USE OF PERSONAL MOBILE DEVICES POLICY

Size: px
Start display at page:

Download "USE OF PERSONAL MOBILE DEVICES POLICY"

Transcription

1 Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author /08/ /08/2016 Executive Director Finance Procedure/Policy number: Procedure/Policy type: Chief Information Security & Governance Officer Chief Information Security & Governance Officer IM0037_v1 Information Security & Governance Date of Equality & Diversity Impact Assessment: Low Policy Title: Use Of Personal Mobile Devices Policy Page 1 of 13

2 I. Document Information and Amendment Record Document Number: IM0037.V1 Document Title: Executive Lead: Use Of Personal Mobile Devices Policy Executive Director of Finance Date Amendment Details Responsibility Amendment No Policy Title: Use Of Personal Mobile Devices Policy Page 2 of 13

3 Table Of Contents I. Document Information and Amendment Record Introduction Equality, Diversity and Human Rights Statement Purpose Aim Scope Policy Statement Relevant Policies and Guidance Definitions Responsibilities Acceptable Use Unacceptable Use Access to Trust Data User Acceptance Device Authorisation Permitted Devices Device Security Losses and Breaches of Confidentiality / Security Device Monitoring and Auditing Policy Review, Audit & Monitoring Appendices Policy Title: Use Of Personal Mobile Devices Policy Page 3 of 13

4 1 Introduction 1.1 South Tyneside NHS Foundation Trust, herein after referred to as the Trust, is highly reliant on information that is captured, stored, processed and delivered by computers and their associated communication facilities. 1.2 This policy addresses the security and confidentiality of Trust data that will be accessed using mobile devices that are the property of staff members. 1.3 Such information plays a vital role in supporting business processes and customer services, in contributing to operational and strategic business decisions and in conforming to legal and statutory requirements. 1.4 Accordingly the information and the enabling technologies are important assets that will be protected to the level commensurate with their value to the organisation. Special care will be taken to ensure that Person Identifiable and business/corporate confidential information is not compromised. 1.5 Nothing in this policy affects the Trusts ownership of corporate information, including all work-related intellectual property created in the course of business using a personally owned device. 1.6 The Trust will continue to provide organisation owned and managed devices as necessary for work purposes. There is no compulsion for anyone to use a personally owned device for work purposes. 1.7 Throughout this document, sentences that contain the verb MUST indicate that the requirement is mandatory. Sentences that contain the verb SHOULD indicate that the requirement may be adapted for local need. 2 Equality, Diversity and Human Rights Statement 2.1 The Trust is committed to promoting human rights and providing equality of opportunity not only in our employment practices but also in the way we provide services. The Trust also values and respects the diversity of our employees and the communities we serve. In applying this policy, the Trust will have due regard for the need to: Promote human rights Eliminate unlawful discrimination Promote equality of opportunity Provide for good relations between people of diverse groups Consider providing more favourable treatment for people with disabilities This policy aims to be accessible to everyone regardless of age, disability (physical, mental health or learning disability), gender (including transgender) race, sexual orientation, religion or belief or any other factor which may result in unfair treatment or inequalities in health or employment. Policy Title: Use Of Personal Mobile Devices Policy Page 4 of 13

5 3 Purpose 4 Aim 5 Scope 3.1 The purpose of this policy document is to ensure that all staff are aware of their individual responsibilities in relation to the security and confidentiality of Trust data that may be accessed using devices that they own. 3.2 To establish the rules in relation to the use of personally owned mobile devices when using them to access Trust networks, systems and data. 4.1 To ensure that the Trust meets its legal and NHS obligations in relation to the protection of person identifiable information and Trust confidential information. 5.1 This policy applies to the use of devices that are owned by staff and used to access Trust systems and data. 5.2 This Policy applies to all parties authorised by the Trust together with their staff (including temporary workers, locums and staff seconded or contracted from other organisations who may use personal devices to access Trust systems and data). 5.3 Any breach of or refusal to comply with this policy is a disciplinary offence which may lead to disciplinary action in accordance with the Trust Disciplinary Policy, or other appropriate action. 6 Policy Statement 6.1 It is the policy of the Trust to ensure that Trust information: Is protected against unauthorised access. Confidentiality of information is maintained and assured. Integrity of information is maintained. Regulatory requirements and legislation are complied with. Information technology systems are used in a manner that prevents the release of information (by accident or deliberate/criminal act), ensures their safe use and avoids damage to the specific system or any other system to which it is connected. Information that can be used to identify a person including confidential information about that person, business information and confidential business information is restricted to authorised users only and that such information remains legally admissible. All breaches of information security, actual or suspected, will be reported to and investigated by appropriately trained individuals within the Trust, and notified to the Trust Chief Information Security & Governance Officer. Policy Title: Use Of Personal Mobile Devices Policy Page 5 of 13

6 6.2 The lawful and correct treatment of personal information is very important to the successful delivery of health care services and to maintaining confidence in the organisation as a whole. To this end all staff will adhere to the Principles of the Data Protection Act 1998 Caldicott Recommendations, NHS guidelines, Human Rights act and all other relevant legislation, this policy document and any relevant professional codes of practice. 6.3 The Data Protection Act Principles state that personal information: MUST be processed and used fair and lawfully. MUST not be further used in any manner incompatible with the purpose for which it has been obtained. MUST be adequate, relevant and not excessive in relation to the purpose or purposes for which they are used. MUST be accurate. MUST not be kept for longer than is necessary. MUST be used in accordance with the rights of the individual. MUST be protected against unauthorised disclosure and destruction. MUST not be transferred to a country or territory outside the European Economic Area with inadequate levels of protection for the rights and freedoms of the person in relation to their information. 6.4 The Caldicott 2 report outlines seven principals that should be applied to the handling of patient identifiable information: Principle 1 Justify the purpose(s) for using confidential information. Principle 2 Only use it when absolutely necessary. Principle 3 Use the minimum that is required. Principle 4 Access should be on a strict need-to-know basis. Principle 5 Everyone will understand his or her responsibilities. Principle 6 Understand and comply with the law. Principle 7 The duty to share information can be as important as the duty to protect patient confidentiality. In addition it recommends that the NHS number should be substituted for patient identifiable data wherever possible and that where patient data is transferred it should be reduced to the minimum required for the purpose. Policy Title: Use Of Personal Mobile Devices Policy Page 6 of 13

7 6.5 NHS Guidelines Information Security Management NHS Code of Practice (gateway ref 7974), Records Management Parts 1 & 2 NHS Code of Practice (gateway ref / /2) Confidentiality NHS Code of Practice (gateway ref 1656) In addition care will be taken, particularly with confidential clinical information, to ensure that the means of transferring it from one location to another are as secure as they can be. Safe Havens will be used wherever possible. 7 Relevant Policies and Guidance 7.1 Individuals who use personal devices to access Trust systems and data MUST comply with current legislation and NHS policies regarding the use and retention of Person Identifiable Information. 7.2 Policies and guidance that are relevant to this policy include, but are not limited to: 8 Definitions Data Protection Policy (IM0030) Records Management Policies (IM0006, IM0007,IM0021) Internet Acceptable Use Policy (IM0029) Acceptable Use Policy (IM0009) Social Media Acceptable Use Policy (IM0033) NHS Records Management Code of Practice NHS Confidentiality Code of Practice NHS Information Security Code of Practice NHS Information Governance Toolkit 8.1 Throughout this policy the term 'Personal device ' is defined as, an electronic mobile device that is not owned or issued by South Tyneside NHS Foundation Trust. 8.2 Throughout this policy the term 'device is used to cover the following mobile devices: Tablet computers (Such as ipads, and Android devices etc) Smart phones (Such as iphones, Windows Mobile or Android Phones) 8.3 Throughout this policy the term Mobile Device Management (MDM) is used to cover the software applications that the Trust has in place to manage the connection of mobile devices to its networks and their access to Trust systems and data. Policy Title: Use Of Personal Mobile Devices Policy Page 7 of 13

8 8.4 Throughout this policy the terms Person Identifiable Information or Person Identifiable Data are defined as; data from which a living individual may be identified. 9 Responsibilities 9.1 This document comprises the Use of Personal Mobile Devices Policy, as supplied by the South Tyneside NHS Foundation Trust 9.2 Overall responsibility for the enforcement of this policy lies with the Chief Executive, or any individual identified by them as having responsibility in this area. Enforcement of policy has been delegated to the Chief Information Security & Governance Officer. 9.3 It is the responsibility of the delegated individual to implement the policy within the Trust. 9.4 It is the responsibility of Heads of Service and departmental Managers to ensure that the policy is implemented within their areas. 9.5 Authorised employees of the Trust are responsible for the implementation of this policy in relation to the use of devices owned by them and used to access Trust networks or systems. 9.6 All Staff are responsible for demonstrating that they have completed, and passed, annual Information Governance training. 9.7 Managers are responsible for ensuring that staff have undertaken the required information governance training and have also received appropriate training in accessing Trust systems and data using personal devices. 9.8 The Trust Information Services department is responsible for managing the security of corporate data and configuring and securing authorised personal devices using the Mobile Device Management software. 10 Acceptable Use 10.1 The following is a list of acceptable 'business only' uses for personal mobile devices: 11 Unacceptable Use Access to business Access to business calendars Transport, viewing and editing of meeting papers Access to the Trust Intranet 11.1 The following is a list of unacceptable uses of personal mobile devices, it is not comprehensive: Use of the device for business purposes outside of those identified at 10.1 above are prohibited. Storing Trust data on the devices internal or removable storage. Storage of contact details for patients within the native personal address book of the device. Policy Title: Use Of Personal Mobile Devices Policy Page 8 of 13

9 12 Access to Trust Data Use of the device s camera or other recording functionality for business purposes or to capture business information 12.1 Trust data / information / systems may only be accessed, stored, created or communicated on personally owned devices through use of the Trusts chosen Mobile Device Management or Collaboration solutions This may be downloaded to any application enabled device, identified within Appendix C, however access to Trust information will only be enabled following appropriate line manager authorisation and approval Once the user has been appropriately authorised they will be issued with a unique PIN and instructions on how to enable the application to connect to the Trust systems Users must comply with all relevant Trust policies when accessing Trust data and systems using a personally owned device. 13 User Acceptance 13.1 Staff wishing to use personally owned devices to connect to Trust networks and systems MUST agree to the following: The device MUST be registered in the Trusts mobile device management (MDM ) software. This will be completed automatically once the user device connects to the Trust systems. Where requested, MUST allow IT staff to audit their mobile device to ensure compliance with policy. This may entail accessing personal data. MUST allow the Trust to remotely wipe Trust data from the device should it be lost. This will not impact on a user s personal information stored on the device. MUST accept full liability for any data breach should they fail to comply with the terms of this policy. The Trust will not reimburse any costs associated or incurred by the users through the use of the device for business purposes. The Trust will not be held liable for any loss of personal data the user may incur, either through the installation of the application on their device or as a result of actions taken by the Trust to ensure the security of Trust data, such as wiping, should the users device be lost Staff MUST sign the acceptance agreement at Appendix A (Part 1) Policy Title: Use Of Personal Mobile Devices Policy Page 9 of 13

10 14 Device Authorisation 14.1 Staff wishing to use their own devices for business purposes MUST complete the Use of Personal Mobile Device Request form at Appendix A The use of personal devices MUST be specifically authorised by the users Line Manager / Head Of Service / Trust Director at Appendix A (Part 2) 14.3 Connection of any personally owned devices must also be authorised for connection to Trust networks and systems by the Head of Information Systems / IT Manager or an individual delegated by them to provide such authorisation. 15 Permitted Devices 15.1 Only devices that have been specifically authorised by IT will be allowed to connect to Trust systems The mobile device MUST have an operating system of ios 6 or above / Android 4.3 or above / Windows Phone 8 or above. No other devices will be permitted to connect to Trust Systems / Access Trust data Devices that have had their operating systems modified (i.e. Jailbroken or Rooted) MUST NOT be connected to Trust networks. The Trust Device Management Software will prevent the connection of such devices Where it is identified that a user has connected / attempted to connect a device that has had its operating system modified, their access will be terminated and Trust information will be wiped from the device. The user will also be barred from future use of personally owned devices for business purposes. 16 Device Security 16.1 The mobile device MUST be protected with a PIN that is known only to the user of that device. The Trust MDM software will force the use of a passcode if not present The mobile device MUST NOT be used or accessed by any other individual when connected to Trust systems Anti-virus software MUST be properly installed and running on the device. 17 Losses and Breaches of Confidentiality / Security 17.1 The following incidents MUST be reported to the IT department immediately by the owner of the device: The device is lost The device is stolen The device is taken without the owner s permission The device become infected with a virus or other mal ware Policy Title: Use Of Personal Mobile Devices Policy Page 10 of 13

11 The PIN or any password security for the device is compromised The device owner has any reason to believe that confidentiality of data held on the device has been compromised in any way 17.2 Should the staff member lose their device or have it stolen, its loss MUST be reported to the IT Helpdesk immediately and the incident recorded within the Trust Datix reporting system Losses that occur outside of normal business hours MUST be reported to the On Call IT Support Technician and an incident recorded within the Trust Datix reporting system as soon as possible Any device reported as lost will, where possible, be immediately wiped of Trust data by the IT department Any actual or potential breach of confidentiality or the security of the device MUST be reported to the Trust Information Governance Team Where a user specifically requests it, IT will, where possible, wipe the device of all data. This will be completed at the users risk and with no residual liability on the Trust 18 Device Monitoring and Auditing 18.1 The Trust MDM software will hold details of all devices permitted to access the Trust networks and systems The MDM software will hold a record of all applications that are stored on such devices Should an application that is deemed to be a threat to the Trust networks or systems be installed on a device, the device will be blocked from accessing the network by the system Staff personal devices will not be routinely monitored or audited by members of the IT or IG Teams, however where requested, staff MUST permit IT / IG staff to examine the device Where a staff member refuses to allow reasonable access to their device, the device will be wiped (to ensure no Trust data remains on the device) and it will be De-authorised. 19 Policy Review, Audit & Monitoring 19.1 The policy will be reviewed twenty four (24) months from its date of final approval and dissemination within the Trust The policy will be audited at the time of review to determine effectiveness. 20 Appendices A. Use of Personal Mobile Device Request Form. B. Policy Signature Sheet Policy Title: Use Of Personal Mobile Devices Policy Page 11 of 13

12 Appendix A. South Tyneside NHS Foundation Trust Authorisation to Use a Personal Device for Trust Business Part 1 (All items to be completed by the person who will be using the Device) Job Title Location / Base Telephone No / Extension Network Login (Username) Surname Forename Trust address I agree that I have read and understood the Trust policy for using personal mobile devices for business purposes and agree to abide by the terms of the policy. I understand that I will be held liable for any breach of confidentiality caused by my failure to follow the terms of the Use Of Personal Mobile Devices Policy. I understand that failure to comply with the requirements of the policy will result in my authorisation to use my device for business purposes being revoked and if authorisation is revoked the device will be remotely wiped by the IT department. Signed: Date: Part 2 (All items to be completed by Head of Service / Executive Director) Job Title Location / Base Telephone No / Extension Network Login (username ) Surname Forename Trust address I approve the use of a personally owned device by the individual who has been named in part 1 of this document. I confirm that the use of a device not owned or issued by the Trust is necessary for business purposes. Signed: Date: Policy Title: Use Of Personal Mobile Devices Policy Page 12 of 13

13 Appendix B. Use Of Personal Mobile Devices Policy This sheet should be used to record the names of staff members who have read and understood the above policy document. Name (please print) Job Title Date Signature Policy Title: Use Of Personal Mobile Devices Policy Page 13 of 13

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

Bring Your Own Device (BYOD) Policy

Bring Your Own Device (BYOD) Policy Bring Your Own Device (BYOD) Policy Document History Document Reference: Document Purpose: Date Approved: Approving Committee: To set out the technical capabilities of the chosen security solution Airwatch

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Policy. Social Media Acceptable Use Policy. Executive Lead. Review Date. Low

Policy. Social Media Acceptable Use Policy. Executive Lead. Review Date. Low Policy Social Media Acceptable Use Policy Date approved by - ISG Version Issue Date Review Date Executive Lead 11/6/2013 1.0 11/6/2013 11/6/2015 Mike Robson Executive Director Finance Procedure/Policy

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014 CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY December 2014 DOCUMENT INFORMATION Author: Barbara Sansom Information Governance Manager Equality Impact Assessment Consultation & Approval

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

IS INFORMATION SECURITY POLICY

IS INFORMATION SECURITY POLICY IS INFORMATION SECURITY POLICY Version: Version 1.0 Ratified by: Trust Executive Committee Approved by responsible committee(s) IS Business Continuity and Security Group Name/title of originator/policy

More information

Policy: Remote Working and Mobile Devices Policy

Policy: Remote Working and Mobile Devices Policy Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

Remote Working and Portable Devices Policy

Remote Working and Portable Devices Policy Remote Working and Portable Devices Policy Policy ID IG04 Version: V1 Date ratified by Governing Body 29/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

BYOD Policy for [AGENCY]

BYOD Policy for [AGENCY] BYOD Policy for [AGENCY] This document provides policies, standards, and rules of behavior for the use of smartphones, tablets and/or other devices ( Device ) owned by [AGENCY] employees personally (herein

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

Information Governance Officer 01427 676652 Steve.anderson@west-lindsey.gov.uk

Information Governance Officer 01427 676652 Steve.anderson@west-lindsey.gov.uk B CPR.32 15/16 Corporate Policy and Resources Committee Date: 10 November 2015 Subject: Bring Your Own Device Policy Report by: Director of Resources Contact Officer: Purpose / Summary: Steve Anderson

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

Information governance guidance for schools

Information governance guidance for schools Information governance guidance for schools Guidance Guidance document no: 186/2015 Date of issue: September 2015 Information governance guidance for schools Audience All staff, governors and learners

More information

Network Security Policy

Network Security Policy Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Internet Use Policy and Code of Conduct

Internet Use Policy and Code of Conduct Internet Use Policy and Code of Conduct UNIQUE REF NUMBER: AC/IG/023/V1.1 DOCUMENT STATUS: Agreed by Audit Committee 18 July 2013 DATE ISSUED: July 2013 DATE TO BE REVIEWED: July 2014 1 P age AMENDMENT

More information

EXECUTIVE DECISION NOTICE. ICT, Communications and Media. Councillor John Taylor. Deputy Executive Leader

EXECUTIVE DECISION NOTICE. ICT, Communications and Media. Councillor John Taylor. Deputy Executive Leader EXECUTIVE DECISION NOTICE SERVICE AREA: SUBJECT MATTER: DECISION: DECISION TAKER(S): DESIGNATION OF DECISION TAKER(S): GOVERNANCE ICT, Communications and Media PERSONAL DEVICE POLICY That the Personal

More information

Cellular/Smart Phone Use Procedure

Cellular/Smart Phone Use Procedure Number 1. Purpose This procedure is performed as a means of ensuring the safe and efficient use of cell/smart phones throughout West Coast District Health Board (WCDHB) facilities. 2. Application This

More information

Mobile Security Standard

Mobile Security Standard Mobile Security Standard Title Mobile Security Standard Mobile Device Security Category Version: 18/07/2013 PUBLISHED Author:, IT Services Contact: itsecurity@contacts.bham.ac.uk Mobile Security Standard

More information

NETWORK SECURITY POLICY

NETWORK SECURITY POLICY NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

Remote Access Policy

Remote Access Policy BASINGSTOKE AND NORTH HAMPSHIRE NHS FOUNDATION TRUST Remote Access Policy Summary This is a new document which sets out the policy for remote access to the Trust s network and systems. Remote access is

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY

MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Conditions of Use. Communications and IT Facilities

Conditions of Use. Communications and IT Facilities Conditions of Use of Communications and IT Facilities For the purposes of these conditions of use, the IT Facilities are [any of the University s IT facilities, including email, the internet and other

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

Little Marlow Parish Council Registration Number for ICO Z3112320

Little Marlow Parish Council Registration Number for ICO Z3112320 Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review

More information

The Thomas Hardye School Bring Your Own Device to School (BYOD) Policy for Students

The Thomas Hardye School Bring Your Own Device to School (BYOD) Policy for Students The Thomas Hardye School Bring Your Own Device to School (BYOD) Policy for Students Adopted by Personnel & Resources Committee 1 st September 2014 Review date: 31 st August 2015 Signed by Chair:. CONTENTS

More information

Terms and Conditions of Use - Connectivity to MAGNET

Terms and Conditions of Use - Connectivity to MAGNET I, as the Client, declare to have read and accepted the terms and conditions set out below for the use of the network connectivity to the Malta Government Network (MAGNET) provided by the Malta Information

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed

More information

Information Management Policy CCG Policy Reference: IG 2 v4.1

Information Management Policy CCG Policy Reference: IG 2 v4.1 Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control

More information

MOBILE COMPUTING & REMOTE WORKING POLICY AND PROCEDURE. Documentation Control. Consultation undertaken Information Governance Committee

MOBILE COMPUTING & REMOTE WORKING POLICY AND PROCEDURE. Documentation Control. Consultation undertaken Information Governance Committee MOBILE COMPUTING & REMOTE WORKING POLICY AND PROCEDURE Documentation Control Reference GG/INF/020 Date Approved 13 Approving Body Directors Group Implementation date 13 Supersedes Not Applicable Consultation

More information

Safe Haven Policy. Equality & Diversity Statement:

Safe Haven Policy. Equality & Diversity Statement: Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

Informatics Policy. Information Governance. Network Account and Password Management Policy

Informatics Policy. Information Governance. Network Account and Password Management Policy Informatics Policy Information Governance Policy Ref: 3589 Document Title Author/Contact Document Reference 3589 Document Control Network Account Management and Password Policy Pauline Nordoff-Tate, Information

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

This Policy supersedes the following Policy, which must now be destroyed :

This Policy supersedes the following Policy, which must now be destroyed : Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Removable Media: Data Encryption Policy NTW(O)30 Lisa Quinn Executive Director of Performance and Assurance Sue

More information

Policy for Staff and Post 16 Student BYOD (Bring Your Own Device)

Policy for Staff and Post 16 Student BYOD (Bring Your Own Device) Policy for Staff and Post 16 Student BYOD (Bring Your Own Device) Date approved: 7 th May 2015 Review Schedule: Annual Reviewed: Next review: 1 Context Aims of this Policy Definitions CONTENTS 1. OVERVIEW...

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment

More information

HORIZON OIL LIMITED (ABN: 51 009 799 455)

HORIZON OIL LIMITED (ABN: 51 009 799 455) HORIZON OIL LIMITED (ABN: 51 009 799 455) CORPORATE CODE OF CONDUCT Corporate code of conduct Page 1 of 7 1 Introduction This is the corporate code of conduct ( Code ) for Horizon Oil Limited ( Horizon

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE. Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5

More information

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review

More information

RISK MANAGEMENT STRATEGY 2014-17

RISK MANAGEMENT STRATEGY 2014-17 RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

Bring Your Own Device Policy

Bring Your Own Device Policy Bring Your Own Device Policy Purpose of this Document This document describes acceptable use pertaining to using your own device whilst accessing University systems and services. This document will be

More information

Gloucestershire Hospitals

Gloucestershire Hospitals Gloucestershire Hospitals NHS Foundation Trust TRUST POLICY In the case of hard copies of this policy the content can only be assured to be accurate on the date of issue marked on the document. The Policy

More information

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY CONDITIONS OF USE FOR ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY Between: the Commonwealth of Australia, acting

More information

Mobile Devices Policy

Mobile Devices Policy Mobile Devices Policy Item Policy description Division Director Contact Description Guidelines to ensure that mobile devices are deployed and used in a secure and appropriate manner. IT Services and Records

More information

NHS Business Services Authority Information Governance Policy

NHS Business Services Authority Information Governance Policy NHS Business Services Authority Information Governance Policy NHS Business Services Authority Corporate Secretariat NHSBSAIGM002 Issue Sheet Document reference NHSBSAIGM002 Document location F:\CEO\IGM\Info

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE

CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE Document Title: Contracts

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

Information Incident Management. and Reporting Policy

Information Incident Management. and Reporting Policy Information Incident Management and Reporting Policy Policy ID IG10 Version: 1 Date ratified by Governing Body 21/3/2014 Author South CSU Date issued: 21/3/2014 Last review date: N/A Next review date:

More information

Security Incident Management Policy

Security Incident Management Policy Security Incident Management Policy January 2015 Document Version 2.4 Document Status Owner Name Owner Job Title Published Martyn Ward Head of ICT Business Delivery Document ref. Approval Date 27/01/2015

More information

Business Continuity Access to Personally Stored Corporate Electronic Data (CED) Policy

Business Continuity Access to Personally Stored Corporate Electronic Data (CED) Policy Business Continuity Access to Personally Stored Corporate Electronic Data (CED) Policy Reference No: Version: 2 Ratified by: P_IG_05 LCHS Trust Board Date ratified: 16 th December 2014 Name of originator/author:

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information & ICT Security Policy Framework

Information & ICT Security Policy Framework Information & ICT Security Framework Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT & Regulation Group and IMG January

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy NHS Waltham Forest Clinical Commissioning Group Governance Strategy Author: Zeb Alam, CCG IG Lead, (NELCSU) David Pearce, Head of Governance, WFCCG Version 3.0 Amendments to Version 2.1 Annual Review Reference

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

Information governance policy

Information governance policy Information governance policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSAIGM002a S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review IG Policy\Current

More information