University of Sunderland Business Assurance Over-arching Information Governance Policy

Size: px
Start display at page:

Download "University of Sunderland Business Assurance Over-arching Information Governance Policy"

Transcription

1 University of Sunderland Business Assurance Over-arching Information Governance Policy Document Classification: Public Policy Reference Central Register IG001 Policy Reference Faculty / Service IG 001 Policy Owner Assistant Director, Business Assurance Date Policy Written May 2013 Date Policy Last Updated Date to Information Governance Group 13 th June 2013 Date to Executive 26 th July 2013 Date for next Review May 2014 Comments B u s i n e s s A s s u r a n c e 4 t h F l o o r, E d i n b u r g h B u i l d i n g Page 1

2 1. INTRODUCTION Information Governance is defined as the way by which information is handled. Information Governance is the term used to encompass the multi-disciplinary structures, policies, procedures, process and controls which are implemented to manage the processing of information within an organisation. It provides a framework for processing information in a confidential and secure manner, as determined by legislative acts, statutes and best practice guidance such as:- The Data Protection Act 1998 The Freedom of Information Act 2000 Computer Misuse Act 1990 Human Rights Act 1998 Access to Health Records Act 1990 Environmental Information Regulations 2004 Regulation of Investigatory Powers Act 2000 Lawful Business Practice Regulations 2000 Mental Capacity Act DEFINITIONS The University has developed the following definitions: The University has a Corporate Plan, which outlines its vision and strategic themes. This has been agreed formally by the University Executive and Board of Governors, and contains high-level principles that drive how the University formulates policy. A policy is a concise statement of principle which states how the University will operate in a particular area. Policies provide the operational framework within which the University conducts its business. A central register of policies is maintained by Business Assurance. A procedure states how we will implement policy on an operational level. They serve to inform staff about how to accomplish their work within current systems. A guidance note defines the recommended approach for conducting a specific activity, and should provide operational detail, instructions and advice that facilitates the implementation of a code of practice. 3. INFORMATION GOVERNANCE MANAGEMENT 3.1. Objective: To ensure appropriate management arrangements are in place to effectively manage the Information Governance agenda Responsibilities Board of Governors and Vice Chancellor Ultimate responsibility information governance rests with the Board of Governors. The Vice Chancellor, has executive responsibility for all aspects of information governance and together with the Board of Governors, will ensure that proper procedures are in place to fully implement this policy. The Vice Chancellor is responsible signing any undertakings with the Information Commissioner on behalf of the University due to non-compliance. B u s i n e s s A s s u r a n c e 4 t h F l o o r, E d i n b u r g h B u i l d i n g Page 2

3 Senior Information Risk Owner (SIRO) Overall responsibility for this policy lies with the Assistant Director of Business Assurance, who performs the role of the University s Senior Information Risk Owner (SIRO) The SIRO is responsible for: Ensuring that an overall culture exists that values and protects information within the organisation Owning the organisation s overall information risk policy and risk assessment process, testing its outcome and ensuring that it is used Owning the organisation s information incident management framework The Assurance Manager (Business Assurance - Information Governance), responsible to the Assistant Director for Business Assurance, is responsible for drawing up information governance policy, process and guidance and ensuring compliance with this policy. The Assurance Manager will oversee the Information Governance Framework and ensure its successful operation. The IT Security Manager (ITS), reporting to the Assistant Director of SLS: IT, is responsible for developing IT Security Policy, standards and guidelines. He/she is also responsible for ensuring that effective IT Security systems, controls and training programs are operationally implemented, fit for purpose and available across the University. The Legal Support & Data Protection Officer is responsible for developing policy, process and guidance relating to Data Protection and can provide advice on collecting, using and protecting personal information. The University Deans of Faculty and Directors of Support Services have responsibility for ensuring compliance with the University s Information Governance policies and ensuring any issues of non-compliance are addressed. They have responsibility for ensuring that an appropriate member of staff, in each Faculty and Service, takes on the role of Information Champion. Individual employees have responsibility for ensuring that they comply with this policy and any related policies and guidance. Staff should attend training and awareness sessions provided by the University. Employees also have a duty to report any incidents or near misses in relation to information security Governance Groups Information Governance Group The Information Governance Group is accountable to the University s Business Assurance Board. It is to act as a programme board for direction of the University s overall approach to Information Governance. Specifically, it is tasked with:- Holding an understanding of all elements of Information Governance, including relevant technical and legal requirements Overseeing all aspects of policy development in relation to Information Governance B u s i n e s s A s s u r a n c e 4 t h F l o o r, E d i n b u r g h B u i l d i n g Page 3

4 Overseeing all technical developments to support and enhance the University s approach to the management of Information Governance Governing the design and delivery of all training and development activity in relation to Information Governance Information Champions Group Information Champions are accountable to their Dean of Faculty/Director of Service and have a responsibility to monitor information governance compliance and awareness and be the primary point of contact and source of information and support within the Faculty/Service. The Information Champions Group will report to the Information Governance Group. Technical Security Group Faculty IT Technicians play a pivotal role in the application of technical IT Security controls within their Faculty and are accountable to their Dean of Faculty/Director of Service for ensuring the IT Services provided by the Faculty are in line with IT Security Policies & Standards. The technicians must also be a primary point of contact and source of information in relation to IT Security form an awareness perspective in supporting the Faculty/Service. The Technical Security Group will report to the Information Governance Group. 4. CONFIDENTIALITY AND DATA PROTECTION 4.1. Objective: To ensure that all staff and contractors are aware of and comply with their obligations with regards to confidentiality. Compliance with legal and regulatory framework will be achieved, monitored and maintained. The obligation to keep information confidential arises out of the common law duty of confidentiality, the Data Protection Act 1998, professional obligations and staff employment contracts. In combination, these duties and obligations place all staff members with access to confidential personal information under a duty to keep that information safe and secure (i) Policies and Procedures To aid staff in complying with their duties and obligations with regards to confidentiality, the following policies and procedures will be in place: Data Protection Policy Subject Access Request (SAR) Procedures Staff Guide to Personal Information Student Guide to Personal Information Public Guide to Personal Information Data Sharing Agreement Guidance Non disclosure Agreement Guidance Commercial Confidentiality Guidance B u s i n e s s A s s u r a n c e 4 t h F l o o r, E d i n b u r g h B u i l d i n g Page 4

5 5. INFORMATION SECURITY 5.1. Objective: To ensure that information systems are secure and respond to security related incident in whatever way is appropriate. To prevent loss, damage or compromise of assets and interruption to business activities. The main priorities for information security are:- creating a culture towards Information Security within the organisation ensuring security policies contain sufficient detail and strength to guide staff, particularly around o the identification and understanding of the types of information they deal with o removable media/portable computing o transfer of person identifiable information ensuring staff have access to policies and guidance and sufficient training to ensure they can fulfil their duties responsibly and securely 5.2. Policies and Procedures The following policies and procedures, as a minimum, will be in place in relation to Information Security: Information Security Policy IT Acceptable Use Policy IT Security Policy Information Risk Management Policy (and procedures) IT and Communications Interception and Monitoring Policy Policy on Connection to the University Network IT Systems at Risk Policy University Network at Risk Policy JANET Acceptable Use Policy Backup/Disaster Recovery Policy Additionally, standards and best practice guidance documents will be drawn up to assist staff in areas such as:- Standards: Intrusion Detection Standard Network Configuration and Management Standard Password Standard Physical Security Standard Portable Computing Standard Security Monitoring Standard Security Training Standard Computer Hardening Standard Software Licensing Standard Special Access Standard Guidance: Account Management Best Practice Draft: NDA Trusted Third Party Agreement ( TTP ) Vendor Access - Best Practice Your Password Social Networking Identity Theft Phishing Spam Anti Virus - Students B u s i n e s s A s s u r a n c e 4 t h F l o o r, E d i n b u r g h B u i l d i n g Page 5

6 Secure System Development Standard Virus Protection Standard Application Security Management Standard IT Asset Management Standard Data Destruction Standard Encryption Standard Log Management & Retention Standard Patch & Vulnerability Management Standard Data Loss Prevention Standard Data Handling Standard Logical Access Control (LACS) Standard Security Testing Standard BYOD Standard Mobile Device Standard Anti Virus - University Owned PCs (staff) Anti Virus - Staff Owned PCs Secure USB keys for Staff 6. RECORDS MANAGEMENT 6.1. Objective: To ensure that records are accessible and retrievable when and where required. This includes records on network drives and in shared folders, s and attachments web pages on Internet and Intranet sites and paper records. Freedom of Information The Freedom of Information (FOI) Act was introduced in 2000 to promote greater openness and accountability. It gives all members of the public the right to access information from public bodies, such as the University. Good records management will assist the University in complying with the requirements contained within the Act. Work in this area of records management will concentrate on themes such as:- Creating and maintaining an inventory of existing corporate records Creation/File Naming conventions Storage Retention periods Archiving Disposal Freedom of Information compliance Electronic document management Corporate records management (including policy management) 6.2. Policies and Procedures At a minimum, the following policies and procedures will be developed in relation to Records Management:- Records Management Policy Archive and Retention Policy Information Classification Policy B u s i n e s s A s s u r a n c e 4 t h F l o o r, E d i n b u r g h B u i l d i n g Page 6

7 Archiving and Retention Procedures FOI and EIR Policy FOI Procedures FOI Guidance for Staff/Requestors 7. TRAINING AND EDUCATION Information is the lifeblood of the University. It is essential that a culture is developed whereby information management is part of everyday activities and becomes part of the culture of the organisation. Increasing staff awareness is key to successfully implementing a University-wide approach to Information Governance. Training and awareness will be available to all staff: 7.1. Induction All newly employed staff will receive basic guidance in organisational policy in relation to information governance as part of the University s induction checklist Information Governance Training All staff will receive basic Information Governance training, at least 3 yearly. Additionally service specific and subject specific training will be provided as appropriate and necessary to inform staff of policy and process. Training will be deployed using a variety of techniques including:- e-learning face to face training sessions facilitated workshops B u s i n e s s A s s u r a n c e 4 t h F l o o r, E d i n b u r g h B u i l d i n g Page 7

8 University of Sunderland Business Assurance Over-arching Information Governance Policy APPENDIX A OVERVIEW OF INFORMATION GOVERNANCE POLICIES Data Information Security Information Governance Records Management Freedom of Information Protection/Confidentiality (and IT related policies) Information Governance Policy Records Management Policy FOI and EIR Policy Data Protection Policy Information Security Policy Data Assurance Policy IG Training Policy Using Copyright in Education Archive and Retention Policy IT Acceptable Use Policy Information Classification Policy FOI Procedures SAR Procedures IT Security Policy (and standards) Archiving and Retention Procedures FOI Guidance for Staff Social Media Policy FOI Guidance for Requestors Incident Management Policy Staff Guide to Personal Information Student Guide to Personal Information Public Guide to Personal Information Data Sharing Agreement Guidance Non disclosure Agreement Guidance Commercial Confidentiality Guidance Information Risk Management Policy (and procedures) IT and Communications Interception and Monitoring Policy Policy on Connection to the University Network IT Systems at Risk Policy University Network at Risk Policy JANET Acceptable Use Policy Backup/Disaster Recovery Policy Change Management Policy B u s i n e s s A s s u r a n c e 4 t h F l o o r, E d i n b u r g h B u i l d i n g Page 8

University of Sunderland Business Assurance. Over-arching Information Governance Policy. Document Classification: Public

University of Sunderland Business Assurance. Over-arching Information Governance Policy. Document Classification: Public University of Sunderland Business Assurance Over-arching Information Governance Policy Document Classification: Public Policy Reference Central Register IG001 Policy Reference Faculty / Service IG 001

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

Highland Council Information Security Policy

Highland Council Information Security Policy Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

AGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader

AGENDA ITEM: SUMMARY. Author/Responsible Officer: John Worts, ICT Team Leader AGENDA ITEM: SUMMARY Report for: Committee Date of meeting: 30 May 2012 PART: 1 If Part II, reason: Title of report: Contact: Purpose of report: Recommendations Corporate objectives: Implications: INFORMATION

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Information Governance Strategy. Version No 2.1

Information Governance Strategy. Version No 2.1 Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of

More information

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE

More information

University of Sunderland Business Assurance PCI Security Policy

University of Sunderland Business Assurance PCI Security Policy University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Chief Financial

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy. Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review

More information

Information Governance Policy

Information Governance Policy BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

Records Management plan

Records Management plan Records Management plan Prepared for 31 October 2013 Audit Scotland is a statutory body set up in April 2000 under the Finance and Accountability (Scotland) Act 2000. We help the Auditor General for Scotland

More information

AUDIT COMMITTEE 10 DECEMBER 2014

AUDIT COMMITTEE 10 DECEMBER 2014 AUDIT COMMITTEE 10 DECEMBER 2014 AGENDA ITEM 8 Subject Report by MANAGEMENT OF INFORMATION RISKS DIRECTOR OF CORPORATE SERVICES Enquiries contact: Tony Preston, Ext 6541, email tony.preston@chelmsford.gov.uk

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath

More information

Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION

Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION The purpose of this policy is to outline essential roles and responsibilities within the University community for

More information

Information Management Policy

Information Management Policy Information Management Policy Document Control Title Organisation Description Author(s) Information Management Policy London Legacy Development Corporation The Information Management Policy describes how

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

Policy Checklist. Head of Information Governance

Policy Checklist. Head of Information Governance Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust

More information

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security

More information

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Criminal Injuries Compensation Authority. Data protection audit report

Criminal Injuries Compensation Authority. Data protection audit report Criminal Injuries Compensation Authority Data protection audit report Executive summary January 2016 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Information governance strategy 2014-16

Information governance strategy 2014-16 Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Information Security Policy

Information Security Policy Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Alan Lawrie ehealth Strategy Group Implementation Date: September

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal

More information

Information Security and Governance Policy

Information Security and Governance Policy Information Security and Governance Policy Version: 1.0 Ratified by: Information Governance Group Date ratified: 19 th October 2012 Name of organisation / author: Derek Wilkinson Name of responsible Information

More information

Information Governance Policy

Information Governance Policy Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:

More information

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical

More information

Lancashire County Council Information Governance Framework

Lancashire County Council Information Governance Framework Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice

More information

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format. University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information

More information

Corporate Records Management Policy

Corporate Records Management Policy Corporate Records Management Policy Introduction Part 1 Records Management Policy Statement. February 2011 Part 2 Records Management Strategy. February 2011 Norfolk County Council Information Management

More information

Information Governance Policy (incorporating IM&T Security)

Information Governance Policy (incorporating IM&T Security) (incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the

More information

Information Governance Framework

Information Governance Framework Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information

More information

Scotland s Commissioner for Children and Young People Records Management Policy

Scotland s Commissioner for Children and Young People Records Management Policy Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives

More information

Information Management Strategy. July 2012

Information Management Strategy. July 2012 Information Management Strategy July 2012 Contents Executive summary 6 Introduction 9 Corporate context 10 Objective one: An appropriate IM structure 11 Objective two: An effective policy framework 13

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents West Midlands Police and Crime Commissioner Records Management Policy 1 Contents 1 CONTENTS...2 2 INTRODUCTION...3 2.1 SCOPE...3 2.2 OVERVIEW & PURPOSE...3 2.3 ROLES AND RESPONSIBILITIES...5 COMMISSIONED

More information

Information Governance Management Framework

Information Governance Management Framework Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date

More information

DURHAM COUNTY COUNCIL CORPORATE RECORDS MANAGEMENT POLICY

DURHAM COUNTY COUNCIL CORPORATE RECORDS MANAGEMENT POLICY DURHAM COUNTY COUNCIL CORPORATE RECORDS MANAGEMENT POLICY Version 3.0 February 2015 Table of Contents 1. Purpose...3 2. Background... 4 3. Legislative Arena... 4 4. Scope...5 5. Aim and Objectives... 6

More information

OFFICIAL. NCC Records Management and Disposal Policy

OFFICIAL. NCC Records Management and Disposal Policy NCC Records Management and Disposal Policy Issue No: V1.0 Reference: NCC/IG4 Date of Origin: 12/11/2013 Date of this Issue: 14/01/2014 1 P a g e DOCUMENT TITLE NCC Records Management and Disposal Policy

More information

University of Liverpool

University of Liverpool University of Liverpool IT Asset Disposal Policy Reference Number Title CSD 015 IT Asset Disposal Policy Version Number v1.2 Document Status Document Classification Active Open Effective Date 22 May 2014

More information

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

Information Security Policy and Handbook Overview. ITSS Information Security June 2015 Information Security Policy and Handbook Overview ITSS Information Security June 2015 Information Security Policy Control Hierarchy System and Campus Information Security Policies UNT System Information

More information

Rotherham CCG Network Security Policy V2.0

Rotherham CCG Network Security Policy V2.0 Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October

More information

Supplier IT Security Guide

Supplier IT Security Guide Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

Date of review: Information Governance Group January 2016. Policy Category: CONTENT SECTION DESCRIPTION PAGE

Date of review: Information Governance Group January 2016. Policy Category: CONTENT SECTION DESCRIPTION PAGE Title: Date Approved: January 2015 Division/Department: Corporate Services Corporate Records Policy Approved by: Date of review: Information Governance Group January 2016 Author (post-holder): Interim

More information

INITIAL APPROVAL DATE INITIAL EFFECTIVE DATE

INITIAL APPROVAL DATE INITIAL EFFECTIVE DATE TITLE AND INFORMATION TECHNOLOGY RESOURCES DOCUMENT # 1107 APPROVAL LEVEL Alberta Health Services Executive Committee SPONSOR Legal & Privacy / Information Technology CATEGORY Information and Technology

More information

How To Protect School Data From Harm

How To Protect School Data From Harm 43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching

More information

IT Data Security Policy

IT Data Security Policy IT Data Security Policy Contents 1. Purpose...2 2. Scope...2 3. Policy...2 Access to the University computer network... 3 Security of computer network... 3 Data backup... 3 Secure destruction of data...

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:

More information

Information & ICT Security Policy Framework

Information & ICT Security Policy Framework Information & ICT Security Framework Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT & Regulation Group and IMG January

More information

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director

More information

TOWN OF COTTESLOE POLICY EMAIL MANAGEMENT

TOWN OF COTTESLOE POLICY EMAIL MANAGEMENT EMAIL MANAGEMENT POLICY STATEMENT Town of Cottesloe email accounts are intended for business transactions in support of the Town s strategic goals and objectives. Accordingly any email transmission residing

More information

Harper Adams University College. Information Security Policy

Harper Adams University College. Information Security Policy Harper Adams University College Information Security Policy Introduction The University College recognises that information and information systems are valuable assets which play a major role in supporting

More information

Life Cycle of Records

Life Cycle of Records Discard Create Inactive Life Cycle of Records Current Retain Use Semi-current Records Management Policy April 2014 Document title Records Management Policy April 2014 Document author and department Responsible

More information

Trust Informatics Policy. Information Governance. Information Governance Policy

Trust Informatics Policy. Information Governance. Information Governance Policy Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Public Records (Scotland) Act 2011. NHS Health Scotland Assessment Report. The Keeper of the Records of Scotland. 5 th August 2015

Public Records (Scotland) Act 2011. NHS Health Scotland Assessment Report. The Keeper of the Records of Scotland. 5 th August 2015 Public Records (Scotland) Act 2011 NHS Health Scotland Assessment Report The Keeper of the Records of Scotland 5 th August 2015 Contents 1. Public Records (Scotland) Act 2011... 3 2. Executive Summary...

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Hengtian Information Security White Paper

Hengtian Information Security White Paper Hengtian Information Security White Paper March, 2012 Contents Overview... 1 1. Security Policy... 2 2. Organization of information security... 2 3. Asset management... 3 4. Human Resources Security...

More information

Information Incident Management Policy

Information Incident Management Policy Information Incident Management Policy Change History Version Date Description 0.1 04/01/2013 Draft 0.2 26/02/2013 Replaced procedure details with broad principles 0.3 27/03/2013 Revised following audit

More information

INFORMATION GOVERNANCE STRATEGY NO.CG02

INFORMATION GOVERNANCE STRATEGY NO.CG02 INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

Executive has authority to determine the above recommendation.

Executive has authority to determine the above recommendation. REPORT OF: HEAD OF CORPORATE DEVELOPMENT AUTHOR: FIONA CULLEN TELEPHONE: 01737 276296 C E-MAIL: TO: fiona.cullen@reigate-banstead.gov.uk EXECUTIVE DATE: 13 JULY 2006 EXECUTIVE MEMBER: COUNCILLOR J.M. ELLACOTT

More information

NHS Lanarkshire Information Governance Committee

NHS Lanarkshire Information Governance Committee INFORMATION GOVERNANCE COMMITTEE DRAFT TERMS OF REFERENCE Name Purpose NHS Lanarkshire Information Governance Committee To provide direction of and oversee the development of NHS Lanarkshire Information

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY Information Security Policy INFORMATION SECURITY POLICY Introduction Norwood UK recognises that information and information systems are valuable assets which play a major role in supporting the companies

More information

Information Security Policy

Information Security Policy Information Security Policy Last updated By A. Whillance/ Q. North/ T. Hanson On April 2015 This document and other Information Services documents are held online on our website: https://staff.brighton.ac.uk/is

More information

How To Ensure Network Security

How To Ensure Network Security NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:

More information

Information Governance Strategy Includes Information risk & incident management methodology

Information Governance Strategy Includes Information risk & incident management methodology Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May

More information

Somerset County Council - Data Protection Policy - Final

Somerset County Council - Data Protection Policy - Final Organisation Title Author Owner Protective Marking Somerset County Council Data Protection Policy - Final Peter Grogan Information Governance Manager Unclassified POLICY ON A PAGE Somerset County Council

More information

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013 Information Governance Policy Version 1.0 June 2013 Copyright Notification Copyright London Borough of Islington 2012 This document is distributed under the Creative Commons Attribution 2.5 license. This

More information

Auditing data protection a guide to ICO data protection audits

Auditing data protection a guide to ICO data protection audits Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit

More information

University of Liverpool

University of Liverpool University of Liverpool Information Security Incident Response Policy Reference Number Title CSD-012 Information Security Incident Response Policy Version Number 1.2 Document Status Document Classification

More information

Security Awareness Training Policy

Security Awareness Training Policy Security Awareness Training Policy I. PURPOSE This policy is intended to set the training standard for several key audiences in Salem State University, including, but not limited to: University executives,

More information

Draft Information Technology Policy

Draft Information Technology Policy Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

INFORMATION GOVERNANCE STAFF HANDBOOK

INFORMATION GOVERNANCE STAFF HANDBOOK INFORMATION GOVERNANCE STAFF HANDBOOK Contents Why do YOU need to know about Information Governance (IG)?... 2 Keeping Information Safe... 2 Confidentiality... 2 Deciding to Communicate Important Information...

More information