Senate. SEN15-P17 11 March Paper Title: Enhancing Information Governance at Loughborough University
|
|
- Wilfred Hampton
- 8 years ago
- Views:
Transcription
1 SEN15-P17 11 March 2015 Senate Paper Title: Enhancing Information Governance at Loughborough University Author: Information Technology & Governance Committee 1. Specific Decision Required by Committee 2. Relevance to University Strategy Senate is asked to : (i) Consider and comment on the draft Information Governance Policy including mandatory training for all staff, ahead of its consideration by Council (ii) Note the proposals on detailed sub-policies and information reviews. Contributes to Para 4.1 of the strategic implementation plan: Ensure that our governance and infrastructure are: - efficient - able to support change effectively - able to support collaborative initiatives - valued by staff and students Also contributes to risk management and effective legal compliance. 3. Executive Summary This paper presents an update on recent work undertaken to improve the University s approach to Information Governance and security. A draft high level policy is presented for approval. An action plan has been developed to address gaps in policy, training and procedures in the area of information governance in order to reduce risk, provide reassurance to partners, individuals and Council that data is held and used appropriately and securely and that the institution is compliant with relevant legislation and good practice. 4. Essential Background Information 5. Risks, Risk Mitigation and Governance/ Accountability 6. Implications for other activities This is a potential area of major risk for the institution. A recent incident involving personal data highlighted some of the issues. The CUC governance code expects the governing body to manage risk and ensure legal compliance across the institutions activities. The implementation of the wider Information Governance action plan will require input from various key stakeholders from across the campus and commitment from the majority of staff. If approved, mandatory training will need to be incorporated into the staff probationary period and staff development portfolio. 7. Resource and Cost Up to 10k for initial training package over three years. Other resource implications may emerge as work proceeds. Requests will be made in the normal way through Operations Committee 8. Alternative Options considered 9. Other Groups/Individuals consulted. Do nothing significant risk and potential that some research partners would refuse to work with us. A wide range of professional staff representing all of the key services within the University have been involved and School input has been sought via an Operations Manager. The proposals received in depth discussion at ITGC. Additional academic staff input will be sought in the next stages of the action plan.
2 10. Future Actions, Timescales & Frequency of Review by this Committee. Please see proposed timeline of actions contained within the paper. 11. Success Criteria (KPIs) No negative information related incidents, increased speed of handling of Data Protection and Freedom of Information requests. Straightforward responses to requirements of research funders and partners. 12. University Executive comment (required for Council papers only) 2
3 1. Background Significant gaps have been identified in the University s current approach to Information Governance. Specific areas of concern include the lack of an overarching Information Governance Policy, the current limited provision of formal staff training and the recognition that information held by the University may not always be in an appropriately secure format. The following risks have been identified: Personal staff or student data may be released or accessible to third parties Sensitive student or staff data may be shared without consent within the University Commercially sensitive information may be released or accessible to third parties The University may not meet the requirements of research sponsors and other partners in relation to information governance and security (including potential loss of future research income) Individuals or organisations experiencing detriment as a result of the above could take legal action against the University Damage to reputation as a result of information security breaches Staff time is wasted when making responses to Data Protection and FOI requests due to poor information management practices Important data may be lost due to poor information management practices Data may be retained for longer than necessary or duplicated in local systems, taking up storage capacity (physical or virtual) and in potential breach of the Data Protection Act There is a lack of clarity over approval mechanisms for sharing data between corporate systems which may lead to irregular and inefficient practices Some initial work in this area was undertaken during 2014 and an informal group (the Information Governance Working Group) has met three times to begin to establish a course of action for addressing these concerns. The group has identified the following priority areas to be addressed in the short term. (a) (b) (c) (d) Develop and finalise a high level, overarching Information Governance Policy to cover all areas of the University. Develop a comprehensive set of Information Governance and Security sub-policies. Outline a plan for effective staff communications and training (to include an updated University Code of Practice for IT Professionals). Conduct an initial University-wide Data Review to be undertaken via self-assessment, by each of the Schools and Professional Services. Full implementation of the planned actions, bearing in mind the size of the University and the complexity of its business, will necessarily take some time but the intention is to use the findings of the Data Review to identify the areas of greatest risk which will be targeted in the initial stages of the work. 2. Information Governance Policy and Training [Appendix 1] The attached draft Information Governance policy has been agreed by the Information Technology and Governance Committee and is now presented to Senate for consideration and comment before consideration by Council on 27 March 2015 for formal approval. The policy aims to provide a high level framework for the University s commitment to effective information governance. The intention is that the high level policy will be supported by a number of more detailed policies and procedures which in some cases already exist, though they may require some revision, and in other areas are in the process of being drafted. 3
4 Embedded within the high level Policy (in Annex 1) is a commitment to delivering training to all staff. In order to address this proposal, online training packages covering the key aspects of good information practice are currently being reviewed to identify a quality solution which makes effective and proportionate use of staff time. Additional specific training is likely to be required for staff in some specialist roles. ITGC recommends that the basic training be mandatory and that probationary sign off for new staff be subject to it being completed. The implications of this recommendation will be discussed at Human Resources Committee. It is intended that Annex 1 of the high level policy will clearly define the roles and responsibilities of Senior Managers/Deans for ensuring that staff are complying with the Policy and have completed the necessary training. The current draft is an initial statement of staff responsibilities and is likely to be developed further as expectations and procedures are defined more explicitly. Senate is asked: (a) To consider the proposed Information Governance Policy and comment ahead of Council s consideration and formal approval; (b) To note that the practical implications of the mandatory training for all staff to which the Policy refers will be discussed at Human Resources Committee. 3. Proposal for an Information Governance Sub-Committee To provide co-ordination of the work and detailed advice to Information Technology and Governance Committee in this area, the Information Governance Working Group is being re-constituted as a formal Sub-Committee of the Information Technology and Governance Committee. Draft Terms of Reference and the proposed composition and membership are in the process of being finalised. Senate is asked to note this development. 4. Information Governance and Security Sub Policies: A suite of Information Governance and Security Policies is under development. The intention is to base these on the ISO 27001:2005 and ISO 27001:2013 international standards as alignment with these is sought by research partners. However, the challenge will be to develop concise documents which are also fit for purpose and accessible to relevant staff and, where applicable, students. The aim is for a full set of policies to be submitted for formal approval in July Whilst practice in some areas is already close to compliance with good practice, any urgent actions identified in the process of developing the policies will be taken forward immediately. However, it is envisaged that full implementation of the policies will commence from summer 2015 following formal approval. 5. Data Review and Architecture At present, the University does not have a full overview of the nature of the data it is holding and the location and security of that data. Given the diversity of institutional activity, it is recommended that the remit and scope of an initial Data Review should cover the whole of the University. Exploratory work has 4
5 been undertaken to seek the views of other HEIs that have previously undertaken an exercise of this kind and it was noted that in one case, a detailed audit had not been well received by staff. With this in mind, an initial light touch review is proposed by ITGC, which will serve the purpose of identifying possible areas of high risk that require immediate action, as well as those areas that might require more in depth audit. Work is planned for March and April with a view to findings being presented in the summer term to inform the draft policies and future actions. ITGC has also proposed further work to improve processes and clarify decision-making around the use, sharing and access to key data to follow the initial actions proposed above. 5
6 APPENDIX 1 DRAFT Loughborough University INFORMATION GOVERNANCE POLICY 1. Summary Information is a vital asset to the University. It underpins the University s Research, Teaching and Enterprise. It is fundamental to all other activities associated with its staff, students, funders, collaborators, and strategic partners as well as the efficient management of all its services and resources. It plays a key part in governance, planning and performance management. It is therefore of paramount importance to ensure that information is efficiently managed, and that appropriate policies, procedures and management accountability and structures provide a robust governance framework for information management. 2. Principles The University recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. The University fully supports the principles of good corporate governance and recognises its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, both personal and commercially sensitive information that is held by the institution. The University also recognises the need to share information and data with other organisations and other agencies in a controlled manner consistent with the interests of our staff, students, funders, collaborators and strategic partners and, in some circumstances and where appropriate, with the public. The University believes that accurate, timely and relevant information is essential to deliver the highest quality in all its activities. There are 3 key interlinked strands to the University s information governance policy: Openness Legal compliance Information security 2.1. Openness Non-confidential information on the University and all its activities should be available to the public through a variety of media. This may include through: open access publishing, the institutional repository, Freedom of Information Act compliance, etc. The University adopts a general policy of openness in terms of allowing individuals access to their personal information. Personal information will be maintained and released to the individuals concerned on request in accordance with the provisions of the Data Protection Act. The University has clear procedures and arrangements for liaison with the press, on-line and broadcasting media through its Marketing and Advancement function. The University will have clear procedures and arrangements for handling queries from our staff, students, funders, collaborators, strategic partners, suppliers and the public. 6
7 The University will support the effective sharing of data where appropriate Legal Compliance The University regards all identifiable personal and commercial information relating to its staff, students, funders, collaborators, and strategic partners and as processed in the course of its research activities as confidential, except where relevant legislation requires otherwise. The University will undertake or commission regular and appropriate assessments and audits of its compliance with legal requirements. The University has established and will maintain policies to ensure compliance with all relevant legislation. The University has established and will maintain policies for the controlled and appropriate sharing of information with other agencies, taking account of relevant legislation Information Security The University will establish and maintain policies for the effective and secure management of its information assets and resources. The University will undertake or commission regular and appropriate assessments and audits of its information and IT security arrangements. The University will promote effective confidentiality and security practice to all its staff, students, partners and suppliers through policies, procedures and/or training as appropriate. The University, through the Information Governance Sub-Committee of the Information Technology and Governance Committee will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and information security. 3. Responsibilities It is the role of the University Council to approve the University s policy in respect of Information Governance, taking into account legal and Higher Education Sector requirements. Council is also ultimately responsible via the Chief Operating Officer for ensuring that sufficient resources are provided to support the requirements of the policy. The Information Technology and Governance Committee, comprising representation from across the University, with support from the Information Governance Sub-Committee, is responsible for overseeing Information Governance policy and planning, developing and maintaining policies, standards, procedures and guidance, coordinating Information Governance in the University and raising awareness of Information Governance. Staff and students are expected to take ownership of, and seek to improve, the quality of information within their specified areas of activity. There is also an expectation that this policy and its supporting standards and guidelines are built into local processes and procedures and that there is on-going compliance. All staff, whether permanent, temporary or contracted, and contractors/suppliers are responsible for ensuring that they are aware of the requirements incumbent upon them in and for ensuring that they comply with these on a day to day basis. Specific responsibilities of key staff will be found in Annex 1. This policy document will be reviewed on an annual basis by the Information Governance Sub- Committee of the Information Technology and Governance Committee. 7
8 Annex 1 Staff Responsibilities 1. Chief Operating Officer The Chief Operating Officer (COO) is responsible to the Vice-Chancellor on a delegated basis for the general oversight and development of information governance policy. The COO has responsibility for ensuring policies and procedures are implemented and that mechanisms are established to monitor their effectiveness. 2. Deans of Schools and Heads of Professional Services Deans of Schools and Heads of Professional Services have responsibility for the implementation of University information governance policies and procedures in their Schools and Services. The Dean or Head of Service should demonstrate visible commitment to good information governance by: (a) Ensuring that all staff undertake the general training in good information governance practice provided by the University. (b) Ensuring that staff undertake specialised information governance training relevant to their roles (e.g. research data management). (c) Ensuring that there are systems in the School or Service to maintain awareness of the information held and to ensure it is stored, used and shared only in accordance with University policies and procedures. (d) Providing sufficient resources for staff to be able to comply with University policies and procedures. (e) Bringing to the attention of the COO, any breach of statutory requirements which cannot be dealt with at School/Service level and/or may have implications for the University more widely. (f) Ensuring that staff co-operate fully with any information or information security audits authorised by the Information Technology and Governance Committee. (g) Ensuring students and staff are aware of the School or Service s procedures for secure handling of their personal data. (h) Ensuring that University information governance policies and procedures are followed in any dealings, formal or informal, with third party individuals and organisations. 8
Information Governance Policy. Church Road Medical Practice
Information Governance Policy Church Road Medical Practice Version No: 1.0 Issue Date: March 2015 INFORMATION GOVERNANCE POLICY 1. Summary Information is a vital asset, both in terms of the clinical management
More informationInformation Technology and Governance Committee
Information Technology and Governance Committee Paper Title: Enhancing Information Governance at Loughborough University Author: Information Governance Sub-Committee 1. Specific Decision Required by Committee
More informationInformation Governance Policy
Information Governance Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from August 2009 Date last amended August 2009
More informationGloucestershire Hospitals
Gloucestershire Hospitals NHS Foundation Trust TRUST POLICY In the case of hard copies of this policy the content can only be assured to be accurate on the date of issue marked on the document. The Policy
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY NWAS Information Governance Policy Page: Page 1 of 10 Date of Issue: January 2014 Date of Review February 2015 Recommended by Approved by Information Governance Management
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationSALISBURY NHS FOUNDATIONTRUST
SALISBURY NHS FOUNDATIONTRUST PAPER SHC 1738 TITLE Information Governance Policy PURPOSE OF PAPER The Information Governance Policy was first approved in April 2005. It is currently due for review to ensure
More informationInformation Governance Policy
BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended
More informationINFORMATION GOVERNANCE POLICY
Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationCORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014
CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY December 2014 DOCUMENT INFORMATION Author: Barbara Sansom Information Governance Manager Equality Impact Assessment Consultation & Approval
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationInformation Governance Framework
Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information
More informationMOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY
MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat
More informationInformation Governance Policy
Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationInformation Governance Strategy 2015/16
Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationInformation Governance Strategy
Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching
More information1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.
Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review
More informationNHS Sheffield CCG Performance Management Framework
NHS Sheffield CCG Performance Management Framework Governing Body meeting 3 December 2015 Author(s) Rachel Gillott, Deputy Director of Delivery and Performance Sponsor Tim Furness, Director of Delivery
More informationA Question of Balance
A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety
More informationNHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing
More informationACADEMIC POLICY FRAMEWORK
ACADEMIC POLICY FRAMEWORK Principles, Procedures and Guidance for the Development & Review of Academic Policies [V.1] Page 2 of 11 TABLE OF CONTENTS 1. FRAMEWORK OVERVIEW... 3 2. PRINCIPLES... 4 3. PROCESS...
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationInformation Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs
Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper
More informationCompliance Management Framework. Managing Compliance at the University
Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance
More informationInformation Governance Policy
Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:
More informationNational Standards for Safer Better Healthcare
National Standards for Safer Better Healthcare June 2012 About the Health Information and Quality Authority The (HIQA) is the independent Authority established to drive continuous improvement in Ireland
More informationInformation Governance Strategy
Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version
More informationCivil Aviation Authority. Regulatory Enforcement Policy
Civil Aviation Authority Regulatory Enforcement Policy PAGE 2 REGULATORY ENFORCEMENT POLICY Civil Aviation Authority This policy is subject to a phased implementation process please therefore check applicability
More informationInformation Governance Policy
Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval
More informationLancashire County Council Information Governance Framework
Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice
More informationInformation Governance Policy
Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY
More informationResponding to the Security Gap Analysis
University of Glasgow gla.its/its/security_gap_resp.doc/2006-04-06/1 Responding to the Security Gap Analysis James Currall April 2006 Introduction The University engaged Boldon James to conduct a gap analysis
More informationNHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool
More informationVersion Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation
Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy
More informationRISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer
RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.
More informationINFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT
INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT Prepared By: Alistair Stewart Responsible Person: Endorsed by: Information Governance Committee Date: May 2008 Review: June 2009 Issue Number Draft
More informationGovernance Document Management Framework
Governance Document Management Framework Relevant Definitions: In the context of this document: AB means Academic Board Contact Officer means the position responsible for the day to day implementation
More informationLEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT 2011-2012
106 LEICESTERSHIRE COUNTY COUNCIL RISK MANAGEMENT POLICY STATEMENT 2011-2012 Leicestershire County Council believes that managing current and future risk, both opportunity and threat, is increasingly vital
More informationAsset and Development Coordinator
Department: Section: Location: Works and Services Technical Services City Offices Position Overview The is a critical role within Council s Technical Services section of the Works and Services Department
More informationInformation Governance Policy
Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version
More informationInformation Governance Strategy
Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationHow To Be Accountable To The Health Department
CQC Corporate Governance Framework Introduction This document describes the components of CQC s Corporate Governance Framework: what it is intended to achieve, what the components of the Framework are
More informationAudit of Business Continuity Planning
Cumbria Office of the Police & Crime Commissioner Audit of Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens),
More informationInformation Governance Policy
Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups
More informationInformation Governance Framework and Strategy. November 2014
November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationDate of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.
Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5
More informationINFORMATION GOVERNANCE
This document is uncontrolled once printed. Please refer to the Trusts Intranet site (Procedural Documents) for the most up to date version INFORMATION GOVERNANCE NGH-PO-233 Ratified By: Procedural Document
More informationAberdeen City Council IT Governance
Aberdeen City Council IT Governance Internal Audit Report 2013/2014 for Aberdeen City Council May 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary where applicable Terms or
More informationInformation Governance Policy
Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact
More informationNHS Business Services Authority Information Governance Policy
NHS Business Services Authority Information Governance Policy NHS Business Services Authority Corporate Secretariat NHSBSAIGM002 Issue Sheet Document reference NHSBSAIGM002 Document location F:\CEO\IGM\Info
More informationInformation Management Policy London Borough of Barnet
Information Management Policy London Borough of Barnet DATA PROTECTION 11 Information Management Policy - Unrestricted Document Control Document Description Version V.03 Date Created September 2010 Information
More informationOperations. Group Standard. Business Operations process forms the core of all our business activities
Standard Operations Business Operations process forms the core of all our business activities SMS-GS-O1 Operations December 2014 v1.1 Serco Public Document Details Document Details erence SMS GS-O1: Operations
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationRisk Management Policy
1 Purpose Risk management relates to the culture, processes and structures directed towards the effective management of potential opportunities and adverse effects within the University s environment.
More informationChiropractic Boards response 15 December 2008
NATIONAL REGISTRATION AND ACCREDITATION SCHEME FOR THE HEALTH PROFESSIONS Chiropractic Boards response 15 December 2008 CONSULTATION PAPER Proposed arrangements for accreditation Issued by the Practitioner
More informationInformation Governance Plan
Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.
More informationwww.monitor.gov.uk The NHS Foundation Trust Code of Governance
www.monitor.gov.uk The NHS Foundation Trust Code of Governance About Monitor Monitor is the sector regulator for health services in England. Our job is to protect and promote the interests of patients
More informationInformation Governance Policy
Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September
More informationInformatics: The future. An organisational summary
Informatics: The future An organisational summary DH INFORMATION READER BOX Policy HR/Workforce Management Planning/Performance Clinical Document Purpose Commissioner Development Provider Development Improvement
More informationInformation Governance Strategy. Version No 2.1
Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of
More informationSecuring Information in an Outsourcing Environment (Guidance for Critical Infrastructure Providers) Executive Overview Supplement.
Securing Information in an Outsourcing Environment (Guidance for Critical Infrastructure Providers) Executive Overview Supplement June 2011 DISCLAIMER: This document is intended as a general guide only.
More informationCompliance. Group Standard
Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public
More informationBusiness Continuity Management Policy and Framework
Management Policy and Framework Version: Produced by: Date Produced: Approved by: Updated: 7 University Manager with the assistance of the Operational Group 11 th March 2010 Steering Group (14 December
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationRisk Management Policy and Process Guide
Risk Management Policy and Process Guide Status: pending Next review date: December 2015 Page 1 Information Reader Box Directorate Medical Nursing Patients & Information Commissioning Operations (including
More informationInformation Governance Policy A council-wide information management policy. Version 1.0 June 2013
Information Governance Policy Version 1.0 June 2013 Copyright Notification Copyright London Borough of Islington 2012 This document is distributed under the Creative Commons Attribution 2.5 license. This
More informationInformation Governance and Management Standards for the Health Identifiers Operator in Ireland
Information Governance and Management Standards for the Health Identifiers Operator in Ireland 30 July 2015 About the The (the Authority or HIQA) is the independent Authority established to drive high
More informationRISK MANAGEMENT STRATEGY 2014-17
RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team
More informationInformation Security Management System (ISMS) Policy
Information Security Management System (ISMS) Policy April 2015 Version 1.0 Version History Version Date Detail Author 0.1 18/02/2015 First draft Andy Turton 0.2 20/02/2015 Updated following feedback from
More informationD-CRIS Information Governance Assurance
D-CRIS Information Governance Assurance Date: 05 08 2013 Version: 1.0 Author: Murat Soncul Contents 1. Introduction... 3 2. CRIS Security Model... 3 3. SLaM Information Governance Framework... 4 4. Roles
More informationStandard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide
Standard 1 Governance for Safety and Quality in Health Service Organisations Safety and Quality Improvement Guide 1 1 1October 1 2012 ISBN: Print: 978-1-921983-27-6 Electronic: 978-1-921983-28-3 Suggested
More informationInformation Governance Policy
Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise
More informationAPPENDIX 50. Enterprise risk management - Risk management overview
APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...
More informationInformation governance policy
Information governance policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSAIGM002a S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review IG Policy\Current
More informationOffice of the Auditor General Western Australia. Audit Practice Statement
Office of the Auditor General Western Australia Audit Practice Statement Office of the Auditor General Western Australia 7th Floor Albert Facey House 469 Wellington Street Perth Mailing Address Perth BC
More informationInformation governance strategy 2014-16
Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope
More informationInformation Integrity & Data Management
Group Standard Information Integrity & Data Management Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is
More informationSubmission to the Department of Environment Regulation s Draft Guidance Statement on Regulatory Principles December 2014
Submission to the Department of Environment Regulation s Draft Guidance Statement on Regulatory Principles December 2014 Chamber of Commerce and Industry of Western Australia (Inc) About CCI The Chamber
More informationCode of Corporate Governance
www.surreycc.gov.uk Making Surrey a better place Code of Corporate Governance October 2013 1 This page is intentionally blank 2 CONTENTS PAGE Commitment to good governance 4 Good governance principles
More informationNHS Lanarkshire Information Governance Committee
INFORMATION GOVERNANCE COMMITTEE DRAFT TERMS OF REFERENCE Name Purpose NHS Lanarkshire Information Governance Committee To provide direction of and oversee the development of NHS Lanarkshire Information
More informationSOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager
SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director
More informationAvon & Somerset Police Authority
Avon & Somerset Police Authority Internal Audit Report IT Service Desk FINAL REPORT Report Version: Date: Draft to Management: 19 February 2010 Management Response: 12 May 2010 Final: 13 May 2010 Distribution:
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationCollege Governance Statement of Principles, Scheme of Delegation and Terms of Reference
College Governance Statement of Principles, Scheme of Delegation and Terms of Reference 1. Principles: 1.1 Background This document sets out the principles underpinning the College Corporation s work.
More informationWILTSHIRE POLICE FORCE POLICY
Template v4 WILTSHIRE POLICE FORCE POLICY BUSINESS CONTINUITY MANAGEMENT SYSTEMS (BCMS) Effective from: July 2013 Version: 2.0 Next Review Date: July 2015 POLICY STATEMENT Wiltshire Police has a statutory
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationUoD IT Job Description
UoD IT Job Description Role: Projects Portfolio Manager HERA Grade: 8 Responsible to: Director of IT Accountable for: Day to day leadership of team members and assigned workload Key Relationships: Management
More information