Information Management Policy

Similar documents
Information Management Policy. Retention and Destruction Policy

Queensland recordkeeping metadata standard and guideline

ANU Electronic Records Management System (ERMS) Manual

Scotland s Commissioner for Children and Young People Records Management Policy

Records Management - Council Policy Version 2-28 April Council Policy. Records Management. Table of Contents. Table of Contents... 1 Policy...

Records Management plan

RECORDS MANAGEMENT POLICY

Information Management Advice 50 Developing a Records Management policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Newcastle University Information Security Procedures Version 3

Life Cycle of Records

Disposal Authorisation for Information and Technology Management Records. Administrative Schedule No. 4

NOT PROTECTIVELY MARKED FORCE PROCEDURES. Retention, Archiving and Destruction Procedure v1.2. Records Manager

Records Management and Information Lifecycle Strategy

The Manitowoc Company, Inc.

OFFICIAL. NCC Records Management and Disposal Policy

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4.

RECORDS MANAGEMENT POLICY

Council Policy. Records & Information Management

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

RECORDS MANAGEMENT POLICY

Scope and Explanation

RECORDS MANAGEMENT POLICY

Corporate Records Management Policy

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

Complying with the Records Management Code: Evaluation Workbook and Methodology

Records Management Policy.doc

4.10 Information Management Policy

Administrative Procedures Memorandum A2005

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT

Digital Continuity Plan

Records Management Policy & Guidance

Approved by: Vice President, Human Resources & Corporate Resources and Vice President, Treasury & Compliance Date: October 14, 2009

BIG LOTTERY FUND Document archive and retention policy

Information governance strategy

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)

Public Records (Scotland) Act Healthcare Improvement Scotland and Scottish Health Council Assessment Report

User Guide to Retention and Disposal Schedules Council of Europe Records Management Project

Records Management - Department of Health

APPRAISAL REPORT FOR ACC CLAIMS MANAGEMENT, NATIONAL OFFICE CORPORATE RECORDS. Accident Compensation Corporation

Information and Compliance Management Information Management Policy

ITEM NO: 4. Date: 23 March Pam Williams Borough Treasurer Wendy Poole Head of Risk Management Audit Services. Reporting Officers:

HSE P0801 HSE Document Control and Records Management Procedure

Creating a File Plan. Pre-Session Handouts. File Plan Policy. What is a File Plan and why should I care?

Information Security Policies. Version 6.1

Tasmanian Government WEB CONTENT MANAGEMENT GUIDELINES

DOCUMENT AND RECORDS CONTROL PROCEDURE

9. GOVERNANCE. Policy 9.8 RECORDS MANAGEMENT POLICY. Version 4

Information Management Policy CCG Policy Reference: IG 2 v4.1

Transition Guidelines: Managing legacy data and information. November 2013 v.1.0

Implementing an Electronic Document and Records Management System. Key Considerations

National Statistics Code of Practice Protocol on Data Management, Documentation and Preservation

Argyll and Bute Council. Information Management Strategy

INSTITUTE OF TECHNOLOGY TALLAGHT RECORD MANAGEMENT & RETENTION POLICY

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

TRANSPORT CANADA MARINE SAFETY PLEASURE CRAFT OPERATOR COMPETENCY PROGRAM QUALITY MANAGEMENT SYSTEM FOR ACCREDITATION

Records Management Plan. April 2015

Guide 4 Keeping records to meet corporate requirements

NSW Data & Information Custodianship Policy. June 2013 v1.0

Applicability: All Employees Effective Date: December 6, 2005; revised January 27, 2009 Source(s):

Records and Information Management. General Manager Corporate Services

5.3. CQUniversity records and information will be captured and managed within one of the following corporate systems:

RECORD MANAGEMENT STANDARD OPERATING PROCEDURE (SOP)

Records Management Policy

UNIVERSITY OF LONDON RECORDS MANAGEMENT MANUAL: BEST PRACTICE PROCEDURE No. 4 ELECTRONIC RECORDS MANAGEMENT

Digital Continuity in ICT Services Procurement and Contract Management

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Information Governance Policy

An Approach to Records Management Audit

INFORMATION MANAGEMENT STRATEGIC FRAMEWORK GENERAL NAT OVERVIEW

Management of Official Records in a Business System

Highland Council Information Security Policy

Information Governance Policy (incorporating IM&T Security)

Records management in SharePoint 2010

University of Brighton School and Departmental Information Security Policy

Guide 2 Organisational

Complying with the Records Management Code: Evaluation Workbook and Methodology. Module 8: Performance measurement

Appraisal policy. City of London. Culture, Heritage and Libraries Department. London Metropolitan Archives

1. Each employee is responsible for managing college records in a responsible and professional manner.

CCG: IG06: Records Management Policy and Strategy

(Joint) Information Management Strategy April 2014

How To Manage Records And Information Management In Alberta

Chester Beatty Library Records Management Policy

Records Management Policy

Mapping the Technical Dependencies of Information Assets

Records Retention and Disposal Schedule. Information Management

How to Manage and Organise Shared Drives. Guidance for Administrators

Records Management and SharePoint 2013

Walton Centre. Document Control. Document History Date Version Author Changes 01/10/ A Cobain

Policy: D9 Data Quality Policy

Transcription:

Title Information Management Policy Document ID Director Mark Reynolds Status FINAL Owner Neil McCrirrick Version 1.0 Author Deborah Raven Version Date 26 January 2011 Information Management Policy Crown copyright 2012

Amendment History: Version Date Amendment History 1.0 26 Jan 11 Initial release Approvals: Name Organisation Version Date Martin Severs Chairman, ISB 1.0 26/01/11 Related Documents: Ref no Title Version 1 Information Management: Policy and Guidance for DH Staff Revised May 2010 2 Information Management Guidance Don't Panic guidance 3 Central Office of Information Web Standards and Guidelines Glossary of Terms: Term DH Disposal Document Information Management Ephemeral NHS CFH Record Records System Definition Department of Health Disposal refers to (1) the destruction of information, either through deletion off a computer system or the shredding of an original document; (2) the transfer of public records to TNA for preservation. A document is a container that comprises one or more content components and which stands alone as a unit of information, produced or received by an organisation or person. A document can be physical or electronic text or multimedia. A document contains information. Recording and handling of documents so that the information they contain can be found easily and reused as needed, and their management is fully compliant with legal requirements. (DH) A document containing information of short term or transitory value; of use for the duration of a particular activity or a duplicate copy for consultation purposes. Ephemeral documents are not transferred to a records system, but are disposed of after use. NHS Connecting for Health; the host organisation of the ISB which provides services to the ISB, including the IT infrastructure and storage repositories, HR and Finance. NHS CFH also provides strategic guidance in respect of records and information management. A record is a document containing a specific piece of information produced or received in the initiation, conduct or completion of an institutional or individual activity. It comprises sufficient content, context and structure to provide evidence of the activity. It is not ephemeral: that is, it contains information that is worthy of preservation in the short, medium or long term. (TNA) All records start off as documents, but not all documents become records. A computer system for the storage of documents declared as records. Information Standards Board for Health and Social Care 2012 Page 2 of 15

PDF/A-1a Retention TNA A final-state format for delivery to end users and long-term preservation of the document as disseminated to users. (ISO 19005-1) The continued storage and maintenance of records for as long as they are required by the creating or holding organisation. (TNA) The National Archives. Information Standards Board for Health and Social Care 2012 Page 3 of 15

Contents 1 Introduction...5 2 Background...5 2.1 Information... 5 2.2 Information Management... 5 2.3 Records... 6 3 Benefits...6 4 Scope...6 4.1 Key Information Resources... 7 5 Responsibilities...8 6 Key Principles...9 6.1 Compliance with legislation and standards... 9 6.2 Storage and Access... 9 6.3 Security and Privacy... 10 6.4 Retention... 10 6.5 Publishing... 11 6.6 Exploitation... 12 7 Policy Maintenance...12 Appendix A Information Classification and Retention Schedule... 13 Information Standards Board for Health and Social Care 2012 Page 4 of 15

1 Introduction All information created or received as part of the work of the ISB is a corporate resource, necessary for the effective fulfilment of the ISB s responsibilities for the assurance and approval of information standards. This includes all information created or received within the ISMS or by ISB members, in respect of ISB business. This includes the Domain Leadership team and ISB appraisers. Information is considered a vital business asset; there is a need to manage information in line with accepted good practice, as put forward by The National Archives (TNA) in its role as the public sector authority on information management and as adopted by the Department of Health. This document sets out the ISB policy for information management, incorporating TNA and other public sector good practice. This policy will come into force on [to be determined] (conditional on Board approval). Some retrospective compliance will be necessary. 2 Background 2.1 Information The ISB has procedures in place for the storage of information. However the increasing volume and types of information, coupled with a greater emphasis on internal and external collaborative working, has prompted a re-consideration of the approach that should be adopted for the holistic management of the information that is created or received. Within the ISB environment, the term "information" has been used to refer to information created or received as electronic documents, e.g. letters, minutes, submission products. While such documents are the focus of this policy, recognition must be given to other, newer, types of creating and exchanging information, e.g. email conversations, text messages, social networking channels. The ISB policy will be updated as use of such types become more prevalent. 2.2 Information Management Information Management refers to the processes for the recording and handling of information so that it can be found easily and reused as needed, and is fully compliant with legal requirements. It calls for a cradle to grave approach, so that information is checked at regular intervals as it goes from active use to disposal. Information Management is concerned with the categorisation and classification of the documents which contain information, so that those which have no long term value can be identified with ease and disposed of after use. Such documents are classed as "ephemeral". Other documents which do have long term value are classed as "records". Information Standards Board for Health and Social Care 2012 Page 5 of 15

2.3 Records The majority of information can be classed as "ephemeral", i.e. it is of use for an immediate piece of work, e.g. the development of a standard, but has no long term value. However some information handled is of enduring value and needs to be managed in a different way, i.e. as a corporate record. Records ensure information is available about what happened, what was decided, and how things have been done. TNA has defined a record as Recorded information, regardless of media or format, created or received in the course of individual or organisational activity, which provides reliable evidence of policy, actions and decisions. The ISB, through this information management policy and supporting guidance, will adopt good information management practice so that: There is a consistent structure for the storage of information. There are accepted procedures for the systematic review of all types of information. There are accepted procedures for the destruction of out-of-date information. There is a framework for the identification of records and their subsequent management. All staff are aware of, and comply with, their individual responsibilities. The ISB, as a public sector information provider, has responsibilities under the Public Records Act 1958 to ensure the identification of public records and subsequent transfer to TNA for preservation, where specific transfer criteria are met. 3 Benefits There are many benefits to be gained from the adoption of good information management practice. This policy and supporting guidance will be used to: 4 Scope Provide business continuity and consistency. Protect access to and retrieval of vital information. Provide evidence of decision making. Demonstrate accountability and transparency. Provide an audit trail of actions. Enable compliance with current legislation. Minimise risk of loss of vital information. Increase operational effectiveness and efficiency. This policy applies to: Information Standards Board for Health and Social Care 2012 Page 6 of 15

All information created within the ISB. All information received by the ISB. The ISB is defined as ISMS, Domain Leadership team, ISB members and ISB appraisers, in respect of ISB business. All information means: Any information received in any paper, electronic or multimedia format. Electronic format includes Word documents, spreadsheets, web pages, emails. Multimedia format includes video recordings, podcasts. At present, this policy excludes the work of IST/35. Configuration management for IST/35 is described within the IST/35 Business Plan and approved by the IST/35 Management Committee. However the aim is that there will be one inclusive policy, to ensure cohesion and consistency. 4.1 Key Information Resources Extra controls exist for key information resources: The ISB standards database and workflow tool, Clarity, is a key information resource which drives the population of the Standards Library on the ISB web, Version control is achieved for certain Library key fields, while the workflow elements are monitored on a manual basis. While subject to this policy, there is a separate manual for Clarity's management to ensure ongoing currency and quality. The ISB web is a key information resource providing access to the definitive versions of information standards and ISB minutes. In addition, the ISB web provides definitive guidance for external parties, including links to other resources. While subject to this policy, a separate manual is to be developed for its management. The ISMS SharePoint is a key information resource, being the sole repository for all unstructured content, including internal documents, emails, appraisal documents, internal and external guidance, templates, reporting and contact data. It will include draft and approved documents. The network (i.e. the public folders on Sagat) will not be used for the storage of these products. While subject to this policy, a separate manual is to be developed for its management. The ISB Distribution List is a key information resource, listing all subscribers who have requested to receive ISB communications, including those announcing the publication of Information Standards Notices. This list is subject to special controls which are to be documented on the Don t Panic guidance pages on SharePoint. The ISDM is a key information resource providing a manual for the development and appraisal of an information standard. It is available as an interactive resource on the ISB web, as well as being made available as a Information Standards Board for Health and Social Care 2012 Page 7 of 15

static document. Special rules apply for its maintenance and dissemination; these are documented in Don't Panic. The handling of ISB Mailbox enquiries is subject to special instructions, documented in Don t Panic. The use of external key information resources should be noted. The ISMS works with NHS Connecting for Health departments, namely HR, Finance and External Resources, to ensure the appropriate safe and secure storage of all employee and contractor information. For example, all purchase orders and invoices relating to the use of appraisers are stored on the NHS Shared Business Services (SBS) Oracle database. 5 Responsibilities Head of Operations This person is accountable for the quality of information management. This person will ensure that information audits to identify corporate records are built into the project planning process. Knowledge Manager All Staff This person will ensure that all local policies and procedures are aligned with TNA and DH good practice. This person is responsible for managing the information management structure. This person will: o Provide guidance on the identification of corporate records. o Provide guidance on the identification of ephemeral information. o Manage the destruction of ephemeral information. o Manage the retention of corporate records through to disposal. o Provide new starters with guidance on information management principles and procedures. All members of staff, ISB members, domain leads and appraisers must comply with this policy, so that: o Documents are stored in accordance with the directory structure convention. o Documents are named in accordance with the file naming convention. o Any storage of non-work documents is kept to a minimum. o Confidential information is not inappropriately divulged but handled in line with legislation and NHS CFH Information Governance requirements. Information Standards Board for Health and Social Care 2012 Page 8 of 15

In addition: o Records are identified in a timely manner. All staff should recognise that mistakes can be made in the handling of information and they need to work co-operatively to correct errors and reduce risk of recurrence. All staff will be asked to contribute to reviews of this policy. 6 Key Principles An effective information management policy, together with accompanying processes and guidance, will enable realisation of certain key principles. 6.1 Compliance with legislation and standards This principle is about ensuring that handling and use of information, whether created or received, is in line with all relevant legislation and standards: Processes and procedures will be established to ensure compliance with the primary pieces of legislation that impact the proper management of information, in respect of copyright protection, data protection and freedom of information requests. Patient identifiable information is not required for the effective fulfilment of the ISB's responsibilities and should never be handled, recorded nor stored within ISB information resources. In the exceptional event of a patient communicating with the ISB and including patient identifiable information, this communication must only be stored for the purpose and duration of the enquiry. 6.2 Storage and Access This principle is about ensuring that effective configuration management is put in place so that information is available for future use by those who need to see and use it. This means that: All work-related information must be stored on one of the key information resources listed above (4.1) not in personal systems accessible only to the individual concerned. With the exception of confidential and sensitive information, the system to be used for all work-related information is SharePoint. Confidential and sensitive information refers to employee and financial information. This is managed by the ISMS Head of Operations in liaison with the NHS CFH HR and Finance teams. Site and folder structures, coupled with file naming rules, will assist with the organisation of information so that it can be located and reused quickly and easily. Further guidance on file naming can be found in Don't Panic. Strict version control must be adhered to. Superseded versions should not be kept. This will ensure that the most current version is immediately accessible. Information Standards Board for Health and Social Care 2012 Page 9 of 15

Each member of staff should use their personal folder on Sagat for the storage of ephemeral information or personal work-related information. NHS CFH lap top users can use their local drive for such storage. Work-related emails must not be stored in Meridio or any other location which cannot be accessed by the whole team. This policy applies to both electronic and paper information. However the ISB retains little in paper format and material considered of sufficient value to keep should be scanned as a PDF document and stored in line with the directory structure convention. The paper document should be marked up before scanning to ensure the date of document and the date of scanning are clearly visible. The paper document should be shredded on completion of successful scanning. 6.3 Security and Privacy This principle is about making sure that information is handled and stored in line with standards and best practice for information security, confidentiality and privacy. While hosted by NHS CFH, the ISB must comply with that organisation's information security and privacy policies. This includes: The annual undertaking of information governance training by all staff who have a connection to the NHS CFH network. o This includes advice on managing print and fax copies of documents. Compliance with NHS CFH policies on network password control. Compliance with NHS CFH rules on laptop use. Compliance with the NHS CFH Clear Desk policy. All NHS CFH polices can be found on the NHS CFH Intranet (available to NHS CFH Network users only). In addition, any information received within ISB which displays a third party protective marking should be stored in accordance with the classification assigned to it. This includes emails received from third parties. The ISB has its own protective markings policy which may not match that of the third party. The obligations set by the third party must be respected. Confidential and sensitive information will be made secure by the use of appropriate security permissions and passwords. Such information will not be placed in any external facing repository. Information on SharePoint is made available to all users, internal and external, on a read only basis, with the exception of contact and user information which is restricted to ISMS/ISB users. 6.4 Retention Operational rules are provided in Appendix A so that there is: A clear and consistent understanding of what information must be kept, and for how long. Information Standards Board for Health and Social Care 2012 Page 10 of 15

A clear and consistent understanding of what is regarded as ephemeral, and therefore able to be destroyed once no longer needed. There are key points within ISB activity that should trigger an audit of information holdings: After each Board meeting, a review should consider what documents discussed can be declared as records. At the end of each Stage of a standard's development, a review should look at all information used and determine what can be destroyed. The majority of information produced or stored within ISMS will be ephemeral in nature see the Information Classification and Retention Schedule. Such information should be deleted after use though a 2-year holding period may be agreed with the ISMS Knowledge Manager. Documents identified as corporate records will be stored on SharePoint and managed in line with the agreed retention period. A register of all corporate records will be maintained on SharePoint by the Knowledge Manager. The Knowledge Manager will be responsible for liaison with TNA about the transfer of records for preservation. At present, ISB records are unlikely to meet the TNA selection criteria that documents record: The principal policies and actions of the UK central government. The decision-making process in government. The state s interaction with its citizens and the physical environment. The Crown s rights and obligations. The Knowledge Manager will liaise with DH and NHS CFH on an ongoing basis about Departmental archives policy. 6.5 Publishing The term Publishing is used to describe the process that is used to make any form of information fit for dissemination to a wider audience, however small or large that audience may be and whether that audience is internal or external, or both. This principle is about making sure that the ISB has such a process and that it is adhered to on all occasions. All information must conform to the ISB house style for formatting and drafting. This house style can be found in Don t Panic. This includes advice on when to use Crown copyright. The ISB web must conform to the Central Office of Information standards and guidelines for managing, improving and marketing UK public sector webs (3). These include guidelines for the format of published documents and it is the role of the Knowledge Manager to monitor, and ensure compliance, with changes. It is the intention to canvass opinion, and publish results, on the quality of our information products. This will be undertaken with the assistance of the ISB User Group. Information Standards Board for Health and Social Care 2012 Page 11 of 15

6.6 Exploitation The ISB will benefit from a vigorous culture which encourages responsible management of information by all staff, and personal initiative in its exploitation. When handling and using information, staff are encouraged to think of opportunities to re-use and share the information, e.g. Can this be used for another purpose? Does it add to our body of knowledge? Can it be disseminated to a wider audience? The ISB has a duty as a public sector information provider to encourage the use and re-use of its information. As an adopter of the Open Government Licence its publications are deemed to be available for free use, whether for commercial or noncommercial purposes. All information aimed at an external audience will carry an attribution statement outlining the use of the Licence, noting that the ISB standard number and title should always be quoted on use and re-use. 7 Policy Maintenance This policy will be reviewed on an annual basis. No changes to its content will be allowed at any other time. The supporting guidance, stored in Don't Panic and other key information resource manuals, can be amended by the ISMS Head of Operations and/or the ISMS Knowledge Manager. A period of consultation, with the duration depending upon the complexity of the change, will precede the change. All changes will be announced on the ISMS Blog, with additional communication to ISB members and appraisers, as appropriate. Feedback and requests for change should be directed to the ISMS Knowledge Manager. Information Standards Board for Health and Social Care 2012 Page 12 of 15

Appendix A Information Classification and Retention Schedule This is a list of common types of information showing how they should be classed and the duration of their retention period. The retention period for ephemeral information should not be exceeded; however such information can be destroyed before the specified date. Information Type Records Ephemeral Information Retention period Storage location Business Plans and Annual Reports 7 years SharePoint: ISB Complaints 2 years SharePoint: ISB Contractor purchase orders, invoices and expenses 2 years NHS CFH ER and Contracts HR Records 5 years from date of leaving HR / NHS BSA Information Standards Risks and Issues Logs Information Standards Standard specifications Information Standards Standard submissions Information Standards Supporting documents, e.g. guidance, testing reports Information Standards Development Methodology (ISDM) Information Standards Notices (and predecessor DSCNs) 12 years SharePoint: standard 12 years SharePoint: standard PDF version on web 12 years SharePoint: standard PDF version on web 12 years SharePoint: standard PDF version on web 12 years Sagat Interactive version on web 25 years SharePoint: standard + version on web ISB Correspondence SharePoint: ISB ISB Minutes, Agendas and Supporting Documents (other than Standard documents) ISB Responses to Consultations Policies, Procedures and Processes (incuding quality 12 years SharePoint: ISB PDF version of Minutes on web 2 years SharePoint: ISB PDF version on web 12 years SharePoint: Don't Panic; ISB (as Information Standards Board for Health and Social Care 2012 Page 13 of 15

Information Type Records Ephemeral Information Retention period Storage location manual and work instructions) appropriate) Templates 2 years SharePoint Training materials 7 years SharePoint: Library Web Pages (where content not held elsewhere) subject to Annual Review Web Data Dictionary Change Papers Distribution and contact lists Documents which have no further value once the work to which it contributed has been completed, e.g. administration or research Domain Leadership team meeting documentation (inc. Agendas, Minutes, related papers and presentations) These are published by the ISB as a supporting document on the ISB web. The definitive record is held by the Data Dictionary team. 2 years SharePoint ListServ 2 years SharePoint: standard Short Term Retention folder 2 years SharePoint: DL Emails requesting addition to the ISB Distribution List Delete once actioned ISB mailbox Hotel booking confirmations 1 year SharePoint: Finance Information Standards drafts of documents, old versions, third party materials, correspondence ISB User Group documentation (inc. agendas, notes, terms of reference) ISMS team meeting documentation (inc. agendas, invitations, meeting notes) 2 years SharePoint: standard Short Term Retention folder 2 years SharePoint: ISB UG after next meeting SharePoint: Don't Panic Job descriptions current version only SharePoint: Library: Recruitment Press cuttings and other media reports relating to ISB, Information Standards, Martin Severs, etc Routine correspondence, including requests for information, promotional material, etc 5 years SharePoint: Library: Knowledge 6 months SharePoint (documents) ISB mailbox (emails) Transitory messages and 6 months SharePoint Information Standards Board for Health and Social Care 2012 Page 14 of 15

Information Type letters of minor importance Travel & Subsistence claims and authorisations Records Ephemeral Information Retention period Storage location (documents) ISB mailbox (emails) 5 years SharePoint: Finance Unsolicited letters Do not keep none Information Standards Board for Health and Social Care 2012 Page 15 of 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information