Information Governance Management Framework
|
|
- Brendan Barker
- 8 years ago
- Views:
Transcription
1 Information Governance Management Framework Document Status: Approved Version: v 1.3 DOCUMENT CHANGE HISTORY Version Date Comments (i.e. viewed, or reviewed, amended, approved by person or committee v1.0 8 June 2012 Draft, Phil Stimpson v July 2012 Additions made to draft by Phil Stimpson v August 2012 Include IG Toolkit Workplan as Appendix F Approved by CCG 09/01/2013 Quality Committee V April 2013 Include Information Security Work plan as Appendix G Revised list of IG policies V June 2013 Approved by SDT CCG Quality Committee Authors: Corporate Affairs Manager Names and roles of Contributors, committee members etc Document IG Toolkit version 11 requirements 130, 131, 134, 230, 231, 232, 233, 341, Reference: 345, 349 Directorate:- Corporate Affairs Approval Quality Committee Review Date of approved document: April 2014 South Devon and Torbay Clinical Commissioning Group promotes equality, diversity and human rights and is committed to ensuring that all people and communities it serves have access to the services we provide. In exercising the duty to address health inequalities, the CCG has made every effort to ensure this policy does not discriminate, directly or indirectly, against patients, employees, contractors or visitors sharing protected characteristics of: age; disability; gender reassignment; marriage and civil partnership; pregnancy and maternity; race; religion and belief; sex (gender); sexual orientation or those protected under Human Rights legislation. All CCG policies can be provided in large print or Braille formats; translations on request; language line interpreter services are available; and website users can use contrast, text sizing and audio tools if required. For any other assistance, please contact the CCG at sdtccg@nhs.net or South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 1 of 19
2 CONTENTS Section Page 1. Introduction 3 2. Definitions & Key Roles 5 3. Key Policies 6 4. Key Governance Bodies 6 5. Resources 6 6. Governance Framework 7 7. Information Governance Toolkit 7 8. Information Governance Training and Guidance 8 9. Incident Management Information Sharing Information Security 9 Appendix A Glossary 10 Appendix B SDT CCG / Devon PCT Cluster staff in key IG roles 11 Appendix C SDT CCG / Devon PCT Cluster support arrangements for SIRO 12 Appendix D SDT CCG / Devon PCT Cluster support arrangements for Caldicott Guardian 13 Appendix E SDT CCG / Devon PCT Cluster Information Governance Policies 14 Appendix F SDT CCG / Devon PCT Cluster Information Sharing Protocols 15 Appendix G IG Toolkit Workplan Not included Appendix H Information Security Operational Plan Linked strategies, policies and other documents Dissemination requirements Information Governance Policy Data Protection Policy Code of Confidentiality Records Management Policy The policy will be disseminated via managers to cascade to staff within their remit. This framework will be made available on the CCG s intranet and internet sites. South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 2 of 19
3 1 Introduction 1.1 Introduction The Information Governance Toolkit (IGT) for 2013/14 requires NHS South Devon and Torbay Clinical Commissioning Group (CCG) to have an Information Governance Management Framework (IGMF) to bring together all threads of the CCG s Information Governance (IG) activities in an approved document References are made throughout this Framework to the Information Governance Toolkit in the format , where 11 refers to version 11 for 2013/14 and 130 refers to requirement number Much of the content of this Framework is taken directly from Connecting for Health guidance, to ensure that the Cluster produces the precise documentation required for Information Governance Toolkit auditing and evidence purposes Robust Information Governance requires clear and effective management and accountability structures, governance processes, documented policies and procedures, trained staff and adequate resources. The way that an organisation chooses to deliver against these requirements is referred to within the Information Governance Toolkit as the organisation s Information Governance Management Framework. This Framework must be documented, approved at the most appropriate senior management level in the organisation (e.g. the Governing Body, the Executive Team or a named Executive Director) and reviewed annually The Information Governance Management Framework adopted by a CCG may be described in a standalone document or may be incorporated within an over-arching Information Governance Policy or an Information Governance Strategy. Whilst many elements of Information Governance Management Frameworks will be similar for different organisations and must cover the headings described in the table below, there is no requirement for frameworks to be identical. The Information Governance Management Framework should provide a summary/overview of how an organisation is addressing the Information Governance agenda, and adapted appropriately to the capacity and capability of the organisation concerned The elements of an Information Governance Management Framework, as defined by Connecting for Health, are shown in the table below: INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Heading Requirement Notes Senior Roles Senior Information Risk Owner (SIRO) (11-345) Caldicott Guardian (11-230) IG Lead These roles should be at Governing Body or the most senior leadership team level. The IG lead and the SIRO may be the same individual but the Caldicott Guardian should be distinct from both of the others South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 3 of 19
4 Key Policies Over-arching IG Policy (11-131) Data Protection Act 1998/Confidentiality Policy Organisation Security Policy Information Lifecycle Management Policy Corporate Governance Policy Key Governance Bodies IG Board / Forum / Steering Group Resources Details of key staff roles and dedicated budgets Governance Framework Details of how responsibility and accountability for IG is cascaded through the organisation. ( & ) Training & Guidance Staff Code of Conduct (11-231, & ) Training for all staff (11-134) and advisory rather than accountable. Policies set out scope and intent. The over-arching IG policy should reference the three supporting Confidentiality, Security and Records Management policies and might be where the organisation s intended IG Management Framework is documented. A group, or groups, with appropriate authority should have responsibility for the IG agenda. This might be one or more standalone groups or be part of an Integrated Governance Board or Risk Management group. The key staff involved in the IG agenda below those at Governing Body or most senior levels should be identified with a description of their roles and responsibilities. This may include an IG officer, Data Protection Officer, Information Security Officer, Freedom of Information Manager, Corporate and Clinical Governance Leads or Data Quality Leads. Any dedicated budgets and high level plans for expenditure in-year should also be identified, including outsourcing to external resources or contractors. This should include staff contracts, contracts with third parties, Information Asset Owner arrangements, Departmental Leads on aspects of IG etc. Staff need clear guidelines on expected working practices and on the consequences of failing to follow policies and procedures. The approach to South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 4 of 19
5 Incident Management Organisation Security Policy Training for specialist IG roles Documented procedures and staff awareness (11-341, & ) ensuring that all staff receive training appropriate to their roles should be detailed. Clear guidance on incident management procedures should be documented and staff should be made aware of their existence, where to find them and how to implement them. 2 Definitions & Key Roles Information Governance Management Framework documented approach to the organisation and delivery of clear and effective management and accountability structures, governance processes, documented policies and procedures, trained staff and adequate resources. The following roles should be at Governing Body or the most senior leadership team level: Senior Information Risk Owner (SIRO) A member of the Senior Management Team (SMT) with overall responsibility for the organisation s information risk policy. The SIRO will also lead and implement the Information Governance risk assessment and advise the SMT on the effectiveness of risk management across the organisation. The SIRO s responsibility is formally added to the job description of this individual, using the standard Connecting for Health wording. Details of the staff roles directly supporting the SIRO are shown in Appendix C. (11-345) Information Asset Owners (IAO) - A senior member of staff who is the nominated owner for one or more of the identified information assets of the CCG. The IAO responsibility is formally added to the job description of this individual, using the standard Connecting for Health wording. Information Governance (IG) Lead A senior representative in the organisation who leads and co-ordinates the Information Governance work programme. This may be the same individual as the SIRO. Information Security Lead - A senior representative supporting the organisation who leads and co-ordinates the Information Technology / Security work programme. This individual may report directly to the CCG SIRO. Caldicott Guardian - A member of the Senior Management Team responsible for protecting the confidentiality of patient and service user information and enabling appropriate information sharing. Caldicott Guardians were mandated for NHS organisations by Health Service Circular HSC 1999/012, and later for social care by Local Authority Circular LAC 2002/2. General Practices are required by regulations to have a confidentiality lead. This position may not be the same individual as the SIRO or the IG lead because the Caldicott Guardian s role should be advisory rather than accountable. Details of the staff roles directly supporting the Caldicott Guardian are shown in Appendix D. (11-230) South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 5 of 19
6 Details of senior leadership roles for Information Governance are shown in Appendix B. 3 Key Policies This is of particular relevance to Policies set out scope and intent. The over-arching IG policy should reference the three supporting Confidentiality, Security and Records Management policies. The CCG s Information Governance policies will be reviewed and agree by the IG Forum followed by approval by the Quality Committee. IT Security policies follow the same basic principles as other Information Governance policies, and the writing, review and approval techniques described here apply equally to IT Security policies. The responsibility for writing a particular policy is normally assigned by a senior manager (Manager or Head of Department) or to a named individual having expertise in that area. For Information Governance policies, the Information Governance Manager is typically tasked with writing appropriate policies. As polices require an update, either because they are near the agreed review date or because legislation, national guidance or working practices have changed, the original author will typically make the necessary changes. The CCG s Information Governance policies are listed in Appendix E. 4 Key Governance Bodies The Quality Committee with authority delegated from the CCG Governing Body will be the typical mechanism for directing and approving Information Governance work programmes, receiving reports and approving policies. The IG experts from across the CCG s departments corporate, quality, medicines, business intelligence - meet on a monthly basis to share learning and best practice and to ensure that IG work programmes are on track, particularly the IG Toolkit plans and submissions for each organisation. This is the IG Forum. 5 Resources The key staff involved in the IG agenda are identified with a description of their roles and responsibilities. These staff may either be directly employed by the CCG or their professional services are provided to the CCG via a contract with other NHS organisations, and include Information Governance Manager, Data Protection Officer, Information Security Manager, Freedom of Information Manager, Corporate and Clinical Governance leads or Data Quality leads. Details of key staff roles are described in Appendix B. South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 6 of 19
7 The Information Security Manager of NEW Devon CCG holds the CISM qualification (Certified Information Security Manager), having passed ISACA exams in December 2009, and is contracted to South Devon and Torbay CCG to undertake Information Security work for this CCG. 6 Governance Framework This is of particular relevance to and The CCG s Caldicott Guardian is a member of the Senior Management Team and is supported in this function as described in Appendix D. The contracts of all CCG staff contain specific Confidentiality and Data Protection clauses that describe staff s responsibilities towards any personal data they process [these clauses will also be included in any new CCG positions created]: CONFIDENTIALITY / DATA PROTECTION You must adhere to the CCG's policy, national legislation and common law in relation to confidential and personal information. You must not disclose any information of a confidential or personal nature relating to the employer or in which the employer has a duty of confidence to any third party other than where you are obliged to disclose such information in the proper course of your employment or required by law. A failure to follow any policy in relation to the collection, keeping, processing or destruction of personal data and / or confidential information, and whether deliberate or accidental, whether regarding a patient, another staff member or other third party, will be regarded as potential misconduct, and may result in disciplinary proceedings being brought. Deliberate or negligent misuse of data, whether by unlawful disclosure or otherwise, may be considered gross misconduct, and may result in summary dismissal in the most serious cases. This clause does not interfere with your rights to make a disclosure under the Public Interest Disclosure Act 1998 ("whistle blowing"), which gives legal protection to employees against being dismissed or penalised by their employers as a result of disclosing information which is considered to be in the public interest and which you believe shows malpractice/wrongdoing within the CCG. If you are making a disclosure under the Public Interest Disclosure Act you must ensure that you follow the procedure laid down in the CCG Whistle blowing Policy. 7 Information Governance Toolkit The CCG aims to achieve level 2 for all Information Governance Toolkit requirements. The Information Governance Statement of Compliance (IGSoC) has been signed by the Chief Operating Officer; this commits the CCG to achieving compliance with the terms and conditions of the statement, including meeting a minimum of level 2 for all IG Toolkit requirements, or having an agreed improvement / action plan in place to achieve that level. Documentary evidence to meet the IG Toolkit requirements is compiled by the Information Governance and IT Security Managers, and uploaded onto the IG Toolkit website as appropriate. South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 7 of 19
8 For version 10 of the IG Toolkit, the final submission was made on 19 April Version 11 will apply in 2013/14, and the CCG is expected to have achieved level 2 compliance across all requirements by 30 June A statement on this will be made by the Information Governance Manager to the Quality Committee in June 2013, at which point authorisation for submission from the Quality Committee and SIRO will be sought. The action plan to achieve level 2 across all requirements is contained at Appendix G. 8 Information Governance Training and Guidance This is of particular relevance to , , and All staff receive Information Governance training during their first year of employment with the CCG (ideally within the first few weeks of employment) and annual Mandatory refresher training. This comprises the online IG Training Tool module(s) relevant to each role, supplemented as necessary by classroom training sessions. The Information Governance Manager and IT Security Manager work closely with the Organisation Development team to ensure that all staff are undertaking the prescribed online training modules recommended by Connecting for Health. Further specific staff training on particular aspects of Information Governance can also be delivered during Departmental development days, Team meetings and other staff events. Details of policies will be cascaded to staff through line management and via the CCG s intranet. Copies of approved policies will be published on the CCG s website... The CCG recognises that dissemination via electronic methods is not always the best approach to ensure that all staff understand the policies relevant to their work, and that other cascade and awareness routes are also available as appropriate, including: a. Inclusion in local induction process/paperwork. b. Corporate induction. c. reminders. d. Newsletters. e. Information on policies and procedures provided with letter of appointment. f. Focus increased within Mandatory Training (refresher). g. Further inclusion of responsibilities of staff included within individual contracts. 9 Incident Management This is of particular relevance to , and Guidance has been issued to staff on recording both Clinical and non-clinical Incidents, the latter to include Information Governance incidents such as data loss and breach of confidentiality, and IT Security incidents such as theft of a laptop computer. The CCG s Incident Management Policy describes the process for staff to follow. The CCG will follow the previously-published South West Strategic Health Authority s Managing Serious Untoward Incidents reported by NHS organisations through the Strategic Executive South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 8 of 19
9 Information System (STEIS) -Guidance for lead commissioning Primary Care Trusts. This will in due course be superceded by guidance contained in version 11 of the IG Toolkit. Incidents will be reported via KPIs to the Information Governance Forum and the Quality Committee. 10 Information Sharing The CCG will actively engage with other organisations (for example other health organisations, police, councils and housing trusts) to share patient information where there is a clear need and where this is in line with legislation. This activity will be covered by specific Information Sharing Protocols, which are formally signed off by the Caldicott Guardian. For the sake of clarity, a Protocol describes the principles and purposes of data-sharing, and an Agreement describes the specific data to be shared. The list of Information Sharing Protocols / Agreements to which the CCG is a signatory / partner is shown in Appendix F. 11 Information Security The CCG operates an Information Security Operational Plan, which is an integral part of this Framework. Approval of this Framework includes approval of the Information Security Operational Plan which is attached as Appendix H. South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 9 of 19
10 Appendix A Glossary CCG Clinical Commissioning Group CISM Certified Information Security Manager DPA Data Protection Act 1998 EIR Environmental Information Regulations 2005 FOI Freedom of Information Act 2000 IAO Information Asset Owner IG Information Governance IGMF Information Governance Management Framework ISP Information Sharing Protocol IGSoC Information Governance Statement of Compliance IGT Information Governance Toolkit IS Information Security IT Information Technology NEW Northern, Eastern and Western Devon Clinical Commissioning Group SDHIS South Devon Health Informatics Service SIRO Senior Information Risk Owner SMT Senior Management Team SDT South Devon and Torbay Clinical Commissioning Group STEIS Strategic Executive Information System South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 10 of 19
11 Appendix B CCG staff in key IG roles The following staff are in key Information Governance roles as at 22 nd April Role Caldicott Guardian Senior Information Risk Owner (SIRO) Staff working directly for, or contracted to, South Devon & Torbay CCG Gill Gant, Director of Quality Governance Mark Procter, Director of Corporate Affairs and Medicines Optimisation Information Governance Manager Phil Stimpson, Corporate Affairs Manager Information Security Manager IG Toolkit Administrator Data Protection Officer Freedom of Information Manager Corporate Governance Lead Clinical Governance Lead Data Quality Lead Richard Ward, IT Security Manager, NEW Devon CCG provides service under under SLA to SDT [CISM qualification, December 2009] Phil Stimpson, Corporate Affairs Manager Phil Stimpson, Corporate Affairs Manager Phil Stimpson, Corporate Affairs Manager Mark Procter, Director of Corporate Affairs and Medicines Optimisation Gill Gant, Director of Quality Governance Jo Turl, Assistant Director of Performance & Information, South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 11 of 19
12 Appendix C CCG support arrangements for SIRO The following staff are in key roles in support of the Senior Information Risk Owner (SIRO) as at 22 nd April Role Senior Information Risk Owner (SIRO) Support in SDT CCG and via SLA Details Mark Procter Director of Corporate Affairs and Medicines Optimisation Member of Senior Management Team Formally appointed into role June 2012 Information Governance Manager Phil Stimpson NEW Devon CCG Information Security Manager Richard Ward Information Asset Owners in SDT CCG Mark Procter iknow intranet Phil Stimpson Shared drive (hosted by SDHIS) This list will be completed during South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 12 of 19
13 Appendix D CCG support arrangements for Caldicott Guardian The following staff hold in key roles in support of the Caldicott Guardian as at 22 nd April Role Caldicott Guardian Support in SDT CCG and via SLA Details Gill Gant Director of Quality Governance Member of Senior Management Team Formally appointed into role June 2012 Information Governance Manager Phil Stimpson NEW Devon CCG Information Security Manager Richard Ward The Caldicott Guardian is the nominated CCG signatory to all Information Sharing Protocols with other organisations. [Appendix E] The Information Governance Manager and the IT Security Manager react to all reported information security and confidentiality issues, which are recorded as appropriate. All urgent and serious incidents are discussed in detail with the Caldicott Guardian and SIRO immediately and all agreed actions are followed through to closure. A summary report is presented regularly to the Caldicott Guardian and SIRO, and then to the Quality Committee. South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 13 of 19
14 Appendix E CCG Information Governance policies The CCG will write strategies, policies and guidance to cover all aspects of Information Governance and Information Security as required by the IG Toolkit and any other relevant legislation and national guidance. These will be supplemented as a result of new developments in legal or NHS requirements or in response to identified risks or incidents within the CCG. Policies will typically be written by the Information Governance and IT Security Managers, circulated to the IG Forum for comment and agreement, and then formally approved by the quality Committee. Approved policies will be published on the CCG s Intranet and Internet sites. Policies will be re-assessed, amended and approved at least every 3 years; policies will be rewritten and re-approved sooner where there have been significant changes in organisational arrangements, or the underlying legislation or NHS guidance has changed. The exception to this will be the IT policies where the CCG will adopt the policies currently used by the South Devon Health Informatics Service (SDHIS), and these will be published on the intranet site only. South Devon and Torbay CCG Policies Name Version Approved Information Governance Management Framework 1.3 Information Governance Policy 1.0 Information Lifecycle Management Policy (including Information Quality Strategy and Records Management Strategy) 1.0 Confidentiality and Data Protection Policy 1.1 Corporate Governance Policy (including Freedom of Information) 1.1 Information Security Policy 1.1 Business Continuity Strategy 1.2 Incident Management Policy 1.2 System Level Security Policies (for each system) 1.0 South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 14 of 19
15 Appendix F CCG Information Sharing Protocols The CCG is not currently a signatory to any Information Sharing Protocols, as at 22 nd April However, there are a number of existing agreements (listed below) that were signed by NHS Devon and/or Torbay Care Trust, which the CCG will continue to work with in the spirit of cooperation within the health and social care environment where there is a clear benefit to the patient. As part of the normal review cycle, these agreements will be amended to reflect the position of the CCG, and signed by the CCG Caldicott Guardian. These agreements are typically reviewed every 2 years or sooner if the underlying legislation or working practices change. Signed copies of the agreements are held by the Corporate Affairs Manager. The list of protocols / agreements signed by the CCG will be added to the next version of this Framework. Information Sharing Protocols / Agreements signed by NHS Devon / Torbay Care Trust Name Version Approved Overarching Health and Social Care Organisations in Devon 1.7 Jan 2008 Youth Offending Team 1.8 Jul 2007 Multi-Agency Public Protection Arrangements (MAPPA) 2.0 Oct 2006 Domestic Violence 1.2 Nov 2009 Crime and Disorder 2.0 Nov 2007 Childrens Trust 1.0 Jul 2010 Devon Locality Intelligence Network for Controlled Drugs 0.3 Mar 2008 Single Assessment Process (SAP) 1.2 Feb 2009 Deprivation of Liberty Safeguards (DLS) 0.4 Jun 2010 Local Resilience Forum 1.0 Dec 2009 Hearing Direct (NHS Direct East Midlands) 2.0 Jan 2008 NHS Continuing Healthcare 2.2 Feb 2009 Integrated Offender Management 1.31 Sep 2011 Health and Social Care Secondary Uses 1.5 Jan 2012 South Devon & Torbay CCG Information Governance Management Framework v1.3 June 2013 Page 15 of 19
16 Information Security Operational Plan 2013/14 Appendix H - Information Security Operational Plan South Devon & Torbay Clinical Commissioning Group Introduction Information security is concerned with protecting information and information systems from unauthorised access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. The goal is to protect the confidentiality, integrity and availability of information; whatever its format i.e. electronic or paper. Background South Devon and Torbay CCG (SD&T CCG) came into being on the 1 st April IT Services and support for the CCG are provided by the South Devon Hospitals Information Service (SDHIS). The Information Security function is contracted from Northern, Eastern and Western Devon CCG (NEW Devon CCG. Connecting for Health (CfH) have produced an IG Toolkit specific to CCGs which has 29 Requirements, 13 of which assess Information Security. Scope The remit of Information Security within the NHS is wide and includes: Working towards achieving ISO (Information Security Management) compliance. Achieving a satisfactory score in the annual IG Toolkit self assessment Implementing the CfH Information Risk Management Good Practice Guide In practice both progress with ISO and the IG Toolkit work is assessed through the completion of the IG Toolkit. The IG Toolkit is an annual self assessment tool that examines various aspects of Information Governance including a section on Information Security of the 29 IG Toolkit requirements 13 are concerned with Information Security. The implementation of CfH Information Risk Management guidance is a national NHS requirement and specific activity and CfH have published a Good Practice Guide A second area covered in the IG Toolkit 300 series of requirements is the implementation of the CfH Information Risk Management Good Practice Guide; this has been adopted by the CCG as the basis for its Information Risk Management Policy. Richard Ward Page 16 of 19 19/4/2013
17 Information Security Operational Plan 2013/14 Resources The contracted Information Security service from NEW Devon equates to a qualified Information Security Manager and support for approximately one day a week. Caldicott Guardian Gill Gant Senior Information Risk Owner (SIRO) Mark Procter SD&T CCG IG Team Information Security Manager Richard Ward SDHIS (IT Provider) Aim The 2013/14 Information Security Operational Plan aims to deliver: implementation of the DoH Information Risk Management Policy GPG achieve a minimum of level of 2 for each of the IT related IG Toolkit requirements i.e. the 300 series of requirements for each of the South Devon and Torbay CCG; or where a level 2 cannot be demonstrated ensure that a plan to achieve level two is developed. Note: Where a level 2 cannot be achieved without it; then a plan to achieve this level must be put in place this will allow level 2 to be claimed. Appendix 1 shows the individual work streams and their associated tasks, it is likely that additional tasks will be identified as the year progresses Conclusion There are a number of uncertainties that may have an impact on Information Security activities, including the development of the individual CCGs; these may result in significant changes to this Operational Plan. Richard Ward Page 17 of 19 19/4/2013
18 Information Security Operational Plan 2013/14 Not all the tasks in Appendix 1 will be completed within the 2013/14 year as some are of a continuous nature and the priority of others may change. However, any outstanding tasks will have been subjected to a review and be either carried forward to the next years plan or removed in total. There are a number of significant risks to achieving this plan and these will be identified on, and dealt with through, the IS and IT Risk Management processes. Richard Ward Page 18 of 19 19/4/2013
19 Information Security Operational Plan 2013/14 Work stream Detail Start date End date Information Risk Management Maintain Policies Assist the CCG implement the CfH Information Risk Management Good Practice Guide IT Policies to be reviewed by review dates and approved by the SIRO. April 2013 April /3/2014 Create reports The reports to be produced will be in line with the CCG Management team requirements Bi-Monthly Continuous Mobile devices Monitor and investigate CfH monthly encryption reports Monthly Continuous IG Toolkit (South Devon and Torbay CCG) Put in place processes to capture the required evidence. Present the evidence (document) Complete the IG Toolkit submission A continuous process but effort being concentrated in Q4 each year. 31/3/2014 System level security Policy (SLSPs) User Audits Business Impact assessment (BIA) Identify systems and assist Information Asset Owners (IAO) develop SLSPs Assist IAOs carry out User Audits and other associated tasks The corporate Business Continuity Management project includes IT Disaster Recovery plans, the first requirement of these is that a BIA is carried out. It is intended to complete these in conjunction with SLSPs June /3/2014 June /3/2014 June /3/2014 Monitor IT Provider SLAs Assist AD IT to set up KPI reporting. Monitor the resulting reporting for Performance and IG Toolkit evidence April 2013 Continuous IG Forum (SHA) IG Forum (local) SIRO updates Attend and participate in monthly updates April 2013 Continuous Information Security Incident management Investigate and report IS incidents to inform the IG Manager, SIRO, Caldicott Guardian, and Operational management. April 2013 Ad Hoc Richard Ward Page 19 of 19 19/4/2013
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationJOB DESCRIPTION. Information Governance Manager
JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More informationCONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE
This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE Document Title: Contracts
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:
More informationInformation Governance Policy
Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version
More informationInformation Governance Strategy
Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version
More informationNETWORK SECURITY POLICY
NETWORK SECURITY POLICY Policy approved by: Governance and Corporate Affairs Committee Date: December 2014 Next Review Date: August 2016 Version: 0.2 Page 1 of 14 Review and Amendment Log / Control Sheet
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy
More informationInformation Governance Policy
Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationInformation Governance Plan
Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationInformation Governance Policy
Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route
More informationINFORMATION GOVERNANCE POLICY
Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):
More informationInformation Governance Strategy
Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:
More informationInformation Governance Policy
Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:
More informationInformation Management Policy CCG Policy Reference: IG 2 v4.1
Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control
More informationInformation Governance Strategy
Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationVersion Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation
Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying
More informationInformation Governance Strategy 2015/16
Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationTrust Informatics Policy. Information Governance. Information Governance Policy
Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference
More informationBEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE
GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE
More informationInformation Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs
Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationINFORMATION GOVERNANCE AND DATA PROTECTION POLICY
INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationA Question of Balance
A Question of Balance Independent Assurance of Information Governance Returns Audit Requirement Sheets Contents Scope 4 How to use the audit requirement sheets 4 Evidence 5 Sources of assurance 5 What
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationPolicy: D9 Data Quality Policy
Policy: D9 Data Quality Policy Version: D9/02 Ratified by: Trust Management Team Date ratified: 16 th October 2013 Title of Author: Head of Knowledge Management Title of responsible Director Director of
More informationInformation Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.
Information Governance Policy 1 SUMMARY This policy is intended to ensure that staff are fully aware of their Information Governance (IG) responsibilities, so that they can effectively manage and best
More informationInformation Governance Framework
Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March
More informationNHS Waltham Forest Clinical Commissioning Group Information Governance Policy
NHS Waltham Forest Clinical Commissioning Group Information Governance Policy Author: Zeb Alam & David Pearce Version 3.0 Amendments to Version 2.1 Updates made in line with National Guidance and Legislation
More informationInformation Governance Framework and Strategy. November 2014
November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date
More informationNHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety
More informationINFORMATION GOVERNANCE POLICY
ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy
More informationINFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY Policy approved by: Audit and Governance Committee Date: 4 th December 2014 Next Review Date: December 2016 Version: 1 Information Security Policy Page 1 of 17 Review and Amendment
More informationNHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing
More informationINFORMATION GOVERNANCE
This document is uncontrolled once printed. Please refer to the Trusts Intranet site (Procedural Documents) for the most up to date version INFORMATION GOVERNANCE NGH-PO-233 Ratified By: Procedural Document
More informationMOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY
MOORLAND SURGICAL SUPPLIES LTD INFORMATION GOVERNANCE POLICY Moorland is committed to ensuring that, as far as it is reasonably practicable, the way we provide services to the public and the way we treat
More informationHow To Ensure Information Security In Nhs.Org.Uk
Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:
More information1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.
Title: Reference No: NHSNYYIG - 007 Owner: Author: INFORMATION GOVERNANCE POLICY Director of Standards First Issued On: September 2010 Latest Issue Date: February 2012 Operational Date: February 2012 Review
More informationInformation Governance Policy
Information Governance Policy Version: Revised: Consultation: Ratified by: 1.0 Information Governance Committee Governance Committee Date ratified: 19 March 2008 Name of originator/author: David McGrath
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY POLICY NO IM&T 011 DATE RATIFIED January 2012 NEXT REVIEW DATE January 2015 POLICY STATEMENT/KEY OBJECTIVE: To provide an overarching framework through which Information Governance
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval
More informationInformation Governance Policy
BEXLEY CARE TRUST MANAGEMENT MANUAL Title: INFORMATION GOVERNANCE POLICY Originating Department: IT DEPARTMENT Authorised by: Risk Management Committee June 2008 Reference no: CA12 Date of Issue: JANUARY
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:
More informationPolicy Information Management
Policy Information Management Document Title: Policy Information Management Issue date: October 2013 Document Status: Approved IGC 23 Oct 2013 Review date: October 2014 Page 1 of 17 Document control Document
More informationSafe Haven Policy. Equality & Diversity Statement:
Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review
More informationInformation Governance Policy
Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY
More informationINFORMATION RISK MANAGEMENT POLICY
INFORMATION RISK MANAGEMENT POLICY DOCUMENT CONTROL: Version: 1 Ratified by: Steering Group / Risk Management Sub Group Date ratified: 21 November 2012 Name of originator/author: Manager Name of responsible
More informationInformation Governance Policy
Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September
More informationInformation Governance Strategy. Version No 2.1
Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of
More informationInternet and Social Media Policy
Internet and Social Media Policy Page 1 of 19 Review and Amendment Log / Control Sheet Responsible Officer: Chief Officer Clinical Lead: Author: Date Approved: Committee: Version: Review Date: Medical
More informationCCG: IG06: Records Management Policy and Strategy
Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of
More informationN3 Protecting the Network through Information Governance and Assurance
N3 Protecting the Network through Information Governance and Assurance NHS CFH Operational Security Team cfh.ost@nhs.net Introductions The NHS CFH Operational Security Team: Tony Hodgson Operational Security
More informationType of change. V02 Review Feb 13. V02.1 Update Jun 14 Section 6 NPSAS Alerts
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified By Central Alerting System (CAS) Policy NTW(O)17 Medical Director Tony Gray Head of Safety and Patient Experience
More informationDate of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.
Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5
More informationInformation Governance and Data Protection Policy
Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final
More informationInformation Governance Policy
Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact
More informationPolicy Checklist. Head of Information Governance
Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust
More informationMANAGEMENT OF POLICIES, PROCEDURES AND OTHER WRITTEN CONTROL DOCUMENTS
MANAGEMENT OF POLICIES, PROCEDURES AND OTHER WRITTEN CONTROL DOCUMENTS Document Reference No: Version No: 6 PtHB / CP 012 Issue Date: April 2015 Review Date: January 2018 Expiry Date: April 2018 Author:
More informationInformation Governance Strategy
Information Governance Strategy THCCGCG9 Version: 01 The information governance strategy outlines the CCG governance aims and the key objectives of its governance policies. The Chief officer has the overarching
More informationRECORDS MANAGEMENT POLICY
RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal
More informationInformation Security Policy. Version 2.0
1 Intranet and Website Upload: Intranet Website Keywords: Electronic Document Library CCGs G Drive Location: Location in FOI Publication Scheme Information, Security, Information Governance, IG, Data Protection.
More informationInformation Governance Strategy Includes Information risk & incident management methodology
Version 2.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality & Governance Committee Ratification date: May 2014 Review date: May
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationEquality and Diversity Policy. Deputy Director of HR Version Number: V.2.00 Date: 27/01/11
Equality and Diversity Policy Author: Deputy Director of HR Version Number: V.2.00 Date: 27/01/11 Approval and Authorisation Completion of the following signature blocks signifies the review and approval
More informationIT SECURITY POLICY (ISMS 01)
IT SECURITY POLICY (ISMS 01) NWAS IM&T Security Policy Page: Page 1 of 14 Date of Approval: 12.01.2015 Status: Final Date of Review Recommended by Approved by Information Governance Management Group Trust
More informationSOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September 2015. Information Governance Manager
SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY Report to the Trust Board 22 September 2015 Sponsoring Director: Author: Purpose of the report: Key Issues and Recommendations: Director
More informationSHEFFIELD TEACHING HOSPITALS NHS FOUNDATION TRUST EXECUTIVE SUMMARY REPORT TO THE BOARD OF DIRECTORS MEETING HELD ON 16 MAY 2012
B SHEFFIELD TEACHING HOSPITALS NHS FOUNDATION TRUST EXECUTIVE SUMMARY REPORT TO THE BOARD OF DIRECTORS MEETING HELD ON 16 MAY 2012 Subject Supporting TEG Member Lead Author Status 1 Healthcare Governance
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationInformation Security and Governance Policy
Information Security and Governance Policy Version: 1.0 Ratified by: Information Governance Group Date ratified: 19 th October 2012 Name of organisation / author: Derek Wilkinson Name of responsible Information
More informationInformation Governance Framework
Information Governance Framework March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aim 2 3 Purpose, Values and Principles 2 4 Scope 3 5 Roles and Responsibilities 3 6 Review 5 Appendix 1 - Information
More informationINFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationBusiness Continuity Policy
Business Continuity Policy Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain its essential business functions during
More informationINFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY
Appendix 1 INFORMATION GOVERNANCE INFORMATION GOVERNANCE POLICY Author Information Governance Review Group Information Governance Committee Review Date May 2014 Last Update February 2013 Document No. GV
More informationLancashire County Council Information Governance Framework
Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice
More informationInformation Governance Standards in Relation to Third Party Suppliers and Contractors
Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging
More informationInformation Governance Training Plan v13
Information Governance Training Plan To meet requirements of IGT v13 Lincolnshire East Clinical Commissioning Group Page 1 of 17 Contents Introduction Page 3 Training Provision Page 4 Staff Induction Awareness
More informationPolicies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1
Policies for: Information Governance Information Quality Information Management Information Security Approved by: None this version Date approved: Name of originator/author: Ade Oduntan, Mike Hellier,
More informationNHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT
NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head
More informationData Quality Policy. March 2015 POLICY DEVELOPMENT PROCESS. Data Quality Policy Page 1
Data Quality Policy March 2015 Author: Lynda Harris, Head of Information Governance LyndaHarris2@nhs.net Responsibility: All Staff Effective Date: March 2015 Review Date: March 2017 Reviewing/Endorsing
More informationInformation Incident Management and Reporting Procedures
` Information Incident Management and Reporting Procedures Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy may
More informationCORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014
CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY December 2014 DOCUMENT INFORMATION Author: Barbara Sansom Information Governance Manager Equality Impact Assessment Consultation & Approval
More informationGloucestershire Hospitals
Gloucestershire Hospitals NHS Foundation Trust TRUST POLICY In the case of hard copies of this policy the content can only be assured to be accurate on the date of issue marked on the document. The Policy
More informationInformation Governance Strategy Includes Information risk & incident management methodology
Version 3.0 LOGOLOGO Information Governance Strategy Includes Information risk & incident management methodology Approved by: Quality Assurance Group Ratification date: March 2015 Review date: March 2016
More information