SlideShare ist ein Scribd-Unternehmen logo

Information Governance for Registration Authorities

Alex Beisser MBCS
Alex Beisser MBCS
TechnologieBusiness
1 von 25
Downloaden Sie, um offline zu lesen
Registration Authority and the IG Toolkit More than just 303 and 304 Alex Beisser IG and RA Manager 1
Some questions • How many of you have heard about the IG Toolkit (IGT)? • Have you been asked to provide evidence for the IGT? • Were questioned about the evidence that you provided? • What level of compliance have you achieved in the RA Standards? 2
Introduction to IGT • A best practice framework around confidentiality and data protection based on ISO 27001/2 model for the NHS and its partners • Now in its 10th version • 24 different set of standards for organisations • 45 standards for an acute organisation split into  Information Governance Management – 5 Standards  Confidentiality and Data Protection Assurance - 9 Standards  Information Security Assurance – 15 Standards  Clinical Information Assurance – 5 Standards  Secondary Use Assurance – 8 Standards  Corporate Information Assurance – 3 Standards 3
Not all the same • Pharmacies – IGT 10-304 • General Practice – IGT 10-304 • Prison Health – IGT 10-304 and 10-305 • Lucky you... 4
Other providers • What standards are affected for:  Acute Trusts  Mental Health Trusts  Community Health Trusts  Any Qualified Provider – Clinical Services  Commissioning Organisations  Ambulance Service 5
Have a look • IGT 10-101 • IGT 10-105 • IGT 10-110 • IGT 10-111 • IGT 10-112 • IGT 10-200 • IGT 10-206 • IGT 10-300 • IGT 10-301 • IGT 10-302 • IGT 10-303 • IGT 10-304 • IGT 10-305 • IGT 10-308 • IGT 10-309 • IGT 10-400 • IGT 10-601 17 Standards affected 6
The details 101: There is an adequate Information Governance Management Framework to support the current and evolving Information Governance agenda. Required evidence: • RA Manager or representative should sit in IG Steering Committee or Group (ToR) 7
The details 105: There are approved and comprehensive Information Governance Policies with associated strategies and/or improvement plans. Required evidence: • Up-to-date and reviewed RA policy and accompanying procedures (i.e. UIM, ESR, IIM) 8
The details 110: Formal contractual arrangements that include compliance with information governance requirements, are in place with all contractors and support organisations Required evidence: • Service Level Agreements if you provide RA services to other organisations 9
The details 111: Employment contracts which include compliance with information governance standards are in place for all individuals carrying out work on behalf of the organisation Required evidence: • Employment contracts and Job Descriptions for RA Staff • CRB and staff vetting procedures (recent changes) and recording of them in ESR (eGIF flag) • Identifying smartcard use within Job Descriptions 10
The details 112: Information Governance awareness and mandatory training procedures are in place and all staff are appropriately trained. Required evidence: • Is RA mentioned in your IG Training? • End user smartcard usage training 11
The details 200: The Information Governance agenda is supported by adequate confidentiality and data protection skills, knowledge and experience which meet the organisation’s assessed needs Required evidence: • Have your RA staff been trained appropriately • RA Staff’s Job Description • RA procedures and guidance material 12
The details 206: There are appropriate confidentiality audit procedures to monitor access to confidential personal information. Required evidence: • RA access control audits 13
The details 300: The Information Governance agenda is supported by adequate information security skills, knowledge and experience which meet the organisation’s assessed needs Required evidence: • Does the RA Manager has the required knowledge and expertise to run and manage RA? • RA Manager’s Job Description • RA staff are key to organisation’s IG agenda • Is the RA function represented in IG Steering Group? 14
The details 301: A formal information security risk assessment and management programme for key Information Assets has been documented, implemented and reviewed Required evidence: • Risk Assessment of RA function (including software, hardware and staff) 15
The details 302: There are documented information security incident / event reporting and management procedures that are accessible to all staff Required evidence: • Reported smartcard incidents (sharing cards, loss, theft, miss-use etc.) • Procedure for detailing with RA breaches • Incident Policy should refer to RA function • RA audit logs 16
The details 303: There are established business processes and procedures that satisfy the organisation’s obligations as a Registration Authority. Required evidence: • Your RA framework 17
The details 304: Monitoring and enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use Required evidence: • RA Monitoring plan (how will you do it?) • Responsible officer (who will do it?) • Procedure for dealing with smartcard breaches (links to 302) • Improvement and action plan • Improvement and action plan has been audited (spot checks) 18
The details 305: Operating and application information systems (under the organisation’s control) support appropriate access control functionality and documented and managed access rights are in place for all users of these systems Required evidence: • PBAC access control documentation (incl. reviews undertaken in 2012/13) • UIM / IIM Procedures • Smartcard request procedures • RA Structure (Sponsors): “... ensured that there are approved access controls in place for each key information asset under their control” • Samples of access requests 19
The details 308: All transfers of hardcopy and digital person identifiable and sensitive information have been identified, mapped and risk assessed; technical and organisational measures adequately secure these transfers Required evidence: • Service Level Agreements if you provide RA services to other organisations (links to 110) 20
The details 309: Business Continuity Plans are up to date and tested for all critical information assets (data processing facilities, communications services and data) and service - specific measures are in place Required evidence: • RA Business Continuity Plan 21
The details 400: The Information Governance agenda is supported by adequate information quality and records management skills, knowledge and experience Required evidence: • Are your access levels appropriate for staff accessing clinical systems (RiO, EMIS web, Cerner, SCR, etc.)? • Can the staff do their day job without a smartcard? • Gateway documents for RiO R1.1 22
The last one 601: Documented and implemented procedures are in place for the effective management of corporate records Required evidence: • Old RA forms (including from predecessor organisations) • RA request forms, emails, notes etc. 23
If you don’t have enough... 604: As part of the information lifecycle management strategy, an audit of corporate records has been undertaken Required evidence: • Audit of RA forms and requests 24
Are happy, worried or confused? • Organisational structures change all the time • I have been through it all this twice and will soon go through it for a third time • https://nww.igt.connectingforhealth.nhs.uk/ 25

Empfohlen

ISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceAl Abbas, PMP, CISSP, MBA, MSc
 
Privacy Impact Assessment Management System (PIAMS)
Privacy Impact Assessment Management System (PIAMS) Privacy Impact Assessment Management System (PIAMS)
Privacy Impact Assessment Management System (PIAMS) The Canton Group
 
Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017Schellman & Company
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSSKimberly Simon MBA
 
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...ControlCase
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
Practical pseudonymisationv4
Practical pseudonymisationv4Practical pseudonymisationv4
Practical pseudonymisationv4davidjohnhill
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 

Empfohlen

ISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceISO 27001-Manage IT Risks and Build Customer Confidence
ISO 27001-Manage IT Risks and Build Customer ConfidenceAl Abbas, PMP, CISSP, MBA, MSc
 
Privacy Impact Assessment Management System (PIAMS)
Privacy Impact Assessment Management System (PIAMS) Privacy Impact Assessment Management System (PIAMS)
Privacy Impact Assessment Management System (PIAMS) The Canton Group
 
Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017Schellman & Company
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSSKimberly Simon MBA
 
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...
Continual Compliance Monitoring– PCI DSS, HIPAA, FERC/NERC, EI3PA, ISO 27001 ...ControlCase
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
Practical pseudonymisationv4
Practical pseudonymisationv4Practical pseudonymisationv4
Practical pseudonymisationv4davidjohnhill
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 
Hitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-finalHitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-finalajcob123
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
HITRUST CSF Meaningful use risk assessment
HITRUST CSF Meaningful use risk assessmentHITRUST CSF Meaningful use risk assessment
HITRUST CSF Meaningful use risk assessmentVinit Thakur
 
CGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrainCGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrainShivamSharma909
 
Common Security Framework Summary
Common Security Framework SummaryCommon Security Framework Summary
Common Security Framework SummaryJason Rusch - CISSP CGEIT CISM CISA GNSA
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the CloudKimberly Simon MBA
 
ControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase
 
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001ControlCase
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurancea3virani
 
How to get connected to the N3 network
How to get connected to the N3 networkHow to get connected to the N3 network
How to get connected to the N3 networkRedcentric
 
Data Science & Analytics – New approaches and capabilities for driving busine...
Data Science & Analytics – New approaches and capabilities for driving busine...Data Science & Analytics – New approaches and capabilities for driving busine...
Data Science & Analytics – New approaches and capabilities for driving busine...Leigh Hill
 
EU Medical Device Clinical Research under the General Data Protection Regulation
EU Medical Device Clinical Research under the General Data Protection RegulationEU Medical Device Clinical Research under the General Data Protection Regulation
EU Medical Device Clinical Research under the General Data Protection RegulationErik Vollebregt
 
UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1Bryan Cline, Ph.D.
 
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...Health IT Conference – iHT2
 
HM480 Ab103318 ch03
HM480 Ab103318 ch03HM480 Ab103318 ch03
HM480 Ab103318 ch03BealCollegeOnline
 
EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...Erik Vollebregt
 
Accelerating the Path to GDPR Compliance
Accelerating the Path to GDPR ComplianceAccelerating the Path to GDPR Compliance
Accelerating the Path to GDPR ComplianceHernan Huwyler, MBA CPA
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get startedIT Governance Ltd
 
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBA
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBAMinimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBA
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBAHernan Huwyler, MBA CPA
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Top 5 cases of Data Breach caused by Human Error
Top 5 cases of Data Breach caused by Human ErrorTop 5 cases of Data Breach caused by Human Error
Top 5 cases of Data Breach caused by Human ErrorCyware
 
Targeted attacks
Targeted attacksTargeted attacks
Targeted attacksBarry Shteiman
 

Weitere ähnliche Inhalte

Was ist angesagt?

Hitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-finalHitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-finalajcob123
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
HITRUST CSF Meaningful use risk assessment
HITRUST CSF Meaningful use risk assessmentHITRUST CSF Meaningful use risk assessment
HITRUST CSF Meaningful use risk assessmentVinit Thakur
 
CGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrainCGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrainShivamSharma909
 
ControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase
 
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001ControlCase
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurancea3virani
 
How to get connected to the N3 network
How to get connected to the N3 networkHow to get connected to the N3 network
How to get connected to the N3 networkRedcentric
 
Data Science & Analytics – New approaches and capabilities for driving busine...
Data Science & Analytics – New approaches and capabilities for driving busine...Data Science & Analytics – New approaches and capabilities for driving busine...
Data Science & Analytics – New approaches and capabilities for driving busine...Leigh Hill
 
EU Medical Device Clinical Research under the General Data Protection Regulation
EU Medical Device Clinical Research under the General Data Protection RegulationEU Medical Device Clinical Research under the General Data Protection Regulation
EU Medical Device Clinical Research under the General Data Protection RegulationErik Vollebregt
 
UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1Bryan Cline, Ph.D.
 
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...Health IT Conference – iHT2
 
EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...Erik Vollebregt
 
Accelerating the Path to GDPR Compliance
Accelerating the Path to GDPR ComplianceAccelerating the Path to GDPR Compliance
Accelerating the Path to GDPR ComplianceHernan Huwyler, MBA CPA
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get startedIT Governance Ltd
 
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBA
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBAMinimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBA
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBAHernan Huwyler, MBA CPA
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 

Was ist angesagt? (20)

Hitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-finalHitrust csf-assurance-program-requirements-v1 3-final
Hitrust csf-assurance-program-requirements-v1 3-final
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
 
HITRUST CSF Meaningful use risk assessment
HITRUST CSF Meaningful use risk assessmentHITRUST CSF Meaningful use risk assessment
HITRUST CSF Meaningful use risk assessment
 
CGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrainCGEIT Course Content InfosecTrain
CGEIT Course Content InfosecTrain
 
Common Security Framework Summary
Common Security Framework SummaryCommon Security Framework Summary
Common Security Framework Summary
 
PCI Compliance in the Cloud
PCI Compliance in the CloudPCI Compliance in the Cloud
PCI Compliance in the Cloud
 
ControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSSControlCase Data Discovery and PCI DSS
ControlCase Data Discovery and PCI DSS
 
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
Log Monitoring and File Integrity Monitoring for PCI DSS, EI3PA and ISO 27001
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
 
How to get connected to the N3 network
How to get connected to the N3 networkHow to get connected to the N3 network
How to get connected to the N3 network
 
Data Science & Analytics – New approaches and capabilities for driving busine...
Data Science & Analytics – New approaches and capabilities for driving busine...Data Science & Analytics – New approaches and capabilities for driving busine...
Data Science & Analytics – New approaches and capabilities for driving busine...
 
EU Medical Device Clinical Research under the General Data Protection Regulation
EU Medical Device Clinical Research under the General Data Protection RegulationEU Medical Device Clinical Research under the General Data Protection Regulation
EU Medical Device Clinical Research under the General Data Protection Regulation
 
UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1UoF - HITRUST & Risk Analysis v1
UoF - HITRUST & Risk Analysis v1
 
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Securi...
 
HM480 Ab103318 ch03
HM480 Ab103318 ch03HM480 Ab103318 ch03
HM480 Ab103318 ch03
 
EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...EU cybersecurity requirements under current and future medical devices regula...
EU cybersecurity requirements under current and future medical devices regula...
 
Accelerating the Path to GDPR Compliance
Accelerating the Path to GDPR ComplianceAccelerating the Path to GDPR Compliance
Accelerating the Path to GDPR Compliance
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
 
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBA
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBAMinimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBA
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBA
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 

Andere mochten auch

Top 5 cases of Data Breach caused by Human Error
Top 5 cases of Data Breach caused by Human ErrorTop 5 cases of Data Breach caused by Human Error
Top 5 cases of Data Breach caused by Human ErrorCyware
 
Breech presentation
Breech presentationBreech presentation
Breech presentationraj kumar
 
NHS-HE forum information governance working group
NHS-HE forum information governance working groupNHS-HE forum information governance working group
NHS-HE forum information governance working groupJisc
 
Mautic meetup brugge 02/12/2016
Mautic meetup brugge 02/12/2016Mautic meetup brugge 02/12/2016
Mautic meetup brugge 02/12/2016Frederik Vermeire
 

Andere mochten auch (6)

Top 5 cases of Data Breach caused by Human Error
Top 5 cases of Data Breach caused by Human ErrorTop 5 cases of Data Breach caused by Human Error
Top 5 cases of Data Breach caused by Human Error
 
Targeted attacks
Targeted attacksTargeted attacks
Targeted attacks
 
Health data - Is it safe?
Health data - Is it safe?Health data - Is it safe?
Health data - Is it safe?
 
Breech presentation
Breech presentationBreech presentation
Breech presentation
 
NHS-HE forum information governance working group
NHS-HE forum information governance working groupNHS-HE forum information governance working group
NHS-HE forum information governance working group
 
Mautic meetup brugge 02/12/2016
Mautic meetup brugge 02/12/2016Mautic meetup brugge 02/12/2016
Mautic meetup brugge 02/12/2016
 

Ähnlich wie Information Governance for Registration Authorities

FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 
Auditing information systems
Auditing information systemsAuditing information systems
Auditing information systemsKenya Allmond
 
Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001PECB
 
Digital Records Management & Preservation
Digital Records Management & PreservationDigital Records Management & Preservation
Digital Records Management & Preservationvictor Nduna
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsBharath Rao
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptxPrashant Singh
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.pptKhalilIdhman
 
Regulatory Intelligence
Regulatory IntelligenceRegulatory Intelligence
Regulatory IntelligenceArmin Torres
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
 
Cor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiCor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiRobust Marketing & Consulting (Pty) Ltd
 
2016-06-08 FDA Inspection Readiness - Mikael Yde
2016-06-08 FDA Inspection Readiness - Mikael Yde2016-06-08 FDA Inspection Readiness - Mikael Yde
2016-06-08 FDA Inspection Readiness - Mikael Ydemikaelyde
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsPrecisely
 
Data Quality Asia Pacific Award_v1.1_20100520
Data Quality Asia Pacific Award_v1.1_20100520Data Quality Asia Pacific Award_v1.1_20100520
Data Quality Asia Pacific Award_v1.1_20100520Tatiana Stebakova
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practiceZoneFox
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171Corserva
 
Curriculum Vitae -TAPIWA CHIRASASA
Curriculum Vitae -TAPIWA CHIRASASACurriculum Vitae -TAPIWA CHIRASASA
Curriculum Vitae -TAPIWA CHIRASASATapiwa Chirasasa
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
1.1 HR and Payroll Audit
1.1 HR and Payroll Audit1.1 HR and Payroll Audit
1.1 HR and Payroll AuditOmer Qalonbi
 

Ähnlich wie Information Governance for Registration Authorities (20)

FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 
Auditing information systems
Auditing information systemsAuditing information systems
Auditing information systems
 
Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001
 
Digital Records Management & Preservation
Digital Records Management & PreservationDigital Records Management & Preservation
Digital Records Management & Preservation
 
The Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptionsThe Next Gen Auditor - Auditing through technological disruptions
The Next Gen Auditor - Auditing through technological disruptions
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 
Regulatory Intelligence
Regulatory IntelligenceRegulatory Intelligence
Regulatory Intelligence
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
Cor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiCor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popi
 
2016-06-08 FDA Inspection Readiness - Mikael Yde
2016-06-08 FDA Inspection Readiness - Mikael Yde2016-06-08 FDA Inspection Readiness - Mikael Yde
2016-06-08 FDA Inspection Readiness - Mikael Yde
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
 
Data Quality Asia Pacific Award_v1.1_20100520
Data Quality Asia Pacific Award_v1.1_20100520Data Quality Asia Pacific Award_v1.1_20100520
Data Quality Asia Pacific Award_v1.1_20100520
 
File000169
File000169File000169
File000169
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practice
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171
 
Curriculum Vitae -TAPIWA CHIRASASA
Curriculum Vitae -TAPIWA CHIRASASACurriculum Vitae -TAPIWA CHIRASASA
Curriculum Vitae -TAPIWA CHIRASASA
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
1.1 HR and Payroll Audit
1.1 HR and Payroll Audit1.1 HR and Payroll Audit
1.1 HR and Payroll Audit
 

Kürzlich hochgeladen

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Information Governance for Registration Authorities

  • 1. Registration Authority and the IG Toolkit More than just 303 and 304 Alex Beisser IG and RA Manager 1
  • 2. Some questions • How many of you have heard about the IG Toolkit (IGT)? • Have you been asked to provide evidence for the IGT? • Were questioned about the evidence that you provided? • What level of compliance have you achieved in the RA Standards? 2
  • 3. Introduction to IGT • A best practice framework around confidentiality and data protection based on ISO 27001/2 model for the NHS and its partners • Now in its 10th version • 24 different set of standards for organisations • 45 standards for an acute organisation split into  Information Governance Management – 5 Standards  Confidentiality and Data Protection Assurance - 9 Standards  Information Security Assurance – 15 Standards  Clinical Information Assurance – 5 Standards  Secondary Use Assurance – 8 Standards  Corporate Information Assurance – 3 Standards 3
  • 4. Not all the same • Pharmacies – IGT 10-304 • General Practice – IGT 10-304 • Prison Health – IGT 10-304 and 10-305 • Lucky you... 4
  • 5. Other providers • What standards are affected for:  Acute Trusts  Mental Health Trusts  Community Health Trusts  Any Qualified Provider – Clinical Services  Commissioning Organisations  Ambulance Service 5
  • 6. Have a look • IGT 10-101 • IGT 10-105 • IGT 10-110 • IGT 10-111 • IGT 10-112 • IGT 10-200 • IGT 10-206 • IGT 10-300 • IGT 10-301 • IGT 10-302 • IGT 10-303 • IGT 10-304 • IGT 10-305 • IGT 10-308 • IGT 10-309 • IGT 10-400 • IGT 10-601 17 Standards affected 6
  • 7. The details 101: There is an adequate Information Governance Management Framework to support the current and evolving Information Governance agenda. Required evidence: • RA Manager or representative should sit in IG Steering Committee or Group (ToR) 7
  • 8. The details 105: There are approved and comprehensive Information Governance Policies with associated strategies and/or improvement plans. Required evidence: • Up-to-date and reviewed RA policy and accompanying procedures (i.e. UIM, ESR, IIM) 8
  • 9. The details 110: Formal contractual arrangements that include compliance with information governance requirements, are in place with all contractors and support organisations Required evidence: • Service Level Agreements if you provide RA services to other organisations 9
  • 10. The details 111: Employment contracts which include compliance with information governance standards are in place for all individuals carrying out work on behalf of the organisation Required evidence: • Employment contracts and Job Descriptions for RA Staff • CRB and staff vetting procedures (recent changes) and recording of them in ESR (eGIF flag) • Identifying smartcard use within Job Descriptions 10
  • 11. The details 112: Information Governance awareness and mandatory training procedures are in place and all staff are appropriately trained. Required evidence: • Is RA mentioned in your IG Training? • End user smartcard usage training 11
  • 12. The details 200: The Information Governance agenda is supported by adequate confidentiality and data protection skills, knowledge and experience which meet the organisation’s assessed needs Required evidence: • Have your RA staff been trained appropriately • RA Staff’s Job Description • RA procedures and guidance material 12
  • 13. The details 206: There are appropriate confidentiality audit procedures to monitor access to confidential personal information. Required evidence: • RA access control audits 13
  • 14. The details 300: The Information Governance agenda is supported by adequate information security skills, knowledge and experience which meet the organisation’s assessed needs Required evidence: • Does the RA Manager has the required knowledge and expertise to run and manage RA? • RA Manager’s Job Description • RA staff are key to organisation’s IG agenda • Is the RA function represented in IG Steering Group? 14
  • 15. The details 301: A formal information security risk assessment and management programme for key Information Assets has been documented, implemented and reviewed Required evidence: • Risk Assessment of RA function (including software, hardware and staff) 15
  • 16. The details 302: There are documented information security incident / event reporting and management procedures that are accessible to all staff Required evidence: • Reported smartcard incidents (sharing cards, loss, theft, miss-use etc.) • Procedure for detailing with RA breaches • Incident Policy should refer to RA function • RA audit logs 16
  • 17. The details 303: There are established business processes and procedures that satisfy the organisation’s obligations as a Registration Authority. Required evidence: • Your RA framework 17
  • 18. The details 304: Monitoring and enforcement processes are in place to ensure NHS national application Smartcard users comply with the terms and conditions of use Required evidence: • RA Monitoring plan (how will you do it?) • Responsible officer (who will do it?) • Procedure for dealing with smartcard breaches (links to 302) • Improvement and action plan • Improvement and action plan has been audited (spot checks) 18
  • 19. The details 305: Operating and application information systems (under the organisation’s control) support appropriate access control functionality and documented and managed access rights are in place for all users of these systems Required evidence: • PBAC access control documentation (incl. reviews undertaken in 2012/13) • UIM / IIM Procedures • Smartcard request procedures • RA Structure (Sponsors): “... ensured that there are approved access controls in place for each key information asset under their control” • Samples of access requests 19
  • 20. The details 308: All transfers of hardcopy and digital person identifiable and sensitive information have been identified, mapped and risk assessed; technical and organisational measures adequately secure these transfers Required evidence: • Service Level Agreements if you provide RA services to other organisations (links to 110) 20
  • 21. The details 309: Business Continuity Plans are up to date and tested for all critical information assets (data processing facilities, communications services and data) and service - specific measures are in place Required evidence: • RA Business Continuity Plan 21
  • 22. The details 400: The Information Governance agenda is supported by adequate information quality and records management skills, knowledge and experience Required evidence: • Are your access levels appropriate for staff accessing clinical systems (RiO, EMIS web, Cerner, SCR, etc.)? • Can the staff do their day job without a smartcard? • Gateway documents for RiO R1.1 22
  • 23. The last one 601: Documented and implemented procedures are in place for the effective management of corporate records Required evidence: • Old RA forms (including from predecessor organisations) • RA request forms, emails, notes etc. 23
  • 24. If you don’t have enough... 604: As part of the information lifecycle management strategy, an audit of corporate records has been undertaken Required evidence: • Audit of RA forms and requests 24
  • 25. Are happy, worried or confused? • Organisational structures change all the time • I have been through it all this twice and will soon go through it for a third time • https://nww.igt.connectingforhealth.nhs.uk/ 25