Information Integrity & Data Management

Similar documents
Compliance. Group Standard

Reputation, Brand & Communications

Business Continuity & Crisis Management

Consequence Management

Operations. Group Standard. Business Operations process forms the core of all our business activities

Risk Management. Group Standard

Procurement & Supply Chain

CONTRACT MANAGEMENT POLICY

Information Governance Policy

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Align Technology. Data Protection Binding Corporate Rules Controller Policy Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy Align Technology, Inc. All rights reserved.

Information Governance Strategy & Policy

Business Ethics Policy

Data Protection Policy June 2014

Newcastle University Information Security Procedures Version 3

INFORMATION GOVERNANCE POLICY

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy

Corporate Policy and Strategy Committee

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Policy

Information & ICT Security Policy Framework

BIG LOTTERY FUND Document archive and retention policy

INFORMATION GOVERNANCE POLICY & FRAMEWORK

Information Governance Policy (incorporating IM&T Security)

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES

Information Governance Policy

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Information Governance Strategy

Information and records management. Purpose. Scope. Policy

University of Liverpool

Clause 1. Definitions and Interpretation

Corporate Information Security Policy

Information Governance Policy

Preparation of a Rail Safety Management System Guideline

Information Management Policy CCG Policy Reference: IG 2 v4.1

Caedmon College Whitby

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY

HORIZON OIL LIMITED (ABN: )

INFORMATION TECHNOLOGY SECURITY STANDARDS

Version No: 2 Date: 27 July Data Quality Policy. Assistant Chief Executive. Planning & Performance. Data Quality Policy

INFORMATION GOVERNANCE POLICY

OUTSOURCING POLICY

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Information Security Policies. Version 6.1

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

INFORMATION GOVERNANCE POLICY

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy? Scope of this Policy Principles of data quality...

Information Governance Policy

How To Protect School Data From Harm

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

Data Protection Breach Management Policy

Personal Health Information Privacy Policy

A Best Practice Guide

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Protective security governance guidelines

Information Governance and Assurance Framework Version 1.0

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

Risk Management Policy and Framework

OFFICIAL. NCC Records Management and Disposal Policy

Information and Compliance Management Information Management Policy

GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK

NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records

Data Protection Policy

COMPLIANCE PROGRAM FOR XL GROUP PLC

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

University of Sunderland Business Assurance Information Security Policy

Disposal Schedule for Functional records of Retirement Benefits Fund. Disposal Authorisation No. 2416

CCG: IG06: Records Management Policy and Strategy

HERTSMERE BOROUGH COUNCIL

Highland Council Information Security Policy

How To Protect Decd Information From Harm

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

Data Protection Policy

Information Security Policy

University of Aberdeen Information Security Policy

Data Protection Policy

Information Governance Framework

SOCIAL MEDIA POLICY. Introduction

Subject Access Request Protocol

Records Management plan

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Human Resources Policy documents. Data Protection Policy

Information Security and Governance Policy

Department of the Premier and Cabinet Circular. PC030 Protective Security Policy Framework

DATA PROTECTION POLICY

Records and Information Management. General Manager Corporate Services

Privacy and Cloud Computing for Australian Government Agencies

LGRF. Procurement Probity Plan. July 2012

University of Liverpool

Life Cycle of Records

Information Governance Policy

Information Governance Strategy. Version No 2.0

Transcription:

Group Standard Information Integrity & Data Management Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is accurate, consistent and produced in a timely manner in order to enable effective decision making. SMS GS-II1 Information Integrity & Data Management December 2014 V1.1 Serco Public

Document Details Contents Document Details erence SMS GS-II1: Information Integrity & Data management Approval Date December 2014 Serco Public Version 1.1 Date for next review December 2016 Applicability Serco Group covering all business regions, operating companies and business units throughout the world 1 Authority Chief Executive, Serco Group plc Accountable Policy Owner (Group) Chief Information Officer (Group) Additional Information Supporting standards, standard operating procedures and guidance relating to this Group Standard are available on Our World under Serco Management System Governance Our policies and standards, together with any regional or market requirements and enhancements to them, are authorised through a robust governance process. The SMS Quality Manual describes this process and is available on Our World under Serco Management System Consequence Management As a Group Standard the requirements detailed in this document are mandated and must be adhered to. Non-compliance will have consequences which may include disciplinary action. The Consequence Management Group Standard (SMS-GS-G1) details how instances of noncompliance will be dealt with 1 As used herein, Serco Group and its affiliates, subsidiaries and operating companies are referred to as Serco, the Company or company, or we, us or our. 1 Objectives... 2 2 Policy Standards... 2 2.1 Data integrity management... 2 2.2 Contract document management... 3 2.3 Incident reporting... 3 2.4 Freedom of information... 4 2.5 Document retention... 4 2.6 Document and record management... 4 3 Responsibilities & Accountabilities... 5 4 Processes and... 7 4.1 Governance processes and controls... 7 4.2 Key processes and controls... 14 5 Supporting documentation and guidance... 19 6 Definitions... 19 7 Further information and support... 20 1 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

1 Objectives Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is accurate, consistent and produced in a timely manner in order to enable effective decision making. To achieve this we will: demonstrate data and information integrity internally, externally and with our customers by providing accurate, consistent and timely responses not make misleading, false or exaggerated claims mandate and monitor acceptable use standards regarding employees access, processing and publishing of information (including the use of social media) 1 manage the access to information available on Our World, the Company s intranet classify information in accordance with the Security Group Standard 2 record all commercial, business and legal transactions and securely maintain all material documents, including signed contract documents and variations ensure consistency of response and accurate reporting of incidents and accidents 3 manage requests for information from public authorities in accordance with relevant laws and regulations 4 retain documents and records appropriately and in accordance with business and legislative requirements 5 implement effective document management processes and controls to ensure all documents and records are handled, stored, reviewed and disposed of appropriately 2 Policy Standards 2.1 Data integrity management S1. When providing information internally or externally, or responding to customer enquiries, tenders and bids as well as media, regulatory agencies and other external audiences, the information issued on behalf of the Company will be accurate, consistent, complete and timely. We will not make misleading, false or exaggerated claims concerning the Company, or competitors S2. All business information of Serco will be treated with confidentiality, including information obtained regarding Serco s customers and other business partners S3. Sensitive information will be protected by appropriate confidentiality agreements and applicable security protocols and encryption, distinguished from information that is freely disclosable and clearly marked 6 S4. All information created on the internet or other social media will be fair to and respect all religions, political, economic and racial differences and opinions and show proper consideration for others privacy S5. Customer information will remain confidential unless the customer has given written consent, or the al Legal Representative has confirmed that the law or the contract requires its disclosure S6. All employees will ensure that the information they access, process and publish which relate to Serco (whether in or outside of work) comply with: our values and Governing Principles our Code of Conduct relevant Serco policy standards and operating procedures all applicable laws (including copyright, trademarks, the fair use of material owned by others and data protection legislation), and do not result in harm or damage to Serco s reputation 1 See Acceptable Use Group Standard : SMS-GS-BC1 2 See Security Group Standard : SMS-GS-S1 3 See Incident Reporting & Management GSOP : SMS GSOP O1-2 4 See Freedom of Information GSOP : SMS GSOP II1-1 5 See Document Retention GSOP : SMS GSOP II1-2 6 See Acceptable Use Group Standard (Privacy) : SMS-GS-BC1 2 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

S7. Financial records and reports will be accurate and complete and will conform to relevant international and national legislation and regulations 7 S8. Internal and external performance and compliance information will be verifiably accurate. If this information cannot be verified, this should be noted when the information is reported. An action plan will be developed to ensure information can be verified as accurate in the future. If this is not possible then the issue will be reported to the next level of management S9. Serco employees will not falsify records or misrepresent facts S10. Material which refers to Serco or uses the Company s name on multimedia and social networking websites may be published, providing that this is done in a professional and responsible manner, does not harm or tarnish the image, reputation and goodwill of Serco and our employees and meets our Acceptable Use Group Standard 8 S11. Where mistakes occur in the provision of information, these must be corrected in a timely manner 2.2 Contract document management S12. All commercial, business and legal transactions, including information relating to contract change, contractual negotiation, financial and service performance, will be properly and accurately recorded with input from the al Legal Representative S13. All material documents that govern Serco s contractual relationships, including signed contract documents and variations, must be held in a safe and secure manner and in accordance with document retention requirements 9 S14. Where contractual documentation is stored electronically it must be securely stored on a Serco managed network with adequate security controls (as required by the security classification) 10 S15. Where documents are stored on a customer network, and there is no secondary store in a Serco managed network, a document register must be maintained, stating document location and access methods, to ensure information is accessible by Serco employees S16. Where contractual documentation must be retained in hard-copy format, this must be stored in appropriately secured file storage location on Serco premises, on a contract site or at an approved 3 rd party archive location S17. Hard copy documents must be recorded in a document register that is stored within the contract s electronic document management system S18. A clear audit trail of contractual documents and their changes will be maintained to preserve commercial and contractual integrity during the lifetime of service delivery and beyond. All documents must be clearly marked with a version number and provide a change history S19. It is recognised that contracts relating to Government secure or restricted goods or services may implement additional security requirements, which will impact on the nature of both the physical and electronic locations for document storage and access to this storage. Where such requirements are in place, they will be complied with S20. Contracts and other documents relating to a contractual dispute or claim (for instance internal and external correspondence) will be maintained and not released or destroyed except as directed by Serco s legal representatives 2.3 Incident reporting S21. All incidents, accidents and significant events will be categorised and reported using the Serco Incident Reporting Scale (SIRS), subject to any applicable limitations, e.g. confidential reporting and other regulated activity, and in a manner so as to properly preserve defences, legal privileges and other rights and interests of Serco 11 7 See Finance Group Standard : SMS-GS-F1 8 See Acceptable Use Group Standard : SMS-GS-BC1 9 See Document Retention GSOP : SMS GSOP II1-2 10 See Security Group Standard : SMS-GS-S1 11 SIRS is detailed in Annex A of Incident Reporting & Management GSOP : SMS GSOP O1-2 3 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

S22. All incidents, accidents and significant events will be entered onto ASSURE and reported to any other appropriate national or other regulatory body in accordance with legal requirements S23. All incidents, accidents and significant events will be investigated and escalated in accordance with Serco Incident Reporting Scale (SIRS) 12 S24. Corrective and preventive actions will be implemented and communicated following investigations 2.4 Freedom of information S25. Processes will be in place to handle requests for information by the public where there is a statutory or regulatory requirement to do so. In the UK this relates to the Freedom of Information Act 2000 and the Environment Information Regulation 2004 13 S26. Where such requests are made, Serco will work with the customer to ensure an appropriate and proportionate response S27. Any information that is published must not compromise personal security of the individual, their colleagues, our customers or our business. Particular care must be taken regarding government or public sector clients; in these cases vetting status or the sensitivity of the work being done must not be disclosed S28. All commercially sensitive, trade secrets or confidential information should be clearly marked 14 2.5 Document retention S29. Document retention systems and procedures will be established which address the manner in which the particular organisation and employees deal with documents in the various jurisdictions they operate within S30. Procedures will be implemented for the retention and destruction of hard and soft copies of documents created and received by Serco S31. The Document Retention Group Standard Operating Procedure 15 must be referred to when considering the appropriate retention periods for documentation. However, consideration should also be given to local retention requirements agreed with customers S32. Records will be kept for as long as is necessary for the business purposes of Serco which may be defined in legislation, regulatory or contractual requirements. Other circumstances may also need to be considered such as litigation, government investigation or those identified by the al Legal Representative or their designee(s) S33. Where the al Legal Representative has identified a need to retain records, they will notify appropriate departments and retain relevant records until further notice, ensuring disposal of those records when no longer required in an appropriate manner and timeframe 2.6 Document and record management S34. All documents and records must be controlled, handled, stored, reviewed and disposed of, appropriate to their security classification, document type and retention period 16 S35. Documentation handled and stored but not owned by Serco will be managed in line with customer contractual requirements S36. Document ownership will be clearly defined where operating procedures or supporting documentation are shared with the customer. Such documents will be appropriately identified and classified to ensure the correct Intellectual Property Rights and Data Classification status are established as defined 12 See Incident Reporting and Management GSOP : SMS GSOPO1-2 13 See Freedom of Information GSOP : SMS GSOP II1-1 14 See Information Privacy Classification GSOP : SMS-GSOP-S1-5 15 See Document Retention GSOP : SMS GSOP II1-2 16 See Quality Policy Statement : SMS-PS-Q and Security Group Standard : SMS-GS-S1 4 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

3 Responsibilities & Accountabilities S37. The following responsibilities will apply to the delivery of the defined standards. If these are not completed effectively, the person responsible will be accountable for any consequences 17. Group S38. The Group CEO will appoint a Group Information and Data Management Lead responsible for: a. developing and maintaining Group information and data management policy b. ensuring standards and associated procedures and key controls remain fit for purpose, reflect legislative and regulatory requirements and effectively manage information and data management risks c. providing oversight and reporting S39. The al CEO will ensure an individual(s) is allocated responsibility for: a. Information and Data Management b. Freedom of Information Act 18 c. Document Retention S40. al Information and Data Management Leads are responsible for: a. implementing Information and Data Management policy, standards, procedures and key controls across the ; which may include the development of country/region/al procedures and management systems b. ensuring appropriate Information and Data Management resources are available to support the business c. providing oversight and reporting divisional performance d. implementing a management assurance framework to provide confidence that key controls are being implemented effectively S41. al Freedom of Information Leads are responsible for: a. completing an information audit and notifying relevant public authorities b. handling queries concerning new or existing confidentiality clauses in contracts with public authorities c. handling notifications from a public authority that it has received a Freedom of Information request relating to Serco information and responding to those requests S42. al Document Retention Leads are responsible for: a. implementing document retention procedures b. ensuring appropriate training is provided c. providing oversight and reporting divisional performance S43. The Managing Director is responsible for: a. ensuring Information and Data Management requirements are implemented across the b. ensuring appropriate processes and controls are implemented and effective across their Contract/Function S44. Contract Managers/Functional Areas are accountable for: a. ensuring Information and Data management responsibility is clearly defined and appropriate controls are in place b. providing assurance that these requirements are being implemented effectively c. ensuring training is provided to identified data handlers and data owners to ensure they understand local processes, roles and responsibilities d. ensuring all records and documentation (including contractual documentation) are held in a safe and secure manner and in accordance with document management and retention requirements 19 e. liaising with the Legal/Contracts Team for advice and guidance, where required, regarding data and information retention, security and disclosure f. ensuring all incidents and accidents are entered into ASSURE within defined timescales and categorised according to the SIRS scale 20 17 See Consequence Management Group Standard : SMS-GS-G1 18 Where legislation is in place in regard to the handling of information in public authorities 19 See Document Retention GSOP : SMS GSOP II1-2 20 See Incident Reporting & Management GSOP : SMS GSOP O1-2 5 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

All employees S45. All employees are responsible for: a. undertaking training provided and ensuring any mandatory training is kept up to date b. following defined procedures, work instructions, method statements and risk assessments c. telling a line manager or Information and Data Management Lead of any information or data management concerns 6 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

4 Processes and 4.1 Governance processes and controls Process for ensuring controls are in place and operating effectively P1 Responsibilities are defined and understood C1 A Group Information and Data Management Lead is appointed by the Group CEO with responsible for: developing and maintaining Group policy ensuring standards and associated procedures and key controls remain fit for purpose and manage risks providing oversight and reporting 7 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

Process for ensuring controls are in place and operating effectively C2 A al Information and Data Management Lead is appointed by the al CEO with responsibility for: implementing policy, standards, procedures and key controls across the division; which may include the development of country/region/divisional procedures and management systems ensuring appropriate resources are available to support the business providing oversight and reporting divisional performance implementing a management assurance framework to provide confidence that key controls are effective 8 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

Process for ensuring controls are in place and operating effectively C3 A al Freedom of Information Lead is appointed by the al CEO with responsibility for: completing an information audit and notifying relevant public authorities handling queries concerning new or existing confidentiality clauses in contracts with public authorities handling notifications from a public authority relating to Serco information and responding to those requests C4 A al Document Retention lead is appointed with responsibility for: implementing document retention procedures ensuring appropriate training is provided providing oversight and reporting divisional performance 9 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

Process C5 MDs are responsible for: ensuring information and data management requirements are implemented across the ensuring appropriate processes and controls are implemented and effective across their C6 Contract Managers/Functional Leads are responsible for: ensuring Information and Data management responsibility is clearly defined and appropriate controls are in place providing assurance that these requirements are being implemented effectively ensuring training is provided to identified data handlers and data owners to ensure they understand local processes, roles and responsibilities ensuring all records and documentation (including contractual documentation) are held in a safe and secure manner and in accordance with document management and retention requirements for ensuring controls are in place and operating effectively 10 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

Process liaising with the Legal/Contracts Team for advice and guidance, where required, regarding data and information retention, security and disclosure ensuring all incidents and accidents are entered onto ASSURE within defined timescales and categorised according to the SIRS scale C7 Data handlers and data owners responsibilities are defined with local procedures implemented and training provided for ensuring controls are in place and operating effectively P2 Establish Information Integrity & Data Management policy C8 Policy, standards and Group procedures are defined and published C9 Policy, standards and Group procedures are communicated and implemented P3 Establish Information Integrity and Data Management systems and processes C10 A Data Integrity Management Procedure is defined, implemented and communicated C11 Contract document management procedures are defined, implemented and communicated 11 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

Process C12 Incident Reporting procedures are defined, implemented and communicated C13 Freedom of Information procedures are defined, implemented and communicated C14 Document Retention Procedures are defined, implemented and communicated to address: the creation of documents in the context of potential litigation the decision-making process to be undertaken in determining whether a document should be retained and, if so, for how long the method and format of retention for particular types of documents the review to be undertaken in relation to retained documents the disposal of documents in an appropriate manner C15 Document and Record Management procedures are defined, implemented and communicated for ensuring controls are in place and operating effectively 12 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

Process C16 Information Integrity and Data Management systems with supporting procedures and work instructions are periodically reviewed in light of any compliance assessment and audit results, legal changes, changing circumstances and the commitment to continuous improvement C17 Legal and regulatory Information Integrity and Data Management requirements are monitored with changes reflected in systems, procedures and work instructions for ensuring controls are in place and operating effectively P4 Information Integrity and Data Management Compliance C18 An Information Integrity and Data Management compliance plan is in place C19 Agreed actions are closed out 13 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

4.2 Key processes and controls Process for ensuring controls are in place and operating effectively P5 Manage Information/Data Integrity C20 All data handlers and owners are trained in and understand local processes for the handling of information C21 Data Handlers and data owners have data integrity as one of their performance objectives C22 All information is classified in accordance with the Group Security Standard and Information Privacy Classification GSOP C23 Customer information is treated as confidential (unless otherwise stated in law or written consent is given by the customer or the al Legal Representative) C24 Records of written consent from customers are maintained where customer information has been publicly disclosed 14 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

Process for ensuring controls are in place and operating effectively C25 Sensitive information is clearly marked and protected (by confidentiality agreements, security protocols, encryption etc.) to distinguish it from information that is freely disclosable C26 Local controls are in place to verify that any records produced or information provided is accurate C27 All internal and external performance and compliance information is verifiably accurate and where this cannot be the case, mitigating actions are implemented C28 Where mitigating actions cannot be taken to verify the accuracy of performance and compliance information, this has been escalated 15 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

Process for ensuring controls are in place and operating effectively P6 Contract Document Management C29 Accurate records are maintained of all commercial, business and legal transactions. These include: contract changes contractual negotiation financial performance service performance C30 All material documents that govern contractual relationships, including signed contract documents and variations are securely and safely stored in accordance with document retention requirements C31 A document register is maintained and stored within the contract s electronic document management system, which includes document location and access methods for: any material contractual documents stored on a customer network any hard copies of material contractual documents held C32 All contractual documentation is clearly marked with a version number 16 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

Process for ensuring controls are in place and operating effectively C33 al Legal Representatives are consulted prior to releasing or destroying any material contractual documents relating to a contractual dispute or claim P7 Incident Reporting C34 Accidents, incidents and significant events are categorised and reported using the Serco Incident Reporting Scale (SIRS), subject to applicable limitations C35 All accidents and incidents, which much include HSE and security incidents, are entered onto ASSURE C36 All accidents, incidents and significant events are investigated and escalated in accordance with Serco Incident Reporting Scale (SIRS) C37 Corrective and preventive actions arising from accident and incident investigations are implemented and communicated 17 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

Process for ensuring controls are in place and operating effectively P8 Freedom of Information C38 Where there is a statutory or regulatory requirement to do so, processes are in place to ensure compliance in regard to handling requests for information by the public C39 All commercially sensitive, trade secrets or confidential information is clearly marked P9 Document Retention C40 All documents are retained in accordance with Statutory and Regulatory record retention requirements and the Document Retention GSOP P10 Document and Record Management C41 All documents and records are controlled, handled, stored, reviewed and disposed of, appropriate to their security classification, document type and retention period C42 Document ownership and classification is clearly defined for operating procedures and supporting documentation shared with the customer 18 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

5 Supporting documentation and guidance 6 Definitions Term Definition The following should be read in conjunction with this standard: Document SMS-GS-G1 Consequence Management Group Standard SMS-GSOP-II1-2 Document Retention SMS-GSOP-II1-1 Freedom of Information SMS-GSOP-O1-2 Incident Reporting & Management SMS-GS-S1 Security Group Standard SMS-GS-F1 Finance Group Standard SMS-GS-BC1 Acceptable Use Group Standard SMS-PS-Q Quality Policy Statement Accountability Group Being accountable means being not only responsible for something but also answerable for your actions. A responsible person is the individual who completes the task required. can be shared and delegated. All responsible persons will also be accountable for completing tasks effectively. Non-compliance will have consequences which may include disciplinary action as defined within the Consequence Management Group Standard. Serco Group plc is the administrative centre of the organisation, responsible for setting corporate strategy, defining governance requirements and supporting the business in its day to day operations The Group will define a set of business divisions which will be responsible for business delivery within a defined set of markets or geographies. A is a cluster of contracts which provide a similar service e.g. Health, Defence, Transport etc. Where appropriate, a separate legal entity wholly owned or where Serco has a controlling share may also be referred to as a, where appropriate. This may also refer to Counties/Territories 19 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

Contract Organisation Contract Manager Data Handler Data Owner A Contract provides specified requirements to a customer (either directly with Serco or to a consortium/joint Venture in which Serco is a party) A Contract will also refer to a corporate/functional area. Corporate/functional areas are functions which support the business and they include finance, HR, procurement etc. Organisation refers to a site, Contract, Business Unit and. This refers to a manager with responsibility for managing the performance of a contract and can include a Contract Manager on a day-to-day basis (or Operational Manager with devolved responsibility), a Contract Director, Partnership Director and/or a Managing Director A data-handler is any employee who collates, inputs or processes data A data-owner is the person who is accountable for the integrity and handling of the data, and will often be the Contract Manager 7 Further information and support If you require any further information or support regarding this Group Standard, or if you have any suggestions for improvement, please contact the Accountable Policy Owner (Group) or email sms@serco.com 20 SMS-GS-II1 Information Integrity & Data Management December 2014 v1.1 Serco Public

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information