Policy. Information Steering Group. Version Author Date Reason for review 0.0 Andrew Thomas July Neil Taylor August 2013
|
|
- Evelyn Lester
- 8 years ago
- Views:
Transcription
1 Policy Author(s) Andrew Thomas Version 1.0 Version Date 21 August 2013 Implementation/approval Date 14 August 2013 Review Date August 2014 Review Body Information Steering Group Policy Reference Number 015 Version Author Date Reason for review 0.0 Andrew Thomas July Neil Taylor August 2013 Formatting Adjustments to match CCG Policy on Polices 0.2 Neil Taylor August 2013 Minor adjustments from IG Steering Group 0.3 Neil Taylor September 2013 Minor adjustments from Policy Review Group 1.0 September 2013 Final Policy Page 1 of 18
2 Contents Page 1.0 Introduction Policy statement and aim Objectives Scope of Policy Governance Roles and responsibilities Capacity Allocation Remote working Change management Disciplinary measures Personal Freedom of Information and Subject Access Requests Electronic Mail Procedures Management Retention Staff Absence Forwarding Distribution Subject Heading Attachments Etiquette Spam Malicious Software Misuse Formatting Further Information Personal Confidential Data (PCD) Monitoring Compliance with this Policy Monitoring of compliance Non Compliance Implementation and dissemination of document Training Requirements Latest Version Associated Documents Appendices Appendix 1 Equality & Equity Impact Assessment Checklist Appendix 2 Consultation History Appendix 3 Security & Legal Obligations Appendix 4 Out of Office Template Appendix 5 Standard Signature Templates Policy Page 2 of 18
3 1.0 Introduction NHS Greenwich Clinical Commissioning Group (CCG) will provide its staff with access to the use of NHSMail (The System) for use wholly in connection with the Greenwich legitimate business interest. This policy, which governs use of the system, will be sent to all new users when their account is set up and to all users when the policy is amended. Failure to comply with this policy could result in disciplinary action being taken. This policy applies to all directly employed CCG staff, including Governing body members, syndicate and Clinical and non-clinical leads. GP and Dental practices in the Greenwich geographic area are also subject to this policy when capacity allocation is made. GP and Dental practices within the CCG catchment area are encouraged to implement their own policy and they are free to model their policy on this if they wish. In this case the CCG will waive their copyright on this policy Policy statement and aim To identify users security and operational obligations in respect of the use of the CCG system Objectives The objectives in implementing this policy are: To improve general communications within the CCG. To reduce significantly the need for paper exchange, provide an opportunity to reduce the amount of paper consumed and reduce the risk of breaches of confidentiality. To reduce the need for extensive photocopying of documents To provide a mechanism for more timely communications To reduce the time and resources spent on unsuccessful telephone calls. To provide an automatic audit trail of all internal electronic communications. To manage the system capacity of the CCG and wider sponsored organisations. Policy Page 3 of 18
4 2.0 Scope of Policy This policy is applicable to: All use held or processed by the CCG and its constituent statutory bodies. All capacity allocation used by GP and dental practices and its constituent statutory bodies in the Greenwich geographic area or Greenwich sponsored organisations. All permanent, contract or temporary personnel and all third parties who have access to CCG premises, systems or information. Any reference to staff within this document also refers to those working on behalf of the CCG on a temporary, contractual or voluntary basis This document will refer to information as a term that will encompass data. The term information is understood as details that can be understood independently, for example an . Data to information that requires the context of a system to be understood, for example SUS data. 3.0 Governance 3.01 Roles and responsibilities All new members of staff are required to have a CCG NHSmail address. This will be provided by the CCG and be allocated within the CCG s NHSmail container. Authorisation of the creation of the address will be via the ICT helpdesk and line manager Capacity Allocation There is a finite capacity allocation available to NHS organisations and the Organisations it sponsors. The breakdown for this is: Platinum Service (2GB) 2% Gold Service (1GB) 3% Silver Service (400mb) 80% All other individual and generic accounts Bronze Service (100mb) 15% Mainly used for dummy accounts used in the automated process of electronic data transfer. Within each organisation the average capacity can not be exceeded and the organisation will not be able to allocate new addresses. In the current CCG structure covering 63 individual accounts and 13 Generic accounts this would equate to: Platinum Service (2GB) 1 individual Gold Service (1GB) 2 individuals Silver Service (400mb) 53 individuals Bronze Service (100mb) 10 individuals Policy Page 4 of 18
5 All individual users within the CCG container will be allocated 400mb as a minimum. Platinum and Gold service accounts will not be offered to individuals, but will be reviewed on an annual basis Remote working With effective archiving, rule processing and the use of generic accounts the CCG and individuals can keep within an individual 400mb account allocation. To help with remote working, individuals should be aware of sending large files to multiple users and think if there is another way of distributing the data/information. A generic can be provided on request to ICT Helpdesk to every directorate/team to better utilise the distribution of large files being sent to many users Change management Process of change that encompasses the use of patient data must consider the issue of consent and provision of information to patients. More information is available through the IG Change Protocol 3.04 Disciplinary measures Staff must comply with the standards and governance around consent to process information as detailed in this policy, supporting protocols and procedures. Failure to do so can result in disciplinary action. All staff are reminded that this policy covers several aspects of legal compliance that as individuals they are responsible for. Failure to maintain these standards can result in criminal proceedings against the individual. These include but are not limited to: Data Protection Act 1998 Freedom of Information Act 2000 Computer Misuse Act 1990 Common law duty of confidentiality For a full list of relevant legislation and guidance see the Information Governance Management Framework Personal The use of personal addresses for business use is not permitted. This covers all addresses outside of the NHSmail container. Examples of non-nhs accounts include Hotmail, Yahoo, AOL, and services provided by internet service providers. NHSmail is available on N3 or over the web. There should be no need for staff to use personal for business use even when away from the designated work base Freedom of Information and Subject Access Requests All usage is auditable and also under the Freedom of Information Act (FoI) and Subject Access Request to Health Records (SAR) content of the system and Policy Page 5 of 18
6 associated archiving files (.pst,.ost as examples) can be requested and disclosed. All requests under FoI and SAR will follow the CCG s polices, protocols and procedures. 4.0 Electronic Mail Procedures Management All users should check their inbox regularly (preferably at least twice per day i.e. once in the morning and once in the afternoon). Please delete s as soon as they are not required. The storage space on the system is a shared resource, and is finite; therefore deleting unnecessary will help the system run efficiently Retention communications should, wherever possible, be stored in a user s own mail folders and archived or deleted regularly. Hard-copy print outs may be necessary for some filing purposes, but these should be minimised Staff Absence Planned In the case of planned absence from work users should set an automatic response (Example in Appendix 4) to ensure that the sender of the message is informed that s will not be read or acted upon until the recipient returns. Unplanned In cases of unplanned long term absence (e.g. through sickness), line managers can ensure that the for absent staff can be read and dealt with by another staff member through the use of proxy access or forwarding. This can be facilitated through the ICT helpdesk Forwarding Users must not automatically forward from their CCG account or send confidential or sensitive CCG information to non-nhs accounts. Examples of non-nhs accounts include Hotmail, Yahoo, AOL, and services provided by internet service providers Distribution As distribution lists are easy to use, there is a tendency to copy lots of people in on every message leading to frustration over unnecessary communications. If distribution lists are set up by individuals they should be regularly reviewed and edited to ensure they remain relevant and up-to-date. Only send s to those concerned by its content Subject Heading All communications should be headed with a meaningful title to allow recipients to browse through note headings before opening. Policy Page 6 of 18
7 4.07 Attachments Where access to a shared network area is not available to both sender and recipient(s), documents and spreadsheets should always be sent as an attachment to an . This method of communication is very much encouraged as an alternative to sending paper copies. However, try to avoid sending excessively large attachments via as NHSmail has a limit of 20mb. When it is absolutely necessary to send a large attachment (for business purposes only), please keep the number of recipients to a minimum and the use of Secure File Transfer protocol may be more appropriate Etiquette When sending s externally, it is important to remember the following etiquette: Typing in capitals could be considered as shouting. Formatting in messages (i.e. bold, italics) may not be retained Try not to send messages that are too long (more than a thousand lines) as some systems cannot cope with messages this long. When responding to a message, include part of the original so the recipient will know the context. The absence of body language makes for occasional misunderstandings, so if you use humour or sarcasm, make sure it is labelled as such. Be aware of any implications that an might have before transmission. Certain content might be interpreted in a way that was not intended if due consideration is not given to the wording. Never send any content that can be interpreted as offensive in any way Spam Giving your CCG address to organisations on the Internet may give rise to you receiving unsolicited s (often called spam). The quantity of these s can quickly become excessive, so please be cautious when giving your address to others Malicious Software The use of to spread software viruses has increased dramatically in recent times. Please be cautious when reading messages from unknown senders and running unusual attachments. If you are unsure of the safety of a particular message, delete it without reading it Misuse Misuse of in any way may result in disciplinary action being taken. Examples of misuse would include harassment, disclosing sensitive or confidential information, sending obscene or offensive materials, sending defamatory material or use of the CCG system for excessive private use (i.e. other than that detailed in 4.02) or personal gain. Staff should not send internal or external s consisting of jokes, offensive material or chain letters. Policy Page 7 of 18
8 4.12 Formatting Signature The CCG have a standard signature template for New and Forward/Replies of s. Please reference Appendix 5 Body o Do not use background templates, these may not be retained when sending onto other organisations or applications. o When creating a new use Font: Arial, Size: 11, colour: Black o When creating a reply or forward use Font: Arial, Size: 11, colour: Dark Blue 4.13 Further Information For further information and advice on using and managing your ; please contact the ICT HelpDesk. 5.0 Personal Confidential Data (PCD) All users must familiarise themselves with the legal obligations as they relate to ing PCD (see notes under Legal Obligations for further guidance). This applies equally to information regarding patients or staff. The CCG system is secure from external access and as such PCD can be ed within the NHSmail environment. It is however good practice to anonymise any data or use the minimum information necessary to identify the person. This may for example mean using initials or an identification number for patients, instead of a full name. Always check before sending PCD outside the CCG. Is it necessary? addresses should be double checked before sending. s containing PCD should only be sent to those recipients who have a need to know and should not be circulated to a wider audience unless this can justified. Sending PCD is the responsibility of the sender at all times and as such due care and observance of CCG and legal obligations must be undertaken. This equally applies to s that are forwarded on to a third party the forwarder takes responsibility for following the due processes. All s that contain PCD should be marked as Confidential. No PCD should be entered into the subject line of the . All flows of PCD should be recorded and assessed or approved by the Information Governance Lead and SIRO. Safe haven procedures must be used when sending confidential or sensitive information by . If staff need to communicate with social services, quoting patient identifiable information, then they should send the using their nhs.net account AND use the suffix cjsm.net at the end of the recipient s Address. For Policy Page 8 of 18
9 example: o Log on to NHS Mail account in the normal way. o Compose , using the Royal Borough of Greenwich address plus the suffix cjsm.net, e.g. somebody@royalgreenwich.gov.uk.cjsm.net o When sent, this will pass over the cjsm secure network and so can be treated as secure. o This method can be used for secure transfers for any other gov.uk addresses. Confidential or sensitive CCG information must not be accessed from non-nhs equipment. (Arrangements for working outside of this policy require prior approval from the manager who should seek advice from the Information Governance Lead). 6.0 Monitoring Compliance with this Policy 6.01 Monitoring of compliance Measurable Monitoring/Audit Frequency Policy of Objective monitoring Ensure standardised Format of Signature across Organisation Audit by Received s and incident reporting Quarterly Responsibility for performing the monitoring Information Governance Lead Monitoring reported to which groups/committees, including responsibility for reviewing action plans Information Governance Steering Group 6.02 Non Compliance Noncompliance with this Policy by staff will be brought to the attention of the Information Governance Steering Group. 7.0 Implementation and dissemination of document The Policy, once approved by the CCG s governing body, or delegated group, will be shared with all staff through the all staff , updated on the intranet, and shared with the CCG s Management Board. A team briefing will be provided to support this dissemination. 8.0 Training Requirements Training will be carried out for this policy under the Information Governance Training Needs Assessment. Policy Page 9 of 18
10 9.0 Latest Version The audience of this document should be aware that a physical copy may not be the latest version. The latest version, which supersedes all previous versions, is available on the CCG Internet and Intranet Associated Documents As a new organisation, the CCG is still developing a broad range of policies, protocols and procedures, which will be subject to further updates and additions. Related CCG policies, protocols and procedures currently include: Consent to use PCD Policy Policy Information Governance Policy Internet Policy Mobile Device Policy Records Management Policy Acceptable Use Protocol Confidentiality Code of Conduct Protocol Freedom of Information Protocol Information Sharing Protocol Information Lifecycle Protocol Pseudonymisation Protocol Safe Haven Protocol Confidentiality Audit Procedure Subject Access to Health Records Procedure Supporting documentation also includes: Information Governance Management Framework Information Communication and Technology Framework Information Governance Strategy Information Governance Acronyms Document Information Governance Roles & Responsibilities Document Information Governance Steering Group Terms of Reference Information Governance Training Needs Assessment 11.0 Appendices Appendix 1 Equality Impact Assessment Checklist Appendix 2 Consultation history Appendix 3 Security & Legal Obligations Appendix 4 Out of Office Template Appendix 5 Standard Signature Templates Policy Page 10 of 18
11 Appendix 1 Equality & Equity Impact Assessment Checklist This is a checklist to ensure relevant equality and equity aspects of proposals have been addressed either in the main body of the document or in a separate equality & equity impact assessment (EEIA)/ equality analysis. It is not a substitute for an EEIA which is required unless it can be shown that a proposal has no capacity to influence equality. The checklist is to enable the policy lead and the relevant committee to see whether an EEIA is required and to give assurance that the proposals will be legal, fair and equitable. The word proposal is a generic term for any policy, procedure or strategy that requires assessment. Challenge questions Yes/No What positive or negative impact do you assess there may be? 1. Does the proposal affect one group more or less favourably than another on the basis of: Race No Pregnancy and Maternity No Sex No Gender and Gender Re-Assignment No Marriage or Civil Partnership No Religion or belief No Sexual orientation (including lesbian, gay bisexual and transgender people) No Age No Disability (including learning disabilities, physical disability, sensory impairment and mental health problems) No 2. Will the proposal have an impact on lifestyle? (e.g. diet and nutrition, exercise, physical activity, substance use, risk taking behaviour, education and learning) 3. Will the proposal have an impact on social environment? (e.g. social status, employment (whether paid or not), social/family support, stress, income) 4. Will the proposal have an impact on physical environment? (e.g. living conditions, working conditions, pollution or climate change, accidental injury, public safety, transmission of infectious disease) No No No 5. Will the proposal affect access to or experience of services? (e.g. Health Care, Transport, Social Services, Housing Services, Education) Document Author No Equalities Lead (Carol Berry) Signature: Signature: Policy Page 11 of 18
12 Appendix 2 Consultation History Stakeholders Name Area of expertise Date sent Date received Comments Changes made Policy Page 12 of 18
13 Appendix 3 Security & Legal Obligations 1. Ownership Ownership of all messages, attachments and files remain the property of the CCG and as such are open to scrutiny at any time. The CSU IT Manager can be authorised by a director to audit any transmissions. This authority must be given in writing. This is consistent with the Employment Practices Data Protection Code (2003) ( and the Human Rights Act Surveillance The CCG can open and read staff s in accordance with the Regulation of Investigatory Powers Act 2000 (RIPA 2000) and the Telecommunications (Lawful Business Practice, Interception of Communications) Regulations This means that the CCG can intercept a communication or in the course of its transmission in order to: establish the existence of facts or, ascertain compliance with regulatory or self-regulatory practices or procedures which are applicable to the system controller in the carrying out of his business or applicable to another person in the carrying out of his business where that person is supervised by the system controller in respect of those practices or procedures, or ascertain or demonstrate the standards which are achieved or ought to be achieved by persons using the system in the course of their duties, or in the interest of national security, or for the purpose of preventing or detecting crime or, for the purpose of investigating or detecting the unauthorised use of that or any other communication system. The CCG will make all reasonable attempts to inform every employee that uses the system that communications transmitted in this way may be intercepted. The CCG will not open any marked Private & Confidential or read the content of the unless it is necessary in the interests of: National security Public safety Economic well-being of the country The prevention of disorder or crime The protection of health or morals The protection of the rights and freedoms of others If it is suspected that the Private and Confidential marking is being used to conceal breaches of any of Greenwich CCG s policies. When intercepting employees use of s because of any of the reasons specified above the CCG s actions will be proportionate to achieving its legitimate aim or aims. In all cases the interception will be authorised in writing by a Director. Policy Page 13 of 18
14 3. Legal Obligations Users are reminded about their obligations under the following Acts: The Data Protection Act 1998 This Act governs the use and disclosure of personal information and is very clear in restricting access, sharing and disclosure of personal information on a need to know basis. Personal information regarding staff or patients must not be ed outside the CCG unless anonymised. Said information can be ed within the CCG as the network is secure from external access but due consideration must be given to the principle of need to know. As such identifiable information should only be sent to the intended recipient and should be anonymised where possible i.e. by supplying a pseudonym rather than name and contact details. Under the Act all patient identifiable information can be accessed, including s and calendar file notes if requested therefore the sender of such s must be prepared for the content to be printed off and recorded in the clinical record. Personal information can only be passed on with the express consent of the person concerned except in certain conditions. Further clarification of how the Data Protection Act applies to transmission of information can be sought from the CCG Information Governance Lead The Computer Misuse Act 1990 It is a criminal offence to carry out deliberate acts designed to damage systems or data, or for a user to attempt to gain access to data that they do not have permission to access. The Copyright, Designs & Patents Act 1988 This act expressly forbids the copying of programs and associated files without the purchase of an appropriate licence. The Human Rights Act 1998 Article 8 of which concerns the right to privacy. The CCG and its employees also have responsibilities under the Caldicott Guidelines, regarding the protection and use of patient information. For further advice on these, please contact the CCG Caldicott Guardian. Any messages sent via are classed as the printed word and therefore the laws of libel, etc may still apply. Failure to abide by these obligations may result in disciplinary action. 4. Disclosure Staff should note that content of s can be used as evidence in legal cases so no information regarding any staff member, patient or other person should be entered into an unless there is full evidence to justify the statement. This evidence should be retained. This applies even if the has been deleted as the CCG can be legally required to produce retained back-ups of all s, including deleted ones. Policy Page 14 of 18
15 5. Security Every user must have unique passwords for all the systems to which they have access. NHSmail provide the admin and support for NHSmail with local organisation administrators (LOA s) providing capacity and admin functions at a local level. Policy Page 15 of 18
16 Appendix 4 Out of Office Template 1. Standard Out of Office Many Thanks for your I am currently out of the office and will return ##/##/####. If your is relating to X please redirect your to:.. If your is relating to Y please redirect your to:.. Your Name Your Job Title/Directorate NHS Greenwich CCG Policy Page 16 of 18
17 Appendix 5 Standard Signature Templates 1. Desktop PC s and NHSMail Web Access All New s should have the following signature: Your Name Your Job Title/Directorate NHS Greenwich Clinical Commissioning Group Greenwich Park Street Greenwich London SE10 9LR Your address Tel: XXXX (Internal Extension: 38XXXX) Work Mobile: 07XXX XXXXXX (IF YOU HAVE ONE) Web: Working days: (IF APPLICABLE) Font: Arial Size: 11 Font Style: Bold Font Colour: Black Font: Arial Size: 11 Font Style: Bold/regular Font Colour: Dark Blue Lighter 40% Hyperlinks should be available Image is available from the communications team Policy Page 17 of 18
18 All Replies and Forwards should have the following Signature: Your Name Your Job Title/Directorate NHS Greenwich CCG Tel: XXXX (Internal Extension: 38XXXX) Work Mobile: 07XXX XXXXXX (IF YOU HAVE ONE) Font: Arial Size: 11 Font Style: Bold Font Colour: Dark Blue Font: Arial Size: 11 Font Style: Bold Font Colour: Dark Blue Lighter 40% 2. ipad and iphones All s should have the following signature: Your Name Your Job Title/Directorate NHS Greenwich CCG Tel: XXXX (Internal Extension: 38XXXX) Work Mobile: 07XXX XXXXXX (IF YOU HAVE ONE) Sent from a Mobile Device Font: Arial Size: 11 Font Style: Bold Font Colour: Dark Blue Font: Arial Size: 11 Font Style: Bold Font Colour: Dark Blue Lighter 40% Policy Page 18 of 18
Information Communication and Technology Management. Framework
Information Communication and Technology Management Framework Author(s) Andrew Thomas Version 1.0 Version Date 24 September 2013 Implementation/approval Date 25 September 2013 Review Date September 2014
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:
More informationEmail Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual:
Version: 1.1 Ratified by: NHS Bury CCG IM&T Steering Group Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual: Greater Manchester CSU - IT Department NHS Bury
More informationEmail Policy and Code of Conduct
Email Policy and Code of Conduct UNIQUE REF NUMBER: CCG/IG/011/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Strategy
NHS Waltham Forest Clinical Commissioning Group Governance Strategy Author: Zeb Alam, CCG IG Lead, (NELCSU) David Pearce, Head of Governance, WFCCG Version 3.0 Amendments to Version 2.1 Annual Review Reference
More informationInformation Management Policy CCG Policy Reference: IG 2 v4.1
Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control
More informationInformation Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.
Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best
More informationINFORMATION GOVERNANCE POLICY
ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Policy
NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation
More informationHow To Ensure Information Security In Nhs.Org.Uk
Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:
More informationSt. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy
Learn, sparkle & shine St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Adopted from the LA Policy April 2015 CONTENTS Page No 1. Introduction 1 2. Guiding Principles
More informationEmail Usage Policy Document Profile Box
Document Profile Box Document Category / Ref QSSD 660 Version: 0004 Ratified by: Governance and Risk Committee Date ratified: 12 th January 2012 Name of originator / author: Name of responsible committee
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment
More informationE-Mail Use Policy. All Staff Policy Reference No: Version Number: 1.0. Target Audience:
E-Mail Use Policy Authorship: Barry Jackson Information Governance, Security and Compliance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date:
More informationEmail Services Policy
Email Services Policy CONTENTS Page 1 Introduction 3 2 Scope 3 3 Review and Evaluation 3 4 General Principles 4 5 Responsibilities 4 6 Business Use and Continuity 4 7 Personal Use 6 8 Managing Email Messages
More informationE-Mail and Internet Policy
E-Mail and Internet Policy Document reference Title: E-Mail and Internet Policy Product ID: Version Number: 8.0 Status: Live Distribution / Issue date: 12 November 2014 Author: K. Fairbrother Review Period:
More informationINTERNET, E-MAIL USE AND
INTERNET, E-MAIL AND TELEPHONE USE AND MONITORING POLICY Originated by: Customer Services LJCC: 10 th April 2008 Full Council: June 2008 Implemented: June 2008 1.0 Introduction and Aim 1.1 The aim of this
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationInternet and Social Media Policy
Internet and Social Media Policy Page 1 of 19 Review and Amendment Log / Control Sheet Responsible Officer: Chief Officer Clinical Lead: Author: Date Approved: Committee: Version: Review Date: Medical
More informationRules for the use of the IT facilities. Effective August 2015 Present
Rules for the use of the IT facilities Effective August 2015 Present INFORMATION MANAGEMENT GUIDE RULES FOR THE USE OF THE UNIVERSITY S IT FACILITIES ( The Rules ) 1. Introduction 2. Interpretation 3.
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Electronic Mail Policy Version: 5 Reference Number: CO6 Keywords: (please enter tags/words that are associated to this policy) Email Supersedes Supersedes: Version
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationCCG: IG06: Records Management Policy and Strategy
Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of
More informationInformation Governance Policy
Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version
More informationInternet Use Policy and Code of Conduct
Internet Use Policy and Code of Conduct UNIQUE REF NUMBER: AC/IG/023/V1.1 DOCUMENT STATUS: Agreed by Audit Committee 18 July 2013 DATE ISSUED: July 2013 DATE TO BE REVIEWED: July 2014 1 P age AMENDMENT
More informationPolicy Information Management
Policy Information Management Document Title: Policy Information Management Issue date: October 2013 Document Status: Approved IGC 23 Oct 2013 Review date: October 2014 Page 1 of 17 Document control Document
More informationPolicy Document Control Page. Updated to include new NHS mail encryption feature
Policy Document Control Page Title Title: Electronic Mail Policy Version: 6 Reference Number: CO6 Keywords: (please enter tags/words that are associated to this policy) Email Supersedes Supersedes: Version
More informationINFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes
INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationUSE OF PERSONAL MOBILE DEVICES POLICY
Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014
More informationInformation Sharing Policy
Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed
More informationSenior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES
Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the
More informationInformation Governance Policy
Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY
More informationENC Li Subject Access Request Procedure
Subject Access Request Procedure Version: 1.0 Page 1 of 23 Document control Document Information Document Name: Location: Consultation: Initial approval: Supersedes: Description: Audience: Contact details
More informationVersion Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation
Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South
More informationSTFC Monitoring and Interception policy for Information & Communications Technology Systems and Services
STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services Issue 1.0 (Effective 27 June 2012) This document contains a copy of the STFC policy statements outlining
More informationDate of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.
Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationUSE OF INFORMATION TECHNOLOGY FACILITIES
POLICY CI-03 USE OF INFORMATION TECHNOLOGY FACILITIES Document Control Statement This Policy is maintained by the Information Technology Department. Any printed copy may not be up to date and you are advised
More informationUNIVERSITY OF ST ANDREWS. EMAIL POLICY November 2005
UNIVERSITY OF ST ANDREWS EMAIL POLICY November 2005 I Introduction 1. Email is an important method of communication for University business, and carries the same weight as paper-based communications. The
More informationNetwork Security Policy
Department / Service: IM&T Originator: Ian McGregor Deputy Director of ICT Accountable Director: Jonathan Rex Interim Director of ICT Approved by: County and Organisation IG Steering Groups and their relevant
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy
More informationE-mail & Internet Policy
E-mail & Internet Policy Recommending Committee: Approving Committee: Clinical Standards & Focus Council Trust Governance Board Signature: Designation: Chief Executive Date: Version Number: 02 Date: August
More informationIM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers
IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationSOCIAL MEDIA POLICY. Senior Governance Officer, NHS North of England Commissioning Support Unit Reference No
SOCIAL MEDIA POLICY Ratified Governance & Risk Committee 08/2015 Status Final Issued August 2015 Approved By Governance and Risk Committee Consultation Governance and Risk Committee Equality Impact Assessment
More informationSafe Haven Policy. Equality & Diversity Statement:
Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review
More informationCCG Social Media Policy
Corporate CCG Social Media Policy Version Number Date Issued Review Date 2 25/03/2015 25/03/2017 Prepared By: Consultation Process: Formally Approved: Governance Manager, North of England Commissioning
More informationRemote Working and Portable Devices Policy
Remote Working and Portable Devices Policy Policy ID IG04 Version: V1 Date ratified by Governing Body 29/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review
More informationSenior Governance Manager, North of England. North Tyneside CCG Quality and Safety Committee (01/12/15)
Corporate IG02: Data Quality Version Number Date Issued Review Date V4 07/12/2015 01/01/18 Prepared By: Consultation Process: Senior Governance Manager, North of England Commissioning CCG Quality & Safety
More informationCONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE
This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE Document Title: Contracts
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationInformation & ICT Security Policy Framework
Information & ICT Security Framework Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT & Regulation Group and IMG January
More informationInformation Governance Policy
Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Policy for the electronic transfer of Person Identifiable Data - harmonised Version: 5 Reference Number: CO51 Supersedes Supersedes: 4 Description of Amendment(s):
More informationElectronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012
Electronic Messaging Policy 1. Document Status Security Classification Level 4 - PUBLIC Version 1.0 Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Retention
More informationPolicy: Remote Working and Mobile Devices Policy
Policy: Remote Working and Mobile Devices Policy Exec Director lead Author/ lead Feedback on implementation to Clive Clarke SHSC Information Manager SHSC Information Manager Date of draft 16 February 2014
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationCaedmon College Whitby
Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be
More informationSUBJECT ACCESS REQUEST PROCEDURE
This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version SUBJECT ACCESS REQUEST PROCEDURE DOCUMENT CONTROL Type of Document Document Title Description:
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationInformation Governance Policy
BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY
More informationInformation Governance Policy
Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups
More informationKenmore State High School Student Laptop Charter
Kenmore State High School Student Laptop Charter 2 Contents Student Laptop Charter... 4 Loan equipment... 4 Equipment ownership... 5 Fee for provision of laptop... 5 Laptop care... 6 Data security... 6
More informationE-Mail Management Policy
Information Management Standards & Procedures E-Mail Management Policy Appendices: A. Decision Matrix For Email Records Management 1 st December 2009 Document Version: 1.0 Page 1 of 14 Contents 1.0 Document
More informationRecommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.
Report to: Cabinet Date: 14 th October 2004. Report: of Head of Corporate Personnel Services Report Title: USE of INTERNET POLICY Summary of Report. The use of the Internet is growing rapidly. Over the
More informationElectronic Communications Monitoring Policy
Electronic Communications Monitoring Policy Printed copies should not be considered the definitive version DOCUMENT CONTROL POLICY NO. 79 Policy Group Information Governance and Security Author Andrew
More informationConditions of Use. Communications and IT Facilities
Conditions of Use of Communications and IT Facilities For the purposes of these conditions of use, the IT Facilities are [any of the University s IT facilities, including email, the internet and other
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More information1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.
Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review
More informationNHS Business Services Authority Information Security Policy
NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA
More informationDene Community School of Technology Staff Acceptable Use Policy
Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,
More informationPOLICY ON USE OF INTERNET AND EMAIL
POLICY ON USE OF INTERNET AND EMAIL OVERVIEW Public sector employees are accountable for their use and management of all public resources including the use of services such as the Internet and electronic
More informationThe Newcastle upon Tyne Hospitals NHS Foundation Trust. Occupational Health Records Management and Retention Operational Policy
The Newcastle upon Tyne Hospitals NHS Foundation Trust Occupational Health Records Management and Retention Operational Policy Version No. 1.0 Effective From: 9 October 2013 Expiry Date: 30 September 2016
More informationIM&T POLICY & PROCEDURE (IM&TPP 02) E-Mail Policy. Notification of Policy Release: Distribution by Communication Managers
IM&T POLICY & PROCEDURE (IM&TPP 02) E-Mail Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&TPP No. 2 Email Policy Version 3.04
More informationTrust Advantages and Disadvantages of Using Intranet
Policy No: OP17 Version: 6.0 Name of Policy: Internet, Intranet and Email Acceptable Use Policy Effective From: 04/08/2015 Date Ratified 04/03/2015 Ratified Health Informatics Assurance Committee Review
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationIT change management policy
IT change management policy Document Description Document Type Guidance Service Application NHS Birmingham South Central CCG (BSC) Version 0.3 Ratification date 20 June, 2013 Review Date March 2014 Name
More informationGCSx Email Guide for Internal Users. How to send sensitive business and personal information securely
GCSx Email Guide for Internal Users How to send sensitive business and personal information securely Document control Description Version V.2 Created May 2013 GCSx Email Guide for Internal Users Status
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationINFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationInformation Governance Strategy. Version No 2.1
Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of
More informationINFORMATION MANAGEMENT POLICY (RECORDS QUALITY) POLICY
BARNET CLINICAL COMMISSIONING GROUP INFORMATION MANAGEMENT POLICY (RECORDS QUALITY) POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Page 1 Responsible Person: Accountable Director: Ratifying
More informationCCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY
CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review
More informationHAZELDENE LOWER SCHOOL
HAZELDENE LOWER SCHOOL POLICY AND PROCEDURES FOR MONITORING EQUIPMENT AND APPROPRIATE ICT USE WRITTEN MARCH 2015 SIGNED HEADTEACHER SIGNED CHAIR OF GOVERNORS DATE.. DATE. TO BE REVIEWED SEPTEMBER 2016
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Version 1.0 Information Security Policy COR/043/V1.00 March 2016 Version 1.00 1 Subject and version number of document: Serial number: Information Security Policy Version 1.0
More informationINFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY
Appendix 1 INFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY Author Information Governance Review Group Information Governance Committee Review Date May 2014 Last Update February 2013 Document No. GV
More informationUse of the Internet and E-Mail Policy
Use of the Internet and E-Mail Policy This procedural documentsupersedes : Use of the Internet and E-Mail Policy CORP/EMP 16 v.4 Name and title of author/reviewer Samantha Francis HR Advisor Date revised
More informationInformation Governance Strategy 2015/16
Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal
More informationInternet, Social Networking and Telephone Policy
Internet, Social Networking and Telephone Policy Contents 1. Policy Statement... 1 2. Scope... 2 3. Internet / email... 2 4. Social Media / Social Networking... 4 5. Accessing the internet, email or social
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationInformation Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent
Scope Information Services Regulations for the Use of Information Technology (IT) Facilities at the University of Kent 1. These regulations apply to The Law All students registered at the University, all
More informationIslington ICT Email Policy A council-wide information technology policy. Version 0.9 June 2014
A council-wide information technology policy Version 0.9 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document is distributed under the Creative Commons Attribution
More informationSOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY
SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY OBJECTIVE To provide users with guidelines for the use of information technology resources provided by Council. SCOPE This policy
More informationMANAGEMENT OF PERSONAL FILES POLICY
MANAGEMENT OF PERSONAL FILES POLICY Executive Director lead Author/ lead Feedback on implementation to Andrew Avery (Interim Director of HR) Liz Thompson (HR Manager) Liz Thompson (HR Manager) Date of
More informationSTRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS
Policy: Title: Status: ISP-S9 Use of Computers Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1. Introduction 1.1. This information security policy document contains high-level
More information