DATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:

Similar documents
Nottinghamshire County Council. Data protection audit report

Information Governance Policy

Cardiff Council. Data protection audit report. Executive summary June 2014

Central London Community Healthcare NHS Trust. Data protection audit report

NHS Commissioning Board: Information governance policy

Information Governance Strategy. Version No 2.1

AUDIT COMMITTEE 10 DECEMBER 2014

Renfrewshire Council. Data protection audit report. Executive summary January 2013

How To Protect School Data From Harm

Information Governance Policy

We then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective.

Public Records (Scotland) Act Healthcare Improvement Scotland and Scottish Health Council Assessment Report

INFORMATION GOVERNANCE STRATEGY NO.CG02

Lauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L.

Information Governance Standards in Relation to Third Party Suppliers and Contractors

Information Governance Strategy. Version No 2.0

Auditing data protection a guide to ICO data protection audits

Document No: IG10f. Version: 1.0. Information Governance Contracts Guidance. Name of Procedure: Version Control

Information Governance Strategy & Policy

Information Governance Policy. 2 RESPONSIBLE PERSON: Steve Beeho, Head of Integrated Governance. All CCG-employed staff.

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

Information governance strategy

Highland Council Information Security Policy

Policy Document Control Page

Information Governance Training Plan v13

Information Governance Strategy Includes Information risk & incident management methodology

INFORMATION GOVERNANCE POLICY

NHS Waltham Forest Clinical Commissioning Group Information Governance Strategy

AUDITOR GUIDELINES. Responsibilities Supporting Inputs. Receive AAA, Sign and return to IMS with audit report. Document Review required?

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Information Governance Management Framework

A Question of Balance

Cleveland Police. Data protection audit report. Executive summary November 2014

Information Security and Governance Policy

Information Governance Plan

Information Governance Strategy

The Professional Standards Team is also available to discuss any aspect of the Code with you, so please do contact us if you have any queries.

Birmingham Women s NHS Foundation Trust

Information Governance Checklist and Privacy Impact Assessments

THE MORAY COUNCIL. Guidance on data security breach management DRAFT. Information Assurance Group. Evidence Element 9 appendix 31

Policy: D9 Data Quality Policy

Data Protection Audit Report - Southampton City Council

INFORMATION RISK MANAGEMENT POLICY

IP-PGN-14 Part of NTW(O)05 Incident Policy

Policy. VBA Enterprise Risk Management. Governance Unit

OFFICIAL. NCC Records Management and Disposal Policy

Operations. Group Standard. Business Operations process forms the core of all our business activities

Records Management plan

Information Governance and Assurance Framework Version 1.0

Queensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers

Findings from ICO audits and reviews of community healthcare providers. June 2013 to December 2014

POLICY CONTRACT MANAGEMENT POLICY POLICY STATEMENT

Privacy and Electronic Communications Regulations

Self assessment tool. Using this tool

Lauren Hamill, Information Governance Officer

Information Governance Strategy :

Data Protection Breach Reporting Procedure

Policy Checklist. Head of Information Governance

When things go wrong: information governance breaches and the role of the ICO. David Evans, Senior Policy Officer

Dean Bank Primary and Nursery School. Data Protection Policy

Human Resources Policy documents. Data Protection Policy

Data Security Breach Management Procedure

UCL Information Governance Framework Trevor Peacock UCL School of Life and Medical Sciences

Information Governance Framework

Date: 30 th May Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR:

Privacy Impact Assessment and Information Governance Checklist

Supplier Assurance Framework Good Practice Guide

Cambridgeshire Constabulary. Data protection audit report

Cloud Software Services for Schools

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

Web Site Download Carol Johnston

XIT CLOUD SOLUTIONS LIMITED

JOB DESCRIPTION. Hours: 37.5 hours per week, worked Monday to Friday

How To Ensure Network Security

Program Guide for Risk-based Compliance Monitoring and Enforcement Program. ERA-01 Rev. 1. NPCC Manager, Entity Risk Assessment

Little Marlow Parish Council Registration Number for ICO Z

Security Incident Management Policy

CCF Systems Gap Analysis Checklist. Civil Contractors Federation. Civil Construction Management Code

Information Governance Policy

NHS Lancashire North CCG. Competition Dispute Resolution Policy and Process

NHS Waltham Forest Clinical Commissioning Group Information Governance Policy

Data Quality Policy. Appendix A. 1. Why do we need a Data Quality Policy? Scope of this Policy Principles of data quality...

Incident Management Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE. By Melbourne IT Enterprise Services

Cloud Software Services for Schools

Cloud Software Services for Schools. Supplier self-certification statements with service and support commitments. SafeGuard Software Limited

Information Management Policy

Information Governance Strategy

Data Protection Policy

Information Security Incident Management Policy

Information Governance Strategy Includes Information risk & incident management methodology

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Data Protection Policy

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

INFORMATION SECURITY POLICY

Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision.

Transcription:

DATA PROTECTION SELF-ASSESSMENT TOOL Protecture: 0203 691 5731

Instructions for use touches many varied aspects of an organisation. Across six key areas, the self-assessment notes where a decision should have been made, or an action taken, in order to ensure compliance across your organisation. The Position column is where you indicate one of three possible positions: 1. Yes you consider yourself compliant. Record your evidence for this position. 2. No you believe you do not need to address the issue (e.g. because of the size of your organisation). Record your rationale for this position. 3. Under Review the issue is under. Record the actions you plan to address the issue, e.g. who has been allocated responsibility and the timescale / next date. The results of your self-assessment should then be summarised on the following page. This will enable you to prioritise actions and changes in the areas of greatest risk. Subscribers Subscribers to our data protection service get four hours of data protection advice and guidance i.e. we would work though the self-assessment tool with you, if needed. We would then address any gaps you might have. For example, work with you to make changes to existing policies; deliver any onsite training; audit systems or processes. Our Subscribers also have access to guidance, template policies and checklists via the Members Area of our website (the Reference column of this Self-assessment Tool refers to these). P a g e 1 of 12

Index Number of Action Points Position Y N Action Plan 01 Roles and Responsibilities staff, agency workers and service providers 4 02 Your staff 3 03 Your day-to-day handling of personal information 5 04 Your buildings (physical security) and offsite working 2 05 Your handling of information security incidents 1 06 Your handling of requests for access to personal information 2 Top 3 priorities: 1 2 3 P a g e 2 of 12

01 Action point A : Roles and Responsibilities staff, agency workers and service providers Your employees: Appoint or confirm the following roles: 1. Senior Management Glossary Y N Under 2. Oversight Glossary Y N Under 3. Audit Glossary Y N Under 4. Senior Information Risk Owner (SIRO) Glossary Y N Under 5. Information Asset Owners (IAOs) Glossary Y N Under 6. Managers Glossary Y N Under 7. Human Resources Glossary Y N Under 8. Users Glossary Y N Under 9. Officer Glossary Y N Under 10. Information Security Officer Glossary Y N Under 11. Facilities Management Glossary Y N Under 12. Legal Services Glossary Y N Under 13. Business Continuity Glossary Y N Under P a g e 3 of 12

01 Action point B: Roles and Responsibilities staff, agency workers and service providers Your employees: Adopt or amend Human Resources policy, to address the following areas: 1. Before employment prior to access to personal data 2. During employment accessing personal data 3. After employment no longer accessing personal data 4. Emergency suspension of a User s access Y N Under Action point C: Agency workers and service providers: Adopt or amend contract clauses / terms and conditions to address the following: 1. Third parties with temporary access to personal data 2. Engaging third parties on a contractual basis 3. Engaging third parties on a non-contractual (information sharing) basis Action point D: Glossary DP Guide 01 Y N Under Your organisation: Ensure notification with the Information Commissioner s Office (ICO) 1. Notification with the ICO Y N Under 2. Annual of notification Y N Under P a g e 4 of 12

02 Your staff Action point A: Provide data protection training and awareness, and maintain evidence it has been received for each User 1. At induction DP Guide 02 Y N Under 2. Annually DP Guide 02 Y N Under 3. When new systems / policies are introduced Action point B: DP Guide 02 Y N Under Adopt or amend an Acceptable Use Policy (AUP) 1. Evidence maintained of Users receiving and signing their AUP AUP addresses the following areas 2. Sharing and disclosing personal information DP Guide 02 Y N Under DP Guide 02 Y N Under 3. Use of email DP Guide 02 Y N Under 4. Use of the internet DP Guide 02 Y N Under 5. Monitoring DP Guide 02 Y N Under 6. Personal use DP Guide 02 Y N Under 7. Computer Misuse DP Guide 02 Y N Under 8. Adherence to policies and procedures DP Guide 02 Y N Under P a g e 5 of 12

02 Your staff Action point C: Adopt or amend the following Policies and / or guidance for use by all Users: 1. Password Policy 03.C.4 below Y N Under 2. Clear Desk, Clear Screen and Secure Waste Policy 03.C.7 below Y N Under 3. Offsite Working Policy 04.B. below Y N Under 4. Removable Media Policy 03.B.4 below Y N Under 5. Sharing Personal Information Policy 03.B.5 below Y N Under For access to the complete Self-Assessment Tool please get in touch. Call 020 3691 5731 Email help@protecture.org.uk Complete the Contact Us form: http:///contact/ P a g e 6 of 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information