Information Management Policy London Borough of Barnet

Transcription

1 Information Management Policy London Borough of Barnet DATA PROTECTION 11

2 Information Management Policy - Unrestricted Document Control Document Description Version V.03 Date Created September 2010 Information Management Policy (Previously Records Management Policy) Status Final Document XXXXXX, Information Management Team, XXXXXX Owner Document Not protectively marked Classification: Authorisation Name Signature Date Prepared By: Checked By Version Control Version Date Author Reason for New Version number 1 Sept 2010 XXXXXX Version 1 2 April 2013 XXXXXX Re-draft 3 June 2014 XXXXXX Redraft; changed to emphasis on Information Management Date last reviewed: June 2014 Date of next review: June 2015

3 Information Management Policy - Unrestricted Contents 1. Introduction What is Information Management? Purpose and scope Information management principles Responsibilities and accountability for Information Management Governance of Information Management Risk management Associated documentation Contact Information/Further Guidance... 6

4 1. Introduction This is the overarching policy of a framework to provide for the effective management of information within the London Borough of Barnet. This policy applies to anyone accessing or using information held by the council or doing so whilst otherwise acting for or on behalf of the council including: employees of the council contractors agency staff contractual third party suppliers agents and partners of the council. Those above are collectively referred to in this policy as officer(s). It is further recommended that local authority schools also adhere to the principles outlined in this policy when undertaking their own processes. 2. What is Information Management? Information is a strategic asset for Barnet, and it is important it is managed well so its potential is realised by the organisation. Information Management is concerned with supporting the delivery of information to the organisation to be used for business purposes, and with working with others to ensure this delivery (such as infrastructure for electronic storage, accommodation for paper storage etc) as set out in this diagram: 1

5 This definition emphasises that information management is not just compliance related (advising on the safety and security of information) but more about managing business risks based on: Not knowing what information or data we have, where it is or what anyone is doing with it; Not knowing what information is for; Not being able to use information or data due to process, access and quality issues; Information not being available when you need it; Not understanding information through a lack of context and / or ownership; Keeping information when we don t need to; Costs for resolution following compliance breaches and data loss. By tackling this, we will help to increase the effectiveness of the organisation in making robust evidence based decisions and support the provision of information and data to our customers and partners. 3. Purpose and scope This policy covers all information created and held by the London Borough of Barnet, regardless of medium, format, storage method or location. This includes all information created by or shared with officers whilst working on behalf of the council. 4. Information management principles The following Information Principles underpin the management of information within the London Borough of Barnet. These principles are: Information is a valued asset Information is managed Information is fit for purpose Information is standardised Information is re-used Public information is published Residents and businesses can access information about themselves 5. Responsibilities and accountability for Information Management Head of Information Management Has overall responsibility for: the Information Management Strategy and defining and maintaining information management policies. 2

6 defining the framework and policy for oversight of partner security and governance. the management of information within the council structure and compliance with relevant information management legislation. Information Manager Assisted by the Information Management Team, ensures that: the Head of Information Management (Head of IM) is briefed on any relevant information management issues, and approval sought as required. that appropriate policy and guidance is in place and up-to-date with regards to good information management practice. will promote and communicate compliance with this policy to ensure the easy, appropriate and timely retrieval of information. All staff and individuals handling data on behalf of the council All individuals have a personal responsibility to ensure that they comply fully with Information Management policy, procedures and guidance. Individual employees (working for, or on behalf of the council) must ensure that the functions for which they are responsible are appropriately documented and recorded. The information they create and for which they are responsible must be fit for purpose, accurate, accessible in both the intellectual and physical sense, while being appropriately secure, and maintained and disposed of in accordance with corporate Information Management Policies. 6. Governance of Information Management Customer and Information Management Board (CIMB) The CIMB is one of the four Enabling Boards for the council, and provides effective support to the council s governance structure through clarity, consistency and speeding up decision-making, with specific emphasis on customers, information management and information & communications technology (ICT). It is a senior level group, chaired by the Chief Operating Officer, with senior representatives from delivery units including Commissioners and Commissioning Group, Re and CSG. The CIMB is aligned with the council s strategic objectives. The CIMB provides the overall governance structure for Information Management. It is the approval board for the Information Management Strategy, and takes updates on the implementation of this strategy. 3

7 The CIMB delegates operational aspects of the delivery of Information Management to the following sub-groups: Information Management and Technology Working Group The purpose of this working group is to assist in the delivery of information management and technology strategies, plans, policies and processes. All internal delivery units are represented on this group, along with the Commissioning Group and CSG. Security Forum The purpose of the Security Forum is: To monitor and mitigate the council s exposure to security (information and physical) risk. To oversee compliance with security policies and procedures, and to ensure that these remain appropriate and fit for purpose. To monitor breaches in security and to recommend follow-up action. To provide a central management point for matters relating to security. All internal delivery units are presented on this group, along with the Commissioning Group and CSG. Information Management Governance Group(s) Each internal delivery unit of the council, along with the Commissioning Group has an IMGG, which is an operational group that is supported by, and works closely with, the Information Management Team. The Group is responsible for: assisting in the delivery of the Information Management Strategy. ensuring that its delivery unit is fully aware of the requirements of council policy and process, delivering induction and training where required. ensuring current operating procedures are efficient and fit for purpose and identifying and communicating deficiencies in current practices to the Information Manager. Ensuring compliance with corporate information management policies. 4

8 7. Risk management In accordance with the first Information Principle that information is a valued asset, the council takes a risk management approach to the management of information. Corporate Information Management risks are assessed according to the council s risk management framework and in line with the aims of the Information Management Strategy, and recorded on the corporate JCAD system. Delivery unit information management risks are assessed at IMGG meetings and recorded on the same system. Information security risks are assessed using the security risk management assessment tool, and risk tolerance decisions taken accordingly. 8. Associated documentation At the London Borough of Barnet, information is managed according to the information lifecycle. The stages of the lifecycle are as follows: Creation Capture / Storage Use Disposal Policies, procedures and guidance are created to support staff in managing information according to this approach, ensuring adherence to the second Information Principle that information is managed. Policies that guide the whole lifecycle are: the Information Security Policy and the Members Information Management Policy, along with the forthcoming Information Asset Register. Lifecycle stage Associated policy, procedure or guidance Status Creation Naming conventions To be completed - Summer 2014 Capture / Storage Use Transparency Policy Classification guidance FOI / EIR Policy & Toolkit Copyright Policy Data Quality Policy To be completed - Autumn

9 Lifecycle stage Disposal Associated policy, procedure or guidance Data Protection Policy & Toolkit Data Transfer Information Sharing Policy Paper Records Secure Handling & Transfer Policy Records Retention Schedule Mill Hill archive storage and retrieval process Status 9. Contact Information/Further Guidance Further advice and guidance on managing your information is available from the corporate Information Management Team. Head of Information Management: Jenny Obee Information Manager: XXXXXX Address: London Borough of Barnet Building 2 North London Business Park Oakleigh Road South London N11 1NP foi@barnet.gov.uk 6