SHAREPOINT GOVERNANCE POLICY

Transcription

1 SHAREPOINT GOVERNANCE POLICY Joanne McEvoy Directorate of Performance and Reform July 2012 Review Date: 1 of 7

2 Policy Checklist Name of Policy: Purpose of Policy: Directorate responsible for Policy Name & Title of Author: Does this meet criteria of a Policy? Staff side consultation? SharePoint To ensure that Trust staff follow a corporate approach towards use of the SharePoint solution Performance and Reform Joanne McEvoy, ITS Programme Manager Yes Equality Screened by: Date Policy submitted to 16 September 2013 Policy Scrutiny: Members of Policy Scrutiny in Attendance: Vivienne Toal, Head of Employee Engagement & Relations (Chair) Tierna Armstrong, Head of Social Work, Older People (for Melanie McClements), Anita Carroll, Assistant Director of Acute Services Functional Support Services Claire Graham, Head of Corporate Records (for Siobhan Hanna), Carmel Harney, Assistant Director of Allied Health Professionals, Governance & Workforce Planning, Stephen Wallace, Project Manager (for Anne Brennan) Fiona Wright, Assistant Director of Nursing Governance Policy Approved/Rejected/ Amended Communication Plan required? Training Plan required? Implementation Plan required? Any other comments: Date presented to SMT Director Responsible SMT Approved Approved. 2 of 7

3 POLICY DOCUMENT VERSION CONTROL SHEET Title Supersedes Originator Sharepoint Not applicable Joanne McEvoy, ITS Programme Manager Scrutiny Committee & SMT approval Circulation Review SMT Comments Date received by Employee Engagement & Relations for database/intranet/internet Date for further review 2 year default 3 of 7

4 1.0 INTRODUCTION TO POLICY. This policy has been created to provide standard guidelines by which staff must comply in order to use the Trust SharePoint - a system which offers document storage, intranet and collaboration tools. In order for SharePoint to operate effectively, adherence to the principles contained within this document is mandatory for all staff within the Southern Health and Social Care Trust. It is important that this policy is read in conjunction with its appended Governance Plan, the Trust s Internet / policy and guidance on Social Networking. 2.0 PURPOSE AND AIMS The purpose of this policy is to ensure that SharePoint is utilised effectively by Trust staff. Compliance will ensure SharePoint has an efficient searching function, well-structured Document Libraries and Sites with appropriate content. 3.0 POLICY STATEMENT 3.1 SharePoint is a system which has been implemented in the Southern Trust as an IT solution for sharing information as well as a communication tool to raise the profile of Divisions and Departments across the Trust. 3.2 SharePoint and the contents of its sites is the responsibility of the Senior Management Team and Heads of Service (Site Owners). It is a Trustwide system and its usefulness and efficiency relies on its dynamic content which should be authorised and monitored by Site Owners. 3.3 SharePoint sites will be created by Departments / Teams as central repositories of documents and information for sharing and collaborative working. Permissions around access to documents and libraries will be categorized as follows; Open Collaborative Working able to be searched and accessed by all Trust staff (default setting) Internal Collaborative working - search and access limited to the Site s own Department / Team staff Closed Collaborative Working - search and access granted only to specific set of users (from any department) 3.4 SharePoint relies on Site Owners and Site Administrators to upload information to sites which is potentially visible by all Trust staff. 4 of 7

5 SharePoint is not patient / client information system and should not be used for this purpose. SharePoint also contains a MySite for each individual member of staff - the content of which is managed by each individual User. It is therefore the duty of all staff to be aware SharePoint must not be used to; Transmit any patient/client identifiable or confidential information about staff Transmit inappropriate, obscene, offensive or damaging material. Transmit threatening material, or material intended to frighten or harass. Transmit defamatory material. Infringe copyright. Transmit unsolicited advertising or similar activities. Transmit non work related advertisements e.g. personal items for sale, events etc. 4.0 SCOPE OF THE POLICY The principles outlined in this document are applicable to all Trust employees and therefore it is essential that all staff are informed of its contents. 5.0 ROLES AND RESPONSIBILITIES 5.1 Chief Executive, Directors and Senior Management Team/Heads of Service (Site Owners) Content of SharePoint sites should be authorised and monitored by Site Owners. Site Administrators are appointed by Site Owners. Site Administrators are skilled to manage sites but overall responsibility for content lies with each Site Owner. 5 of 7

6 Managers have a responsibility to ensure that all staff are aware of the SharePoint Governance Policy. Staff will use SharePoint as designated within this policy and associated procedures 5.2 Director of Performance and Reform The Director of Performance & Reform is responsible for ensuring there is a policy and procedures in place to in relation to SharePoint use. 5.3 Assistant Director of Informatics The Assistant Director is responsible for ensuring that appropriate systems and processes are in place to provide a safe and secure SharePoint system and to be able to monitor its use. The Assistant Director is responsible for ensuring that IT staff are trained and aware of the policy and procedures to be applied in relation to SharePoint. 5.4 Individual members of staff Staff will use SharePoint as designated within this policy and associated procedures. Failure to do so may be considered a disciplinary offence, and staff could be subject to the relevant disciplinary policy and procedures of the Trust. As per point 3.4 of this policy, SharePoint is not a patient / client information system and should not be used to store this type of information. Staff may be requested to remove patient / client identifiable information which is deemed to constitute a breach of this policy. Failure to comply with such a request may in itself result in disciplinary action. If staff are aware of content on SharePoint that could harm the reputation of the Trust or any member of staff or service user, it must be reported immediately to their line manager, who will report this to the Trust s Information Governance department for incident management and HR Employee Relations Department for disciplinary advice or action. Breach of this policy may result in disciplinary action and in serious cases, dismissal. Any member of staff suspected of committing a breach of this policy will be required to co-operate with Trust investigation initiated by the Trust Human Resources department. 6 of 7

7 6.0 LEGISLATIVE COMPLIANCE, RELEVANT POLICIES, PROCEDURES AND GUIDANCE The SharePoint system must be operated within the principles of the Data Protection Act 1998 and the Computer Misuse Act This policy should be read in conjunction with other Trust IT policies and guidance available on the Intranet, including Policy Internet Policy Data Protection Policy Social Networking Policy 7 Sources of Advice and Further Information Related Policies/Manuals Include:- SharePoint Governance Plan AllItems.aspx Trust IT Security Policy olicy_cmca.pdf Trust Policy y2011.pdf Social Networking Policy ents/socialnetwork.pdf Good Guide to Etiquette Etiquettefeb09.pdf Records Management Policy gementpolicy_000.pdf 7 of 7

8 8 of 7

9 POLICY IMPLEMENTATION PLAN POLICY TITLE: SharePoint Governance Policy ACCOUNTABLE DIRECTOR: Paula Clarke POLICY AUTHOR: Joanne McEvoy CO-ORDINATOR FOR IMPLEMENTATION PLAN: DATE APPROVED BY POLICY SCRUTINY COMMITTEE: DATE APPROVED BY SMT: Joanne McEvoy 19/03/2013 An implementation plan must be developed for all policies. This will ensure that a systematic approach is taken to the introduction of policies in order to secure effective working practices. The following template provides a checklist to be used as a starting point for thinking about implementation in a systematic manner. 9 of 7

10 KEY TASKS ACTION TAKEN/PLANNED LEAD TIMESCALE Since SharePoint is available for use by all Trust staff this Project Manager / policy affects everyone directly. SharePoint is a Site Administrators communication and information sharing tool and this / AD s and HOS policy sets out to govern correct use bearing in mind the implications for confidentiality of information, and explain the roles and responsibilities of key stakeholders. Communicating and Engaging staff Who is affected directly or indirectly by the policy? Are the most appropriate staff involved in the implementation? What are the key messages to communicate to the different stakeholders? How will these messages be communicated? Are arrangements in place to ensure the induction of new staff reflects the policy? Has Policy been uploaded on to intranet and website? Engaging staff and developing strong working relationships will provide a solid foundation for changes to be made. Effective communication will ensure that all those affected by the policy are kept informed thus smoothing the way for any changes The key messages for staff are that SharePoint must not be used to; Transmit any patient/client identifiable or confidential information Transmit inappropriate, obscene, offensive or damaging material. Transmit threatening material, or material intended to frighten or harass. Transmit defamatory material. Infringe copyright. Transmit unsolicited advertising or similar activities. Transmit non work related advertisements e.g. personal items for sale, events etc. The policy will be communicated to staff via a range of methods. Senior Managers will be encouraged to cascade its messages through team meetings. It will be shared via E-Brief / Global and included in the Induction checklist for new staff. The policy will be uploaded to the Intranet, and is available 1 of 7

11 KEY TASKS ACTION TAKEN/PLANNED LEAD TIMESCALE from the Home Page of SharePoint itself. Involving service users and carers Is there a need to provide information to service users and carers regarding this policy? Are there service users, carers, representatives or local organisations who could contribute to the implementation? Involving service users and carers will ensure that any actions taken are in the best interests of the service users and carers and that they are better informed about their care. Training What are the training needs related to this policy? Are the people available with the skills to deliver the training? Since service users / carers are not directly affected there is no need to provide to these groups information regarding this policy. Site Administrators appointed for each site will have the ability to upload documents, and also to give others permissions to upload or contribute / edit documents. Site Administrators are provided with a 2-hour session of training by the ICT Training Team. At this training the messages within this policy are emphasised. Site Administrators will champion SharePoint within their teams and further emphasise the Governance message when demonstrating how it can be used to colleagues. Joanne McEvoy Site Admins September/October 2013 Within 2-3 weeks of Site Provisioning All stakeholders need time to reflect on what the policy means to their current practice and key groups may need specific training to be able to deliver 2 of 7

12 KEY TASKS ACTION TAKEN/PLANNED LEAD TIMESCALE specific requirements. Evaluation What are the main changes in practice that should be seen from the policy? How might these be evaluated? Evaluating and demonstrating the benefits of new policy is essential to promote the achievements of those involved and justify changes that have been made. In order for SharePoint to be used effectively staff should be aware from the outset of its limitations. Use of SharePoint with adherence to this Governance Policy will ensure staff do not contravene Data Protection legislation as well as reinforcing adherence to the Social Networking Policy and / IT policies. It will be possible to evaluate the effectiveness of this policy by monitoring the incidence of confidentiality of information being compromised by Trust staff (via Datix). For duration of the Project the Project Manager / Project Board 3 of 7