Information Governance Management Framework

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Information Governance Management Framework"

Transcription

1 Information Governance Management Framework Document Status: Approved Version: v 1.3 DOCUMENT CHANGE HISTORY Version Date Comments (i.e. viewed, or reviewed, amended, approved by person or committee v1.0 8 June 2012 Draft, Phil Stimpson v July 2012 Additions made to draft by Phil Stimpson v August 2012 Include IG Toolkit Workplan as Appendix F Approved by CCG 09/01/2013 Quality Committee V April 2013 Include Information Security Work plan as Appendix G Revised list of IG policies V June 2013 Approved by SDT CCG Quality Committee Authors: Corporate Affairs Manager Names and roles of Contributors, committee members etc Document IG Toolkit version 11 requirements 130, 131, 134, 230, 231, 232, 233, 341, Reference: 345, 349 Directorate:- Corporate Affairs Approval Quality Committee Review Date of approved document: April 2014 South Devon and Torbay Clinical Commissioning Group promotes equality, diversity and human rights and is committed to ensuring that all people and communities it serves have access to the services we provide. In exercising the duty to address health inequalities, the CCG has made every effort to ensure this policy does not discriminate, directly or indirectly, against patients, employees, contractors or visitors sharing protected characteristics of: age; disability; gender reassignment; marriage and civil partnership; pregnancy and maternity; race; religion and belief; sex (gender); sexual orientation or those protected under Human Rights legislation. All CCG policies can be provided in large print or Braille formats; translations on request; language line interpreter services are available; and website users can use contrast, text sizing and audio tools if required. For any other assistance, please contact the CCG at or South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 1 of 19

2 CONTENTS Section Page 1. Introduction 3 2. Definitions & Key Roles 5 3. Key Policies 6 4. Key Governance Bodies 6 5. Resources 6 6. Governance Framework 7 7. Information Governance Toolkit 7 8. Information Governance Training and Guidance 8 9. Incident Management Information Sharing Information Security 9 Appendix A Glossary 10 Appendix B SDT CCG / Devon PCT Cluster staff in key IG roles 11 Appendix C SDT CCG / Devon PCT Cluster support arrangements for SIRO 12 Appendix D SDT CCG / Devon PCT Cluster support arrangements for Caldicott Guardian 13 Appendix E SDT CCG / Devon PCT Cluster Information Governance Policies 14 Appendix F SDT CCG / Devon PCT Cluster Information Sharing Protocols 15 Appendix G IG Toolkit Workplan Not included Appendix H Information Security Operational Plan Linked strategies, policies and other documents Dissemination requirements Information Governance Policy Data Protection Policy Code of Confidentiality Records Management Policy The policy will be disseminated via managers to cascade to staff within their remit. This framework will be made available on the CCG s intranet and internet sites. South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 2 of 19

3 1 Introduction 1.1 Introduction The Information Governance Toolkit (IGT) for 2013/14 requires NHS South Devon and Torbay Clinical Commissioning Group (CCG) to have an Information Governance Management Framework (IGMF) to bring together all threads of the CCG s Information Governance (IG) activities in an approved document References are made throughout this Framework to the Information Governance Toolkit in the format , where 11 refers to version 11 for 2013/14 and 130 refers to requirement number Much of the content of this Framework is taken directly from Connecting for Health guidance, to ensure that the Cluster produces the precise documentation required for Information Governance Toolkit auditing and evidence purposes Robust Information Governance requires clear and effective management and accountability structures, governance processes, documented policies and procedures, trained staff and adequate resources. The way that an organisation chooses to deliver against these requirements is referred to within the Information Governance Toolkit as the organisation s Information Governance Management Framework. This Framework must be documented, approved at the most appropriate senior management level in the organisation (e.g. the Governing Body, the Executive Team or a named Executive Director) and reviewed annually The Information Governance Management Framework adopted by a CCG may be described in a standalone document or may be incorporated within an over-arching Information Governance Policy or an Information Governance Strategy. Whilst many elements of Information Governance Management Frameworks will be similar for different organisations and must cover the headings described in the table below, there is no requirement for frameworks to be identical. The Information Governance Management Framework should provide a summary/overview of how an organisation is addressing the Information Governance agenda, and adapted appropriately to the capacity and capability of the organisation concerned The elements of an Information Governance Management Framework, as defined by Connecting for Health, are shown in the table below: INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Heading Requirement Notes Senior Roles Senior Information Risk Owner (SIRO) (11-345) Caldicott Guardian (11-230) IG Lead These roles should be at Governing Body or the most senior leadership team level. The IG lead and the SIRO may be the same individual but the Caldicott Guardian should be distinct from both of the others South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 3 of 19

4 Key Policies Over-arching IG Policy (11-131) Data Protection Act 1998/Confidentiality Policy Organisation Security Policy Information Lifecycle Management Policy Corporate Governance Policy Key Governance Bodies IG Board / Forum / Steering Group Resources Details of key staff roles and dedicated budgets Governance Framework Details of how responsibility and accountability for IG is cascaded through the organisation. ( & ) Training & Guidance Staff Code of Conduct (11-231, & ) Training for all staff (11-134) and advisory rather than accountable. Policies set out scope and intent. The over-arching IG policy should reference the three supporting Confidentiality, Security and Records Management policies and might be where the organisation s intended IG Management Framework is documented. A group, or groups, with appropriate authority should have responsibility for the IG agenda. This might be one or more standalone groups or be part of an Integrated Governance Board or Risk Management group. The key staff involved in the IG agenda below those at Governing Body or most senior levels should be identified with a description of their roles and responsibilities. This may include an IG officer, Data Protection Officer, Information Security Officer, Freedom of Information Manager, Corporate and Clinical Governance Leads or Data Quality Leads. Any dedicated budgets and high level plans for expenditure in-year should also be identified, including outsourcing to external resources or contractors. This should include staff contracts, contracts with third parties, Information Asset Owner arrangements, Departmental Leads on aspects of IG etc. Staff need clear guidelines on expected working practices and on the consequences of failing to follow policies and procedures. The approach to South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 4 of 19

5 Incident Management Organisation Security Policy Training for specialist IG roles Documented procedures and staff awareness (11-341, & ) ensuring that all staff receive training appropriate to their roles should be detailed. Clear guidance on incident management procedures should be documented and staff should be made aware of their existence, where to find them and how to implement them. 2 Definitions & Key Roles Information Governance Management Framework documented approach to the organisation and delivery of clear and effective management and accountability structures, governance processes, documented policies and procedures, trained staff and adequate resources. The following roles should be at Governing Body or the most senior leadership team level: Senior Information Risk Owner (SIRO) A member of the Senior Management Team (SMT) with overall responsibility for the organisation s information risk policy. The SIRO will also lead and implement the Information Governance risk assessment and advise the SMT on the effectiveness of risk management across the organisation. The SIRO s responsibility is formally added to the job description of this individual, using the standard Connecting for Health wording. Details of the staff roles directly supporting the SIRO are shown in Appendix C. (11-345) Information Asset Owners (IAO) - A senior member of staff who is the nominated owner for one or more of the identified information assets of the CCG. The IAO responsibility is formally added to the job description of this individual, using the standard Connecting for Health wording. Information Governance (IG) Lead A senior representative in the organisation who leads and co-ordinates the Information Governance work programme. This may be the same individual as the SIRO. Information Security Lead - A senior representative supporting the organisation who leads and co-ordinates the Information Technology / Security work programme. This individual may report directly to the CCG SIRO. Caldicott Guardian - A member of the Senior Management Team responsible for protecting the confidentiality of patient and service user information and enabling appropriate information sharing. Caldicott Guardians were mandated for NHS organisations by Health Service Circular HSC 1999/012, and later for social care by Local Authority Circular LAC 2002/2. General Practices are required by regulations to have a confidentiality lead. This position may not be the same individual as the SIRO or the IG lead because the Caldicott Guardian s role should be advisory rather than accountable. Details of the staff roles directly supporting the Caldicott Guardian are shown in Appendix D. (11-230) South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 5 of 19

6 Details of senior leadership roles for Information Governance are shown in Appendix B. 3 Key Policies This is of particular relevance to Policies set out scope and intent. The over-arching IG policy should reference the three supporting Confidentiality, Security and Records Management policies. The CCG s Information Governance policies will be reviewed and agree by the IG Forum followed by approval by the Quality Committee. IT Security policies follow the same basic principles as other Information Governance policies, and the writing, review and approval techniques described here apply equally to IT Security policies. The responsibility for writing a particular policy is normally assigned by a senior manager (Manager or Head of Department) or to a named individual having expertise in that area. For Information Governance policies, the Information Governance Manager is typically tasked with writing appropriate policies. As polices require an update, either because they are near the agreed review date or because legislation, national guidance or working practices have changed, the original author will typically make the necessary changes. The CCG s Information Governance policies are listed in Appendix E. 4 Key Governance Bodies The Quality Committee with authority delegated from the CCG Governing Body will be the typical mechanism for directing and approving Information Governance work programmes, receiving reports and approving policies. The IG experts from across the CCG s departments corporate, quality, medicines, business intelligence - meet on a monthly basis to share learning and best practice and to ensure that IG work programmes are on track, particularly the IG Toolkit plans and submissions for each organisation. This is the IG Forum. 5 Resources The key staff involved in the IG agenda are identified with a description of their roles and responsibilities. These staff may either be directly employed by the CCG or their professional services are provided to the CCG via a contract with other NHS organisations, and include Information Governance Manager, Data Protection Officer, Information Security Manager, Freedom of Information Manager, Corporate and Clinical Governance leads or Data Quality leads. Details of key staff roles are described in Appendix B. South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 6 of 19

7 The Information Security Manager of NEW Devon CCG holds the CISM qualification (Certified Information Security Manager), having passed ISACA exams in December 2009, and is contracted to South Devon and Torbay CCG to undertake Information Security work for this CCG. 6 Governance Framework This is of particular relevance to and The CCG s Caldicott Guardian is a member of the Senior Management Team and is supported in this function as described in Appendix D. The contracts of all CCG staff contain specific Confidentiality and Data Protection clauses that describe staff s responsibilities towards any personal data they process [these clauses will also be included in any new CCG positions created]: CONFIDENTIALITY / DATA PROTECTION You must adhere to the CCG's policy, national legislation and common law in relation to confidential and personal information. You must not disclose any information of a confidential or personal nature relating to the employer or in which the employer has a duty of confidence to any third party other than where you are obliged to disclose such information in the proper course of your employment or required by law. A failure to follow any policy in relation to the collection, keeping, processing or destruction of personal data and / or confidential information, and whether deliberate or accidental, whether regarding a patient, another staff member or other third party, will be regarded as potential misconduct, and may result in disciplinary proceedings being brought. Deliberate or negligent misuse of data, whether by unlawful disclosure or otherwise, may be considered gross misconduct, and may result in summary dismissal in the most serious cases. This clause does not interfere with your rights to make a disclosure under the Public Interest Disclosure Act 1998 ("whistle blowing"), which gives legal protection to employees against being dismissed or penalised by their employers as a result of disclosing information which is considered to be in the public interest and which you believe shows malpractice/wrongdoing within the CCG. If you are making a disclosure under the Public Interest Disclosure Act you must ensure that you follow the procedure laid down in the CCG Whistle blowing Policy. 7 Information Governance Toolkit The CCG aims to achieve level 2 for all Information Governance Toolkit requirements. The Information Governance Statement of Compliance (IGSoC) has been signed by the Chief Operating Officer; this commits the CCG to achieving compliance with the terms and conditions of the statement, including meeting a minimum of level 2 for all IG Toolkit requirements, or having an agreed improvement / action plan in place to achieve that level. Documentary evidence to meet the IG Toolkit requirements is compiled by the Information Governance and IT Security Managers, and uploaded onto the IG Toolkit website as appropriate. South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 7 of 19

8 For version 10 of the IG Toolkit, the final submission was made on 19 April Version 11 will apply in 2013/14, and the CCG is expected to have achieved level 2 compliance across all requirements by 30 June A statement on this will be made by the Information Governance Manager to the Quality Committee in June 2013, at which point authorisation for submission from the Quality Committee and SIRO will be sought. The action plan to achieve level 2 across all requirements is contained at Appendix G. 8 Information Governance Training and Guidance This is of particular relevance to , , and All staff receive Information Governance training during their first year of employment with the CCG (ideally within the first few weeks of employment) and annual Mandatory refresher training. This comprises the online IG Training Tool module(s) relevant to each role, supplemented as necessary by classroom training sessions. The Information Governance Manager and IT Security Manager work closely with the Organisation Development team to ensure that all staff are undertaking the prescribed online training modules recommended by Connecting for Health. Further specific staff training on particular aspects of Information Governance can also be delivered during Departmental development days, Team meetings and other staff events. Details of policies will be cascaded to staff through line management and via the CCG s intranet. Copies of approved policies will be published on the CCG s website... The CCG recognises that dissemination via electronic methods is not always the best approach to ensure that all staff understand the policies relevant to their work, and that other cascade and awareness routes are also available as appropriate, including: a. Inclusion in local induction process/paperwork. b. Corporate induction. c. reminders. d. Newsletters. e. Information on policies and procedures provided with letter of appointment. f. Focus increased within Mandatory Training (refresher). g. Further inclusion of responsibilities of staff included within individual contracts. 9 Incident Management This is of particular relevance to , and Guidance has been issued to staff on recording both Clinical and non-clinical Incidents, the latter to include Information Governance incidents such as data loss and breach of confidentiality, and IT Security incidents such as theft of a laptop computer. The CCG s Incident Management Policy describes the process for staff to follow. The CCG will follow the previously-published South West Strategic Health Authority s Managing Serious Untoward Incidents reported by NHS organisations through the Strategic Executive South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 8 of 19

9 Information System (STEIS) -Guidance for lead commissioning Primary Care Trusts. This will in due course be superceded by guidance contained in version 11 of the IG Toolkit. Incidents will be reported via KPIs to the Information Governance Forum and the Quality Committee. 10 Information Sharing The CCG will actively engage with other organisations (for example other health organisations, police, councils and housing trusts) to share patient information where there is a clear need and where this is in line with legislation. This activity will be covered by specific Information Sharing Protocols, which are formally signed off by the Caldicott Guardian. For the sake of clarity, a Protocol describes the principles and purposes of data-sharing, and an Agreement describes the specific data to be shared. The list of Information Sharing Protocols / Agreements to which the CCG is a signatory / partner is shown in Appendix F. 11 Information Security The CCG operates an Information Security Operational Plan, which is an integral part of this Framework. Approval of this Framework includes approval of the Information Security Operational Plan which is attached as Appendix H. South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 9 of 19

10 Appendix A Glossary CCG Clinical Commissioning Group CISM Certified Information Security Manager DPA Data Protection Act 1998 EIR Environmental Information Regulations 2005 FOI Freedom of Information Act 2000 IAO Information Asset Owner IG Information Governance IGMF Information Governance Management Framework ISP Information Sharing Protocol IGSoC Information Governance Statement of Compliance IGT Information Governance Toolkit IS Information Security IT Information Technology NEW Northern, Eastern and Western Devon Clinical Commissioning Group SDHIS South Devon Health Informatics Service SIRO Senior Information Risk Owner SMT Senior Management Team SDT South Devon and Torbay Clinical Commissioning Group STEIS Strategic Executive Information System South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 10 of 19

11 Appendix B CCG staff in key IG roles The following staff are in key Information Governance roles as at 22 nd April Role Caldicott Guardian Senior Information Risk Owner (SIRO) Staff working directly for, or contracted to, South Devon & Torbay CCG Gill Gant, Director of Quality Governance Mark Procter, Director of Corporate Affairs and Medicines Optimisation Information Governance Manager Phil Stimpson, Corporate Affairs Manager Information Security Manager IG Toolkit Administrator Data Protection Officer Freedom of Information Manager Corporate Governance Lead Clinical Governance Lead Data Quality Lead Richard Ward, IT Security Manager, NEW Devon CCG provides service under under SLA to SDT [CISM qualification, December 2009] Phil Stimpson, Corporate Affairs Manager Phil Stimpson, Corporate Affairs Manager Phil Stimpson, Corporate Affairs Manager Mark Procter, Director of Corporate Affairs and Medicines Optimisation Gill Gant, Director of Quality Governance Jo Turl, Assistant Director of Performance & Information, South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 11 of 19

12 Appendix C CCG support arrangements for SIRO The following staff are in key roles in support of the Senior Information Risk Owner (SIRO) as at 22 nd April Role Senior Information Risk Owner (SIRO) Support in SDT CCG and via SLA Details Mark Procter Director of Corporate Affairs and Medicines Optimisation Member of Senior Management Team Formally appointed into role June 2012 Information Governance Manager Phil Stimpson NEW Devon CCG Information Security Manager Richard Ward Information Asset Owners in SDT CCG Mark Procter iknow intranet Phil Stimpson Shared drive (hosted by SDHIS) This list will be completed during South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 12 of 19

13 Appendix D CCG support arrangements for Caldicott Guardian The following staff hold in key roles in support of the Caldicott Guardian as at 22 nd April Role Caldicott Guardian Support in SDT CCG and via SLA Details Gill Gant Director of Quality Governance Member of Senior Management Team Formally appointed into role June 2012 Information Governance Manager Phil Stimpson NEW Devon CCG Information Security Manager Richard Ward The Caldicott Guardian is the nominated CCG signatory to all Information Sharing Protocols with other organisations. [Appendix E] The Information Governance Manager and the IT Security Manager react to all reported information security and confidentiality issues, which are recorded as appropriate. All urgent and serious incidents are discussed in detail with the Caldicott Guardian and SIRO immediately and all agreed actions are followed through to closure. A summary report is presented regularly to the Caldicott Guardian and SIRO, and then to the Quality Committee. South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 13 of 19

14 Appendix E CCG Information Governance policies The CCG will write strategies, policies and guidance to cover all aspects of Information Governance and Information Security as required by the IG Toolkit and any other relevant legislation and national guidance. These will be supplemented as a result of new developments in legal or NHS requirements or in response to identified risks or incidents within the CCG. Policies will typically be written by the Information Governance and IT Security Managers, circulated to the IG Forum for comment and agreement, and then formally approved by the quality Committee. Approved policies will be published on the CCG s Intranet and Internet sites. Policies will be re-assessed, amended and approved at least every 3 years; policies will be rewritten and re-approved sooner where there have been significant changes in organisational arrangements, or the underlying legislation or NHS guidance has changed. The exception to this will be the IT policies where the CCG will adopt the policies currently used by the South Devon Health Informatics Service (SDHIS), and these will be published on the intranet site only. South Devon and Torbay CCG Policies Name Version Approved Information Governance Management Framework 1.3 Information Governance Policy 1.0 Information Lifecycle Management Policy (including Information Quality Strategy and Records Management Strategy) 1.0 Confidentiality and Data Protection Policy 1.1 Corporate Governance Policy (including Freedom of Information) 1.1 Information Security Policy 1.1 Business Continuity Strategy 1.2 Incident Management Policy 1.2 System Level Security Policies (for each system) 1.0 South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 14 of 19

15 Appendix F CCG Information Sharing Protocols The CCG is not currently a signatory to any Information Sharing Protocols, as at 22 nd April However, there are a number of existing agreements (listed below) that were signed by NHS Devon and/or Torbay Care Trust, which the CCG will continue to work with in the spirit of cooperation within the health and social care environment where there is a clear benefit to the patient. As part of the normal review cycle, these agreements will be amended to reflect the position of the CCG, and signed by the CCG Caldicott Guardian. These agreements are typically reviewed every 2 years or sooner if the underlying legislation or working practices change. Signed copies of the agreements are held by the Corporate Affairs Manager. The list of protocols / agreements signed by the CCG will be added to the next version of this Framework. Information Sharing Protocols / Agreements signed by NHS Devon / Torbay Care Trust Name Version Approved Overarching Health and Social Care Organisations in Devon 1.7 Jan 2008 Youth Offending Team 1.8 Jul 2007 Multi-Agency Public Protection Arrangements (MAPPA) 2.0 Oct 2006 Domestic Violence 1.2 Nov 2009 Crime and Disorder 2.0 Nov 2007 Childrens Trust 1.0 Jul 2010 Devon Locality Intelligence Network for Controlled Drugs 0.3 Mar 2008 Single Assessment Process (SAP) 1.2 Feb 2009 Deprivation of Liberty Safeguards (DLS) 0.4 Jun 2010 Local Resilience Forum 1.0 Dec 2009 Hearing Direct (NHS Direct East Midlands) 2.0 Jan 2008 NHS Continuing Healthcare 2.2 Feb 2009 Integrated Offender Management 1.31 Sep 2011 Health and Social Care Secondary Uses 1.5 Jan 2012 South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 15 of 19

16 Information Security Operational Plan 2013/14 Appendix H - Information Security Operational Plan South Devon & Torbay Clinical Commissioning Group Introduction Information security is concerned with protecting information and information systems from unauthorised access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. The goal is to protect the confidentiality, integrity and availability of information; whatever its format i.e. electronic or paper. Background South Devon and Torbay CCG (SD&T CCG) came into being on the 1 st April IT Services and support for the CCG are provided by the South Devon Hospitals Information Service (SDHIS). The Information Security function is contracted from Northern, Eastern and Western Devon CCG (NEW Devon CCG. Connecting for Health (CfH) have produced an IG Toolkit specific to CCGs which has 29 Requirements, 13 of which assess Information Security. Scope The remit of Information Security within the NHS is wide and includes: Working towards achieving ISO (Information Security Management) compliance. Achieving a satisfactory score in the annual IG Toolkit self assessment Implementing the CfH Information Risk Management Good Practice Guide In practice both progress with ISO and the IG Toolkit work is assessed through the completion of the IG Toolkit. The IG Toolkit is an annual self assessment tool that examines various aspects of Information Governance including a section on Information Security of the 29 IG Toolkit requirements 13 are concerned with Information Security. The implementation of CfH Information Risk Management guidance is a national NHS requirement and specific activity and CfH have published a Good Practice Guide A second area covered in the IG Toolkit 300 series of requirements is the implementation of the CfH Information Risk Management Good Practice Guide; this has been adopted by the CCG as the basis for its Information Risk Management Policy. Richard Ward Page 16 of 19 19/4/2013

17 Information Security Operational Plan 2013/14 Resources The contracted Information Security service from NEW Devon equates to a qualified Information Security Manager and support for approximately one day a week. Caldicott Guardian Gill Gant Senior Information Risk Owner (SIRO) Mark Procter SD&T CCG IG Team Information Security Manager Richard Ward SDHIS (IT Provider) Aim The 2013/14 Information Security Operational Plan aims to deliver: implementation of the DoH Information Risk Management Policy GPG achieve a minimum of level of 2 for each of the IT related IG Toolkit requirements i.e. the 300 series of requirements for each of the South Devon and Torbay CCG; or where a level 2 cannot be demonstrated ensure that a plan to achieve level two is developed. Note: Where a level 2 cannot be achieved without it; then a plan to achieve this level must be put in place this will allow level 2 to be claimed. Appendix 1 shows the individual work streams and their associated tasks, it is likely that additional tasks will be identified as the year progresses Conclusion There are a number of uncertainties that may have an impact on Information Security activities, including the development of the individual CCGs; these may result in significant changes to this Operational Plan. Richard Ward Page 17 of 19 19/4/2013

18 Information Security Operational Plan 2013/14 Not all the tasks in Appendix 1 will be completed within the 2013/14 year as some are of a continuous nature and the priority of others may change. However, any outstanding tasks will have been subjected to a review and be either carried forward to the next years plan or removed in total. There are a number of significant risks to achieving this plan and these will be identified on, and dealt with through, the IS and IT Risk Management processes. Richard Ward Page 18 of 19 19/4/2013

19 Information Security Operational Plan 2013/14 Work stream Detail Start date End date Information Risk Management Maintain Policies Assist the CCG implement the CfH Information Risk Management Good Practice Guide IT Policies to be reviewed by review dates and approved by the SIRO. April 2013 April /3/2014 Create reports The reports to be produced will be in line with the CCG Management team requirements Bi-Monthly Continuous Mobile devices Monitor and investigate CfH monthly encryption reports Monthly Continuous IG Toolkit (South Devon and Torbay CCG) Put in place processes to capture the required evidence. Present the evidence (document) Complete the IG Toolkit submission A continuous process but effort being concentrated in Q4 each year. 31/3/2014 System level security Policy (SLSPs) User Audits Business Impact assessment (BIA) Identify systems and assist Information Asset Owners (IAO) develop SLSPs Assist IAOs carry out User Audits and other associated tasks The corporate Business Continuity Management project includes IT Disaster Recovery plans, the first requirement of these is that a BIA is carried out. It is intended to complete these in conjunction with SLSPs June /3/2014 June /3/2014 June /3/2014 Monitor IT Provider SLAs Assist AD IT to set up KPI reporting. Monitor the resulting reporting for Performance and IG Toolkit evidence April 2013 Continuous IG Forum (SHA) IG Forum (local) SIRO updates Attend and participate in monthly updates April 2013 Continuous Information Security Incident management Investigate and report IS incidents to inform the IG Manager, SIRO, Caldicott Guardian, and Operational management. April 2013 Ad Hoc Richard Ward Page 19 of 19 19/4/2013

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE

CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE Document Title: Contracts

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

Information Management Policy CCG Policy Reference: IG 2 v4.1

Information Management Policy CCG Policy Reference: IG 2 v4.1 Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

Trust Informatics Policy. Information Governance. Information Governance Policy

Trust Informatics Policy. Information Governance. Information Governance Policy Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference

More information

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

A Question of Balance

A Question of Balance A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

Policy: D9 Data Quality Policy

Policy: D9 Data Quality Policy Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of

More information

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff. Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best

More information

Information Governance Framework

Information Governance Framework Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation

More information

Information Governance Framework and Strategy. November 2014

Information Governance Framework and Strategy. November 2014 November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date

More information

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

INFORMATION GOVERNANCE

INFORMATION GOVERNANCE This document is uncontrolled once printed. Please refer to the Trusts Intranet site (Procedural Documents) for the most up to date version INFORMATION GOVERNANCE NGH-PO-233 Ratified By: Procedural Document

More information

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval

More information

Information Governance Policy

Information Governance Policy BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:

More information

Policy Information Management

Policy Information Management Policy Information Management Document Title: Policy Information Management Issue date: October 2013 Document Status: Approved IGC 23 Oct 2013 Review date: October 2014 Page 1 of 17 Document control Document

More information

Safe Haven Policy. Equality & Diversity Statement:

Safe Haven Policy. Equality & Diversity Statement: Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

INFORMATION RISK MANAGEMENT POLICY

INFORMATION RISK MANAGEMENT POLICY INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

Information Governance Strategy. Version No 2.1

Information Governance Strategy. Version No 2.1 Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of

More information

Internet and Social Media Policy

Internet and Social Media Policy Internet and Social Media Policy Page 1 of 19 Review and Amendment Log / Control Sheet Responsible Officer: Chief Officer Clinical Lead: Author: Date Approved: Committee: Version: Review Date: Medical

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

N3 Protecting the Network through Information Governance and Assurance

N3 Protecting the Network through Information Governance and Assurance N3 Protecting the Network through Information Governance and Assurance NHS CFH Operational Security Team cfh.ost@nhs.net Introductions The NHS CFH Operational Security Team: Tony Hodgson Operational Security

More information

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts

Type of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified By Central Alerting System (CAS) Policy NTW(O)17 Medical Director Tony Gray Head of Safety and Patient Experience

More information

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE. Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5

More information

Information Governance and Data Protection Policy

Information Governance and Data Protection Policy Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

Policy Checklist. Head of Information Governance

Policy Checklist. Head of Information Governance Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust

More information

MANAGEMENT OF POLICIES, PROCEDURES AND OTHER WRITTEN CONTROL DOCUMENTS

MANAGEMENT OF POLICIES, PROCEDURES AND OTHER WRITTEN CONTROL DOCUMENTS MANAGEMENT OF POLICIES, PROCEDURES AND OTHER WRITTEN CONTROL DOCUMENTS Document Reference No: Version No: 6 PtHB / CP 012 Issue Date: April 2015 Review Date: January 2018 Expiry Date: April 2018 Author:

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal

More information

Information Security Policy. Version 2.0

Information Security Policy. Version 2.0 1 Intranet and Website Upload: Intranet Website Keywords: Electronic Document Library CCGs G Drive Location: Location in FOI Publication Scheme Information, Security, Information Governance, IG, Data Protection.

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

Equality and Diversity Policy. Deputy Director of HR Version Number: V.2.00 Date: 27/01/11

Equality and Diversity Policy. Deputy Director of HR Version Number: V.2.00 Date: 27/01/11 Equality and Diversity Policy Author: Deputy Director of HR Version Number: V.2.00 Date: 27/01/11 Approval and Authorisation Completion of the following signature blocks signifies the review and approval

More information

IT SECURITY POLICY (ISMS 01)

IT SECURITY POLICY (ISMS 01) IT SECURITY POLICY (ISMS 01) NWAS IM&T Security Policy Page: Page 1 of 14 Date of Approval: 12.01.2015 Status: Final Date of Review Recommended by Approved by Information Governance Management Group Trust

More information

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director

More information

SHEFFIELD TEACHING HOSPITALS NHS FOUNDATION TRUST EXECUTIVE SUMMARY REPORT TO THE BOARD OF DIRECTORS MEETING HELD ON 16 MAY 2012

SHEFFIELD TEACHING HOSPITALS NHS FOUNDATION TRUST EXECUTIVE SUMMARY REPORT TO THE BOARD OF DIRECTORS MEETING HELD ON 16 MAY 2012 B SHEFFIELD TEACHING HOSPITALS NHS FOUNDATION TRUST EXECUTIVE SUMMARY REPORT TO THE BOARD OF DIRECTORS MEETING HELD ON 16 MAY 2012 Subject Supporting TEG Member Lead Author Status 1 Healthcare Governance

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

Information Security and Governance Policy

Information Security and Governance Policy Information Security and Governance Policy Version: 1.0 Ratified by: Information Governance Group Date ratified: 19 th October 2012 Name of organisation / author: Derek Wilkinson Name of responsible Information

More information

Information Governance Framework

Information Governance Framework Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain its essential business functions during

More information

INFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY Appendix 1 INFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY Author Information Governance Review Group Information Governance Committee Review Date May 2014 Last Update February 2013 Document No. GV

More information

Lancashire County Council Information Governance Framework

Lancashire County Council Information Governance Framework Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice

More information

Information Governance Standards in Relation to Third Party Suppliers and Contractors

Information Governance Standards in Relation to Third Party Suppliers and Contractors Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging

More information

Information Governance Training Plan v13

Information Governance Training Plan v13 Information Governance Training Plan To meet requirements of IGT v13 Lincolnshire East Clinical Commissioning Group Page 1 of 17 Contents Introduction Page 3 Training Provision Page 4 Staff Induction Awareness

More information

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1

Policies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1 Policies for: Information Governance Information Quality Information Management Information Security Approved by: None this version Date approved: Name of originator/author: Ade Oduntan, Mike Hellier,

More information

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head

More information

Data Quality Policy. March 2015 POLICY DEVELOPMENT PROCESS. Data Quality Policy Page 1

Data Quality Policy. March 2015 POLICY DEVELOPMENT PROCESS. Data Quality Policy Page 1 Data Quality Policy March 2015 Author: Lynda Harris, Head of Information Governance LyndaHarris2@nhs.net Responsibility: All Staff Effective Date: March 2015 Review Date: March 2017 Reviewing/Endorsing

More information

Information Incident Management and Reporting Procedures

Information Incident Management and Reporting Procedures ` Information Incident Management and Reporting Procedures Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy may

More information

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014 CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY December 2014 DOCUMENT INFORMATION Author: Barbara Sansom Information Governance Manager Equality Impact Assessment Consultation & Approval

More information

Gloucestershire Hospitals

Gloucestershire Hospitals Gloucestershire Hospitals NHS Foundation Trust TRUST POLICY In the case of hard copies of this policy the content can only be assured to be accurate on the date of issue marked on the document. The Policy

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 3.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality Assurance Group Ratification date: March 2015 Review date: March 2016

More information