Governance Checklist Author: Release Date: Review Date: Lauren Hamill, Information Governance Officer Version Control Version Release
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationData Protection Breach Reporting Procedure
Central Bedfordshire Council www.centralbedfordshire.gov.uk Data Protection Breach Reporting Procedure October 2015 Security Classification: Not Protected 1 Approval History Version No Approved by Approval
More informationPolicy Checklist. Head of Information Governance
Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust
More informationWhen things go wrong: information governance breaches and the role of the ICO. David Evans, Senior Policy Officer
When things go wrong: information governance breaches and the role of the ICO David Evans, Senior Policy Officer Where it did go wrong NHS Surrey 200,000 MPN June 2013 The events leading up to the MPN
More informationDean Bank Primary and Nursery School. Data Protection Policy
Dean Bank Primary and Nursery School Data Protection Policy January 2015 Data Protection Policy Dean Bank Primary and Nursery School handles increasing amounts of personal information and have a statutory
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationData Security Breach Management Procedure
Academic Services Data Security Breach Management Procedure Document Reference: Data Breach Procedure 1.1 Document Type: Document Status: Document Owner: Review Period: Procedure v1.0 Approved by ISSG
More informationUCL Information Governance Framework Trevor Peacock UCL School of Life and Medical Sciences
UCL Information Governance Framework Trevor Peacock UCL School of Life and Medical Sciences NHS-HE Forum, 28 th November 2013 UCL IG Framework Where we ve got to The IG Framework Services to support the
More informationInformation Governance Framework
Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information
More informationDate: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR:
TRUST BOARD IN PUBLIC Date: 30 th May 2013 Agenda Item: 5.5 REPORT TITLE: Information Governance Annual Report EXECUTIVE SPONSOR: Ian Mackenzie Director of Information and Estates REPORT AUTHOR: Sarah
More informationPrivacy Impact Assessment and Information Governance Checklist
Privacy Impact Assessment and Information Governance Checklist Review and Amendment Log / Control Sheet Responsible Officer: Clinical Chief Officer Clinical Lead: Author: Dr. Dave Mitchell Medical Director/Caldicott
More informationSupplier Assurance Framework Good Practice Guide
Supplier Assurance Framework Good Practice Guide Version 2.0 February 2015 1 P a g e V e r s i o n 2. 0 F e b 1 5 Contents INTRODUCTION... 3 SUPPLIER ASSURANCE FRAMEWORK OVERVIEW... 4 USING THE STATEMENT
More informationCambridgeshire Constabulary. Data protection audit report
Cambridgeshire Constabulary Data protection audit report Executive summary November 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection
More informationCloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Contact name Contact email Contact
More informationGatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria
Gatekeeper PKI Framework ISBN 1 921182 24 5 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright. Apart from
More informationwww.neelb.org.uk Web Site Download Carol Johnston
What I need to know about data protection and information security when purchasing a service that requires access to my information by a third party. www.neelb.org.uk Web Site Download Carol Johnston Corporate
More informationXIT CLOUD SOLUTIONS LIMITED
DISCLOSURE STATEMENT PREPARED BY - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More informationJOB DESCRIPTION. Hours: 37.5 hours per week, worked Monday to Friday
JOB DESCRIPTION Job Title: Head of Business Continuity & Risk Band: Indicative Band 8b Hours: 37.5 hours per week, worked Monday to Friday Location: Accountable to: Tatchbury Mount, Calmore, Southampton
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationProgram Guide for Risk-based Compliance Monitoring and Enforcement Program. ERA-01 Rev. 1. NPCC Manager, Entity Risk Assessment
NPCC Entity Risk Assessment Program Guide for Risk-based Compliance Monitoring and Enforcement Program ERA-01 Rev. 1 Process Owner: NPCC Manager, Entity Risk Assessment Effective Date: 03/02/2015 Table
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationSecurity Incident Management Policy
Security Incident Management Policy January 2015 Document Version 2.4 Document Status Owner Name Owner Job Title Published Martyn Ward Head of ICT Business Delivery Document ref. Approval Date 27/01/2015
More informationCCF Systems Gap Analysis Checklist. Civil Contractors Federation. Civil Construction Management Code
CCF Systems Gap Analysis Checklist Civil Contractors Federation Civil Construction Management Code Please Note: This Gap Analysis Checklist is designed to enable Contractors to undertake an initial self
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationNHS Lancashire North CCG. Competition Dispute Resolution Policy and Process
NHS Lancashire North CCG Competition Dispute Resolution Policy and Process V1.4 Version No Amended by Date reviewed Date approved Next Date for Review 1.1 March 2009 March 2010 1.2 B Thomas 29.07.13 August
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Policy
NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation
More informationData Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy?... 2. 2 Scope of this Policy... 2. 3 Principles of data quality...
Data Quality Policy Appendix A Updated August 2011 Contents 1. Why do we need a Data Quality Policy?... 2 2 Scope of this Policy... 2 3 Principles of data quality... 3 4 Applying the policy... 4 5. Roles
More informationIncident Management Policy
Incident Management Policy Draft SEC Subsidiary Document DCC Public 01 July 2015 BASELINED VERSION 1 DEFINITIONS Term Black Start CPNI Code of Connection Crisis Management Disaster HMG Incident Party Interested
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More information/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE. By Melbourne IT Enterprise Services
/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE By Melbourne IT Enterprise Services CHECKLIST: PCI/ISO COMPLIANCE If your business handles credit card transactions then you ve probably heard of the Payment
More informationCloud Software Services for Schools
Request for information on the document re: cloud and secure storage posted on the DfE website, response provided by DfE and Schools Commercial team: The focus of the project is on data security/safety
More informationCloud Software Services for Schools. Supplier self-certification statements with service and support commitments. SafeGuard Software Limited
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Supplier name Address Contact name Contact email Contact telephone SafeGuard Software Limited
More informationInformation Management Policy
Information Management Policy Document Control Title Organisation Description Author(s) Information Management Policy London Legacy Development Corporation The Information Management Policy describes how
More informationInformation Governance Strategy
Policy No: IG01 Version: 3.0 Name of Policy: Information Governance Strategy Effective From: 02/06/2015 Date Ratified 06/05/2015 Ratified Health Informatics Assurance Group (HIAG) Review Date 01/05/2017
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationInformation Security Incident Management Policy
Information Security Incident Management Policy Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT Policy & Regulation
More informationInformation Governance Strategy Includes Information risk & incident management methodology
Version 3.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality Assurance Group Ratification date: March 2015 Review date: March 2016
More informationInformation Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services
Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...
More informationInformation Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs
Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More informationIssue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager
Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Version 1.0 Information Security Policy COR/043/V1.00 March 2016 Version 1.00 1 Subject and version number of document: Serial number: Information Security Policy Version 1.0
More informationPlease Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision.
May 2013 Bring Your Own Device Policy Template for Further Education Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision. Table
More information