Information Governance Strategy
|
|
- Sylvia Merritt
- 8 years ago
- Views:
Transcription
1 Introduction Information Governance Strategy This strategy sets out the approach to be taken within Children s Hearings Scotland (CHS) to develop a robust Information Governance (IG) framework for the management of information relating to the national Children s Panel, Area Support Teams and CHS. Information comes in many forms, including policy documents, minutes, financial data, personal data, and is held in a variety of paper and electronic formats. Across the Children s Hearings System (the System) we use this information as we work to achieve our vision, mission and values, in accordance with the National Standards and Corporate Plan. Information is a vital asset and plays a key part in corporate governance, business planning and performance management. To maximise the potential benefit from our information we need to manage it effectively, share it appropriately and ensure that it is adequately protected. Each year this strategy will be reviewed and an implementation plan developed to identify areas for improvement, in line with the key objectives identified below. It will highlight who is responsible and accountable for these areas and how we will implement, monitor and review the strategy. It will also describe how the strategy aligns to our corporate and business objectives. Key objectives CHS aims to achieve a standard of excellence in IG by ensuring information is managed securely, efficiently and effectively and in accordance with our statutory and regulatory obligations. The implementation of the following objectives will provide a foundation from which CHS can operate IG best practice. IG Objective 1: We will ensure that all members of the CHS community understand their responsibilities in relation to keeping information safe and know what is expected of them when creating and handling information. implementing comprehensive IG policies, procedures and guidance
2 creating an accessible IG policy framework with clear guidance on what is relevant for each role in the CHS community published on CHS website and the Children s Hearings Information and Resource Portal (CHIRP) delivering inductions, awareness sessions and training communicating key IG messages using CHS Keeping information safe newsletters and CHIRP recording the agreement and acknowledgement of responsibilities to keep information safe establishing processes to monitor compliance with the IG policy framework This objective indirectly aligns to outcomes 1-3 of CHS Corporate Plan and directly aligns to the following outcomes: 4. Members of the CHS Community feel valued, and are supported and well-trained to carry out their role. IG Objective 2: We will ensure that all panel members, AST members, Clerks, staff and Board members have the necessary skills to manage information. using online training and development tools, such as the Civil Service Learning resources producing bespoke IG elearning courses for all panel and AST members, Clerks, staff and Board members requiring all staff and volunteers to complete the elearning modules every two years monitoring and recording elearning completion and pass rates to identify where further training and guidance may be required evaluating the effectiveness of training materials on an ongoing basis communicating key contact details for CHS staff to volunteers who require advice or guidance on IG identifying essential skills and experience required by staff and volunteers when managing information, in our Records Management Competency Framework This objective indirectly aligns to outcomes 1-3 of CHS Corporate Plan and directly aligns to the following outcomes: 4. Members of the CHS Community feel valued, and are supported and well-trained to carry out their role. IG Objective 3: In line with CHS values, we will foster a culture of openness, transparency and accountability and one which values information and knowledge. We will achieve this through the development of an organisational culture: which values information and works to remove barriers to managing information effectively
3 where staff and volunteers have confidence and trust in the quality of our information and in making it available to the public, unless there are reasons for not doing so, such as privacy or security which values protecting information appropriately where managing information is everyone s responsibility and is part of how we operate every day where managing information is an enabler to our business and not a barrier which increases awareness of the importance of information We will do this by: regularly reviewing our Publication Scheme to identify additional classes of data that can be published to build greater public trust in the way we operate whilst at the same time safeguarding personal data from misuse and protecting individuals rights to privacy adopting a risk based approach to withholding data in order to strike the right balance in achieving transparency and maintaining confidentiality whether the privacy of individuals or commercial interests, or where protection is in the public interest producing accessible practical guidance using clear and consistent language using case studies of best practice and examples of poor practice in our communications building messages about IG into general communications and activities This objective indirectly aligns to outcomes 1-4 of CHS Corporate Plan and directly aligns to the following outcome: IG Objective 4: We will maintain a robust information security incident management structure to ensure risks, vulnerabilities and incidents are appropriately identified, reported and managed. communicating responsibilities to staff and volunteers to notify us of any events, vulnerabilities or incidents in CHS systems or information implementing clear incident reporting mechanisms implementing comprehensive risk assessments, investigation and analysis of information security events, vulnerabilities and incidents regularly reviewing the managing incident procedures to reflect best practice standards This objective indirectly aligns to outcomes 1-4 of CHS Corporate Plan and directly aligns to the following outcome:
4 IG Objective 5: We will work with key partners to share information appropriately and responsibly and investigate new ways of improving information sharing practices. sharing and publishing key information to support transparency and accountability establishing information sharing protocols with associated data access agreements embedding privacy impact assessments and compliance checks into the core programme management structure contributing to peer reviews with key partners of IG structures, practices and compliance ensuring that knowledge and experience is shared This objective indirectly aligns to outcomes 1-3 of CHS Corporate Plan and directly aligns to the following outcomes: 4. Members of the CHS Community feel valued, and are supported and well-trained to carry out their role. IG Objective 6: We will know what information we hold and where it is stored. managing information in line with our Retention and Disposal Schedule to ensure that we retain only information where there is a business need to do so, and in line with legal requirements, such as the Data Protection Act 1998 (DPA) migrating content held in shared drives into a new functional Business Classification Scheme, enabling quicker access to information and a better understanding of what information we hold and where it is stored developing CHIRP as a corporate repository for the storage of information created, accessed and shared across the CHS community regularly reviewing and updating the Information Asset Register (IAR) identifying all records created and held by the organisation (including vital records) This objective indirectly aligns to outcomes 1-4 of CHS Corporate Plan and directly aligns to the following outcome: IG Objective 7: We will create, manage and share reliable and trustworthy records which support our core business processes. establishing clear business processes which identify the flow of information throughout the organisation
5 identifying roles and responsibilities in managing information setting data quality standards for the management of information capturing metadata on creation, access, amendment or receipt of information applying access and security mechanisms capturing audit trail information relating to the creation, access, retrieval and disposal of records throughout their lifecycle This objective indirectly aligns to outcomes 1-4 of CHS Corporate Plan and directly aligns to the following outcome: IG Management and Reporting Structure and Responsibilities It is essential that we understand who is responsible for IG systems, strategies and policies in order to support IG activities across the organisation and ensure that key responsibilities align to the corporate governance framework. Details of roles and responsibilities in relation to IG are as follows: Director of Finance and Corporate Services/Senior Information Risk Owner (SIRO) The SIRO is responsible for CHS IG Policy Framework and acts as advocate for IG on the Audit and Risk Management Committee (ARMC). The Information Governance Officer (IGO) provides sixmonthly reports to the SIRO on information risk and highlights any immediate security risks and concerns. The SIRO ensures that an effective IG infrastructure is in place including information asset ownership, reporting, and defined roles and responsibilities. Senior Management Team (SMT) It is the role of the SMT to define CHS IG strategy and associated policies and procedures. It is responsible for ensuring that sufficient resources are provided to support the delivery of this strategy. SMT, in consultation with the IGO, will agree an annual work programme to monitor performance and define new objectives. Audit and Risk Management Committee (ARMC) The ARMC advises the Board on IG arrangements and reviews core IG policies and procedures. The ARMC will review and endorse this IG Strategy and recommend approval to the Board. The ARMC is also responsible for monitoring performance and assessing the control of risk in relation to IG, receiving and acting on reports from the IGO and SIRO. The ARMC will formally review this strategy every two years, however the content will be reviewed by the IGO annually to ensure that the objectives remain relevant and the organisation continues to meet all of its statutory and regulatory responsibilities.
6 Information Governance Officer (IGO) The IGO is responsible for: overseeing and responding to day to day IG issues; developing and maintaining IG policies, procedures and guidance; raising awareness of IG roles and responsibilities; monitoring and reporting on compliance with statutory and regulatory obligations; providing advice and guidance to the CHS community on IG related matters; developing suitable IG training for staff and volunteers; and monitoring and responding to information security events, vulnerabilities and incidents. The IGO also acts as the organisation s Data Protection Officer and is responsible for coordinating and managing the response to all information requests received by CHS. Information Asset Owners (IAOs) Information Asset Owners are responsible for identifying, understanding and addressing risks to the information assets they are responsible for. Risks are highlighted to the IGO who in turn reports to the SIRO. IAOs are accountable to the SIRO for providing assurance on the security and use of their information assets. Joint CHS and SCRA Information Governance Group This joint group is responsible for monitoring and reviewing day to day IG issues which affect the IG frameworks of SCRA and CHS. The group will work together to develop joint IG guidance and will consider new ways to raise awareness. For CHS, the group will report to the ARMC on issues and risk. IT Officer (ITO) The ITO provides technical advice to the SIRO on matters relating to IT Security and ensures compliance with relevant standards. CHS community (all panel members, AST members, Clerks, staff and Board members) All panel members, AST members, Clerks, staff (whether permanent, temporary or contracted) and Board members shall be familiar with and comply with the IG Policy Framework. Any records created by members of the CHS community must be created and managed in line with IG policies and procedures. The CHS community are required to undertake relevant IG training which covers keeping information safe and data protection. Data Processors (including local authorities, IT service providers, panel member recruitment campaign service providers, website providers) Appropriate data processing contracts shall be established with third parties where potential or actual access to and processing of information assets is identified. All data processors will be required to complete an annual self-assessment of their information governance performance and compliance with the contractual arrangements.
7 Training Training and awareness is essential to the success of this strategy and to ensuring that the organisation meets each of the objectives outlined above. We must all complete training in data protection and the care and handling of information. Awareness of our policies and procedures relating to data protection, information security and records management is also essential to ensure confidence in the handling and sharing of information. We aim to develop and deliver a range of bespoke training and awareness methods, suitable for each role within the System. Please see details of the methods to be employed below. Pre-service training Pre-service training is delivered over seven days by lecturers employed by CHS Training Unit at West Lothian College (the CHS Training Unit) - and assisted by volunteers from the CHS Community. Volunteers act as group leaders, facilitating discussion and assisting in role play. The Data Protection Act 1998 (DPA) is covered on the training course and covers an introduction to data protection and specific guidance on keeping information safe, including panel papers and other panel and AST member contact details. On completion of the training, panel members must demonstrate their understanding of the System and their roles and responsibilities, through a Professional Development Award (PDA) assessment process, accredited by the Scottish Credit and Qualifications Framework (SCQF) Level 7. The PDA includes an assessment of panel member responsibilities in relation to the DPA and keeping information safe. Pre-service training is delivered to prospective panel members following their provisional appointment by the National Convener (usually from January onwards each year). Once appointed, panel members will be expected to attend refresher training with the CHS Training Unit on an annual basis. They will also be required to complete elearning refresher training on data protection and keeping information safe every two years. elearning Bespoke elearning courses containing an introduction to data protection and key information security messages for each role within the System are currently being produced by CHS in partnership with the CHS Training Unit. The IGO is responsible for writing the bespoke content for the training and the CHS Training Unit are developing it within their Virtual Learning Environment. All panel and AST members, Clerks, staff and Board members will be expected to complete Part A: An Introduction to Data Protection and a 10 question revision quiz. On completion of Part A, users will be directed to Part B: Key messages for [panel members / AST members / Clerks / staff / Board members] which will cover the key information security messages for each role and will be followed by a further 10 question revision quiz.
8 Volunteers without access to IT facilities will be sent a hard copy version of the elearning course to complete and return to CHS. If resources allow, local training events may be arranged to provide technical support to panel and AST members when completing the online course. Dates of completion as well as scores from the two revision quizzes will be retained on training records to demonstrate that individuals have completed the necessary training in relation to data protection and information security. The elearning course will be made available to panel members who transferred to the national Children s Panel before the end of April AST members, Clerks, staff and Board members will be provided with access to the training on a phased basis, with everyone having access by the end of March All panel and AST members, Clerks, staff and Board members will be expected to complete the training by August 2017 and then complete a shorter, refresher course every two years. Managing Information - what you need to know video CHS has produced a training video for panel members, entitled Managing information what you need to know. It highlights key tips and guidance on the management of information relating to the System, including keeping panel papers safe and using other panel and AST member contact details. The video was circulated to all panel members who transferred to the national Children s Panel in November 2013 and now forms part of the pre-service training for new panel members. It is also available on CHIRP. Panel member s understanding of the key messages highlighted in the video is assessed as part of the PDA, completed at the end of the training. All panel members are expected to have watched the video. The content is regularly reviewed by the IGO and updated accordingly. Information Governance Policy Framework To achieve best practice in the management of information, CHS has established an IG Policy Framework which encompasses all IG related policies, procedures and guidance. The framework outlines the policies that are relevant to each role within the System and so all staff and volunteers are expected to be aware of and understand their responsibilities in regard to the relevant policies. CHS asks all new panel and AST members to sign and return an acknowledgement confirming that they have read and understood each of the relevant policies and procedures. The IG Policy Framework was approved by the CHS Board and Senior Management Team (SMT) in August 2014 and subsequently made available on CHIRP and the CHS website. The framework will be regularly monitored by the IGO to ensure that it remains relevant and up-to-date and will be formally reviewed by SMT and the ARMC every two years.
9 Keeping Information Safe newsletters In the first year of operation, CHS circulated a number of Managing Information Updates to the CHS community to highlight key messages in relation to IG. As there was no process for checking whether or not the newsletters had been read by recipients, CHS investigated the use of a third party to issue the newsletters and provide regular reports on access. Advice was sought from the ICO with regards to the Privacy and Electronic Communications Regulations (PECR) and a procurement exercise resulted in Dotmailer being appointed. The first Keeping Information Safe newsletter, designed in Microsoft Publisher, was produced and circulated to the CHS community in August The next newsletter, to be issued in February 2015, will be produced using the Dotmailer application which will enable us to monitor how many people have read the newsletter and which links have been opened from it. Civil Service Learning Civil Service Learning (CSL) is a Civil Service wide elearning portal allowing access to elearning training on a range of topics, including information governance. Following review of the courses available through CSL, SMT requested that all members of staff completed the Information Asset Owner + Government Security Classifications course and that the Director of Finance and Corporate Services completed the Senior Information Risk Owner + Government Security Classifications course by the end of August All members of staff have now completed the training and have provided the IGO with copies of their certificates. All new staff members will be expected to complete the CSL training until the bespoke elearning training for staff members is available. Relationship to other Strategies A Digital Strategy, presenting the aim of a fully digitised System, is currently being developed by CHS in partnership with SCRA. When available, activities identified within this IG Strategy will be reviewed alongside the Digital Strategy to remove duplication and assess ongoing relevance against other priorities. Monitoring and Review The SMT and IGO will monitor the implementation of this strategy in terms of its supporting policies, procedures and guidance. This document will be formally reviewed by the ARMC annually.
10 Document Control Title Information Governance Strategy Author Ava Wieclawska, March 2015 Approved by CHS Board Date of approval 24 March 2015 Version number 1.0 Review frequency Annually Next review date April 2016 Status Control Version Date Status Author Amendments 0.1 September 2014 Draft Ava Wieclawska N/A January 2015 Draft Ava Wieclawska Amendments made in line with new Corporate Plan outcomes February 2015 Draft Ava Wieclawska Minor amendments following review by staff February 2015 Draft Ava Wieclawska Minor amendments following review by Communications & Engagement Officer March 2015 Draft Ava Wieclawska Minor changes to corporate outcomes and new section on relationship to other strategies following review by ARMC March 2015 Draft Ava Wieclawska Final version approved by the CHS Board subject to a removal of the reference to day 5 of the training course March 2015 Final Ava Wieclawska Final version approved by the CHS Board.
11 Annex A: Training requirements for each role Pre-service training elearning An Introduction to DP elearning Key messages for PMs elearning Key messages for AST members elearning Key messages for Clerks elearning Key messages for Staff elearning Key messages for Board members Civil Service training responsible for Info + Govt Security Classifications Managing Information what you need to know video IG Policy framework Keeping Information Safe newsletter PMs appointed post 24/06/13 PMs appointed pre 24/06/13 AST members Clerks Staff Board members
Information governance strategy 2014-16
Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationInformation Governance Policy
Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationPolicy Checklist. Head of Information Governance
Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationOFFICIAL. NCC Records Management and Disposal Policy
NCC Records Management and Disposal Policy Issue No: V1.0 Reference: NCC/IG4 Date of Origin: 12/11/2013 Date of this Issue: 14/01/2014 1 P a g e DOCUMENT TITLE NCC Records Management and Disposal Policy
More informationInformation Governance Policy
Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationInformation Governance Strategy. Version No 2.1
Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of
More informationInformation Governance Policy
Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:
More informationCardiff Council. Data protection audit report. Executive summary June 2014
Cardiff Council Data protection audit report Executive summary June 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act 1998
More informationInformation Governance Policy
Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups
More informationInformation Management Strategy. July 2012
Information Management Strategy July 2012 Contents Executive summary 6 Introduction 9 Corporate context 10 Objective one: An appropriate IM structure 11 Objective two: An effective policy framework 13
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationPublic Records (Scotland) Act 2011. Healthcare Improvement Scotland and Scottish Health Council Assessment Report
Public Records (Scotland) Act 2011 Healthcare Improvement Scotland and Scottish Health Council Assessment Report The Keeper of the Records of Scotland 30 October 2015 Contents 1. Public Records (Scotland)
More informationINFORMATION GOVERNANCE STRATEGY NO.CG02
INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY 1 Document history, consultation and approval Title SCRA Information Governance Policy Version Version 1 Other relevant approved document SCRA Case Information Policy SCRA
More informationInformation Governance Policy
Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise
More informationInformation Governance Framework
Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March
More informationInformation Governance Plan
Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.
More informationSOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager
SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director
More informationRecords Management plan
Records Management plan Prepared for 31 October 2013 Audit Scotland is a statutory body set up in April 2000 under the Finance and Accountability (Scotland) Act 2000. We help the Auditor General for Scotland
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationScotland s Commissioner for Children and Young People Records Management Policy
Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives
More informationMinutes of the meeting of 30 June 2014
Minutes of the meeting of 30 June 2014 The meeting opened at 10.34. Present: Brian Baverstock, Chair Linda Watt, committee member Andrew Thin, committee member Also present: Boyd McAdam, National Convener/Interim
More informationInformation Governance Strategy
Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationFurther to reports to EAG in February and March 2014, the purpose of this report is to;
Report to: Trust Board of Directors Date of Meeting: 29 May 2014 Report Title: Annual Information Governance Report 13/14 Status: Mark relevant box with X Prepared by: Executive Sponsor (presenting): Appendices
More informationInformation Governance Policy
Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy
More informationINFORMATION GOVERNANCE POLICY
Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):
More informationINFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationInformation Governance Framework
Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationInformation Governance Policy
Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September
More informationPARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4.
PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN Records Management Policy Version 4.0 Page 1 of 11 Document Control Title: Original Author(s): Owner: Reviewed by: Quality Assured by: File Location: Approval
More informationInformation Management Policy CCG Policy Reference: IG 2 v4.1
Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control
More informationMANAGING DIGITAL CONTINUITY
MANAGING DIGITAL CONTINUITY Project Name Digital Continuity Project DRAFT FOR CONSULTATION Date: November 2009 Page 1 of 56 Contents Introduction... 4 What is this Guidance about?... 4 Who is this guidance
More informationCorporate Policy and Strategy Committee
Corporate Policy and Strategy Committee 10am, Tuesday, 30 September 2014 Information Governance Policies Item number Report number Executive/routine Wards All Executive summary Information is a key asset
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationPERFORMANCE SUPPORT & MONITORING FRAMEWORK FOR SAFEGUARDERS
PERFORMANCE SUPPORT & MONITORING FRAMEWORK FOR SAFEGUARDERS July 2015 2 PERFORMANCE SUPPORT & MONITORING FRAMEWORK Contents Context... 4 Purpose of the Framework... 5 Benefits of the Framework... 5 Basis
More informationInformation Governance Strategy
Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version
More informationInformation Governance Strategy
Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationNHS Lanarkshire Information Governance Committee
INFORMATION GOVERNANCE COMMITTEE DRAFT TERMS OF REFERENCE Name Purpose NHS Lanarkshire Information Governance Committee To provide direction of and oversee the development of NHS Lanarkshire Information
More informationInformation Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.
Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best
More informationUniversity of Sunderland Business Assurance. Over-arching Information Governance Policy. Document Classification: Public
University of Sunderland Business Assurance Over-arching Information Governance Policy Document Classification: Public Policy Reference Central Register IG001 Policy Reference Faculty / Service IG 001
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationInformation Governance Framework and Strategy. November 2014
November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationRECORDS MANAGEMENT POLICY
Reference number RM001 Approved by Information Management and Technology Board Date approved 23 rd November 2012 Version 1.1 Last revised July 2013 Review date May 2015 Category Records Management Owner
More informationHow To Ensure Information Security In Nhs.Org.Uk
Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:
More informationLancashire County Council Information Governance Framework
Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice
More informationCorporate Records Management Policy
Corporate Records Management Policy Introduction Part 1 Records Management Policy Statement. February 2011 Part 2 Records Management Strategy. February 2011 Norfolk County Council Information Management
More informationWest Dunbartonshire Council. Follow-up data protection audit report
West Dunbartonshire Council Follow-up data protection audit report Auditors: Lee Taylor (Audit Team Manager) Jonathan Kay (Engagement Lead Auditor) Data controller contacts: Michael Butler (Data Protection/Information
More informationINFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT
INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT Prepared By: Alistair Stewart Responsible Person: Endorsed by: Information Governance Committee Date: May 2008 Review: June 2009 Issue Number Draft
More information1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.
Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review
More informationCentral London Community Healthcare NHS Trust. Data protection audit report
Central London Community Healthcare NHS Trust Data protection audit report Executive Summary July 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationPublic Records (Scotland) Act 2011. NHS Health Scotland Assessment Report. The Keeper of the Records of Scotland. 5 th August 2015
Public Records (Scotland) Act 2011 NHS Health Scotland Assessment Report The Keeper of the Records of Scotland 5 th August 2015 Contents 1. Public Records (Scotland) Act 2011... 3 2. Executive Summary...
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationVersion Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation
Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationDURHAM COUNTY COUNCIL CORPORATE RECORDS MANAGEMENT POLICY
DURHAM COUNTY COUNCIL CORPORATE RECORDS MANAGEMENT POLICY Version 3.0 February 2015 Table of Contents 1. Purpose...3 2. Background... 4 3. Legislative Arena... 4 4. Scope...5 5. Aim and Objectives... 6
More informationBEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE
GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE
More informationA Question of Balance
A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What
More informationWEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public
WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY CONTENTS 1. POLICY STATEMENT... 3 2. PRINCIPLES... 3 DEFINITIONS... 4 3. OBJECTIVES... 4 4. SCOPE... 4 5. OWNERSHIP & RESPONSIBILITIES...
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval
More informationInformation Governance Policy
Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More informationInformation Governance Training Plan v13
Information Governance Training Plan To meet requirements of IGT v13 Lincolnshire East Clinical Commissioning Group Page 1 of 17 Contents Introduction Page 3 Training Provision Page 4 Staff Induction Awareness
More informationPublic Records (Scotland) Act 2011. City of Edinburgh Council and Licensing Board Assessment Report. The Keeper of the Records of Scotland
Public Records (Scotland) Act 2011 City of Edinburgh Council and Licensing Board Assessment Report The Keeper of the Records of Scotland 23 June 2016 Contents 1. Public Records (Scotland) Act 2011... 3
More informationAuditing data protection a guide to ICO data protection audits
Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit
More informationData Protection Audit Report - Southampton City Council
Southampton City Council Data protection audit report Executive summary March 2016 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection
More informationCaedmon College Whitby
Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:
More informationInformation Governance Incorporating the Records Management Plan
Information Governance Incorporating the Records Management Plan Information governance, or IG, is the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Policy
NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationHighland Council Information Security Policy
Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended
More informationPublic Records (Scotland) Act 2011. Fife NHS Board Assessment Report. The Keeper of the Records of Scotland. 27 September 2013.
Public Records (Scotland) Act 2011 Fife NHS Board Assessment Report The Keeper of the Records of Scotland 27 September 2013 Contents 1. Public Records (Scotland) Act 2011... 3 2. Executive Summary... 3
More informationInformation Governance Policy
Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version
More informationGeneral Register Office for Scotland information about Scotland s people. Paper NHSCR GB 1/08. NHSCR Scotland Information Governance Standards
General Register Office for Scotland information about Scotland s people Paper NHSCR GB 1/08 NHSCR Scotland Information Governance s This is a draft on which the Board s comments would be welcome. Contents
More informationTERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL
TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL INTRODUCTION WHAT IS A RECORD? AS ISO 15489-2002 Records Management defines a record as information created,
More informationCCG: IG06: Records Management Policy and Strategy
Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of
More informationINFORMATION GOVERNANCE AND DATA PROTECTION POLICY
INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy
More informationInformation Security Assurance Plan 2015/16
Information Security Assurance Plan 2015/16 Policy number: N/A Version 2.0 Approved by Name of author/originator Owner (Exec Director) Date of approval August 2015 Date of last review July 2015 Next due
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationOur Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
More informationNHS SCOTLAND PERSONAL HEALTH RECORDS MANAGEMENT POLICY FOR NHS BOARDS
INFORMATION GOVERNANCE RECORDS MANAGEMENT GUIDANCE NOTE NUMBER 002 NHS SCOTLAND PERSONAL HEALTH RECORDS MANAGEMENT POLICY FOR NHS BOARDS Guidance Note 002 1 1 HEALTH RECORDS MANAGEMENT POLICY 1.1 Introduction
More informationFREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT
FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT November 2003 Laid before the Scottish Parliament on 10th November 2003 pursuant to section 61(6) of the Freedom of Information
More informationLSCB Self-Assessment Tool
LSCB Self-Assessment Tool The Local Safeguarding Children board s primary function is to bring together representatives from agencies and professionals responsible for safeguarding children. It is an inter-agency
More informationInformation Governance Strategy Includes Information risk & incident management methodology
Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May
More informationMapping the Technical Dependencies of Information Assets
Mapping the Technical Dependencies of Information Assets This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage risks to digital
More informationEmbedding Digital Continuity in Information Management
Embedding Digital Continuity in Information Management This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage risks to digital
More information