Information Governance Support Pack



Similar documents
N3 Protecting the Network through Information Governance and Assurance

Information Governance Toolkit Assessment 2009/10

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Information Governance Plan

IG Toolkit Version 8. Information Security Assurance. Requirement 322. Detailed Guidance on Secure Transfers

INFORMATION GOVERNANCE POLICY

, Calendar and Messaging Services Good Practice Guideline

SMS and Texting - A Guide to the Future

NHS Commissioning Board: Information governance policy

Birmingham City Council Internet Monitoring Standard

Information Security Assurance Plan 2015/16

NHS Information Governance: 2010/11 UPDATE

Offshore and Internet Connection Addendum to the. Data Sharing Agreement. Version 1.3

INFORMATION GOVERNANCE POLICY & STRATEGY FINAL DRAFT

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Introduction to the NHS Information Governance Requirements

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

3 What Personal Information do we collect and why do we need it?

USE OF PERSONAL MOBILE DEVICES POLICY

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

Information Governance Strategy

Information Governance in Commissioning. Mental Health Commissioners Collaborative

Information Governance Policy

TERMS OF REFERENCE: REVIEW OF THE INFORMATION GOVERNANCE TOOLKIT

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

Information Governance Framework and Strategy. November 2014

Data Access Request Service

NY&H CSU Service Specification IMT Service SAMPLE ONLY

Information Governance Strategy

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February Title: Information Security Policy

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

Securing excellence in IT Services. Operating model for offender health care

EA-ISP-012-Network Management Policy

Information Governance Strategy :

Information Governance Policy

A Question of Balance

INFORMATION TECHNOLOGY SECURITY STANDARDS

Page 41. Briefing Note: Sharing Data with and Connecting to the NHS Overview HEALTH AND WELL BEING SCRUTINY COMMITTEE 9 JULY 2009

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

ULH-IM&T-ISP06. Information Governance Board

UCL Information Governance Framework Trevor Peacock UCL School of Life and Medical Sciences

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

INFORMATION GOVERNANCE STRATEGY

How To Ensure Information Security In Nhs.Org.Uk

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

1.5 The Information Governance Policy should be read in conjunction with the Information Governance Strategy.

Use of Exchange Mail and Diary Service Code of Practice

XIT CLOUD SOLUTIONS LIMITED

IS INFORMATION SECURITY POLICY

Cloud Software Services for Schools

Information Governance Framework

Trust Operational Policy. Information Security Department. Firewall Management Policy

Information Governance Toolkit Report 2013/14

Policy Document Control Page

Information Sharing Protocol

Access Control Policy

Disclosure Requirements of CloudCode Software

A Framework for the Safe and Secure Use & Management of Community Pharmacy NHSmail including Generic Mailboxes

Zinc Recruitment Pty Ltd Privacy Policy

Internet and Social Media Policy

Electronic Communications Monitoring Policy

TELEFÓNICA UK LTD. Introduction to Security Policy

Information Governance Toolkit. Information Security Assurance. Detailed Guidance on Secure Transfers

Digital Device LOAN CHARTER

Data Encryption Policy

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

SALISBURY NHS FOUNDATIONTRUST

ehealth Architecture Principles

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

Information Governance Strategy 2015/16

INFORMATION WE MAY COLLECT FROM YOU

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction Policy Statement Purpose...

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

University of Sunderland Business Assurance Information Security Policy

TERMS & CONDITIONS of SERVICE for MSKnote. Refers to MSKnote Limited. Refers to you or your organisation

Terms & Conditions For services supplied by WebTek Designs Ltd

Information Security Policies. Version 6.1

Service Schedule for BT Business Lite Web Hosting and Business Lite powered by Microsoft Office 365

Information Security and Governance Policy

Internet Use Policy and Code of Conduct

RIPE Database Terms and Conditions

Governance. Information. Bulletin. Welcome to the twentieth edition of the information governance bulletin

Guidance for Third Party Users of ECOES

Trust Operational Policy. Information Security Department. Third Party Remote Access Policy

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

Information Security Team

If you are unclear about the implications of Auto Enrolment you will find our Guide to Auto Enrolment a good starting point.

Client information note Assessment process Management systems service outline

Squaring the circle: using a Data Governance Framework to support Data Quality. An Experian white paper

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Hong Leong Asia Ltd.

PERSONAL DATA PROTECTION CHECKLIST FOR ORGANISATIONS

NHS Information Governance:

Copyright 2016 Health and Social Care Information Centre

Barnet Partnership Information Sharing Protocol

Further to reports to EAG in February and March 2014, the purpose of this report is to;

Appendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF INTERNET- BASED NETWORK SECURITY

Transcription:

PCTI Solutions Document Version: 0,1 19 February 2013 Pioneer Court, Pioneer Way, Whitwood, Castleford, West Yorkshire, WF10 5QU T: 01977 66 44 96 F: 01977 66 44 99 E: info@pcti.co.uk W: www.pcti.co.uk

Contents Document Information... 2 Ownership... 2 History... 2 I.G. Breaches... 2 IG Training Tool ODS CODE... 2 Data Protection registration Number... 2 Information Governance Assurance Statement... 3-4 Page 1 of 4

Document Information Ownership PCTI Document Owner Information Governance Executive Lead Mark Forrest Wendy Clark Author Stage Description Version 1 Mark Forrest Version First Draft 0,1 Published 1,0 Information Governance Breaches Incident Number Incident Date Description Category IG Training Tool ODS CODE: 8HP20 Data Protection Registration Number: Z5235627 Page 2 of 4

Information Governance Assurance Statement 1. All organisations that have either direct or indirect access to NHS CFH services 1, including N3, must complete an annual Information Governance Toolkit Assessment and agree to the following additional terms and conditions. Where the Information Governance Toolkit standards are not met to an appropriate standard (Minimum level 2), an action plan for making the necessary improvements must be agreed with the Department of Health Information Governance Policy team or with an alternative body designated by the Department of Health (e.g. a commissioning organisation). 2. All organisations providing indirect access 2 to NHS CFH services for other organisations (approved N3 link recipients), are required to provide the Department of Health, on request, with details of all organisations that have been permitted access, the business justification and the controls applied, and must maintain a local log of organisations to which they have allowed access to N3. This log should be reviewed regularly by the organisation and unnecessary access rights removed. The Department of Health or an alternative body designated by the Department of Health may request sight of these logs in order to facilitate or aid audit or investigations. 3. The approved N3 link recipient is responsible for their compliance with IG policies and procedures and may request authorisation by the Department of Health to monitor and enforce the compliance and conduct of subsidiary connected organisations and suppliers to ensure that all key information governance requirements are met. 4. The use of NHS CFH Services should be conducted to support NHS business activities that contribute to the care of patients. Usage of individual services must be conducted inline with those individual services requirements and acceptable use policies. The use of NHS CFH provided infrastructure or services for unauthorised advertising or other non-healthcare related activity is expressly forbidden. 5. All threats or security events affecting or potentially affecting the security of NHS CFH provided infrastructure or services must be immediately reported via the NHS CFH incident reporting arrangements or via local security incident procedures where applicable. 6. All infrastructure and connections to other systems and networks which are not covered by an approved Information Governance Toolkit Assessment and agreement to this IG Assurance Statement must be segregated or isolated from IGT covered infrastructure and connections such that IGT covered infrastructure and connections, or NHS CFH Services are not put at risk. A Logical Connection Architecture diagram must be maintained by network managers in accordance with NHS CFH guidance and must be provided for Department of Health review on request. 7. Organisations with access to NHS CFH Services shall ensure that they meet the requirements of the Department of Health policy on person identifiable data leaving England, or being viewed from overseas. A copy of the Information Governance Offshore Support Requirements applicable to those accessing NHS CFH Services is available on request or can be downloaded from http://www.connectingforhealth.nhs.uk/igsoc. The agreement of the Department to this limited support or exceptionally to more extensive processing must be explicitly obtained. 8. Where another network is connected to N3, only services that have been previously considered and approved by the Department of Health as appropriate for that network are Page 3 of 4

permissible. Requests for new or changed services must be provided to the Department for consideration. 9. Organisations may not create or establish any onward connections to the N3 Network or NHS CFH provided services from systems and networks which are not covered by an approved Information Governance Toolkit Assessment and agreement to this IG Assurance Statement. 10. The approved organisation shall allow the Department of Health, or its representatives, to carry out ad-hoc on-site audits as necessary to confirm compliance with these terms and conditions and with the standards set out in the Information Governance Toolkit. Information Governance Assurance Statement PCTI Solutions LTD confirm that we have read, understood and agree to comply with the additional terms and conditions that apply to organisations that have access to NHS CFH services and acknowledge that failure to maintain compliance may result in the withdrawal of NHS CFH services. 1 NHS CFH Services include the N3 network and other national applications or services provided by NHS CFH, e.g. Choose and Book and NHSmail. 2 Access to the N3 network or NHS CFH Services via another organisation or gateway. Page 4 of 4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information