| Req No |
Description
|
|
Information Governance Management
|
| 14.1-144 |
There is an adequate Information Governance Management Framework to support the current and evolving Information Governance agenda
|
| 14.1-145 |
There are approved and comprehensive Information Governance Policies with associated strategies and/or improvement plans
|
| 14.1-146 |
Formal contractual arrangements that include compliance with information governance requirements, are in place with all contractors and support organisations
|
| 14.1-147 |
Employment contracts which include compliance with information governance standards are in place for all individuals carrying out work on behalf of the organisation
|
| 14.1-148 |
The training needs of all staff are assessed in relation to Information Governance requirements and they are all appropriately trained
|
|
Confidentiality and Data Protection Assurance
|
| 14.1-251 |
The Information Governance agenda is supported by adequate confidentiality and data protection skills, knowledge and experience which meet the organisation’s assessed needs
|
| 14.1-252 |
Staff are provided with clear guidance on keeping personal information secure and on respecting the confidentiality of service users
|
| 14.1-253 |
Personal information is shared for care but is only used in ways that do not directly contribute to the delivery of care services where there is a lawful basis to do so and objections to the disclosure of confidential personal information are appropriately respected
|
| 14.1-254 |
Individuals are informed about the proposed uses of their personal information
|
| 14.1-255 |
Where required, protocols governing the routine sharing of personal information have been agreed with other organisations
|
| 14.1-256 |
All new processes, services, information systems, and other relevant information assets are developed and implemented in a secure and structured manner, and comply with IG security accreditation, information quality and confidentiality and data protection requirements
|
|
Information Security Assurance
|
| 14.1-371 |
The Information Governance agenda is supported by adequate information security skills, knowledge and experience which meet the organisation’s assessed needs
|
| 14.1-372 |
A formal information security risk assessment and management programme for key Information Assets has been documented, implemented and reviewed
|
| 14.1-373 |
There are documented information security incident / event reporting and management procedures that are accessible to all staff
|
| 14.1-374 |
Operating and application information systems (under the organisation’s control) support appropriate access control functionality and documented and managed access rights are in place for all users of these systems
|
| 14.1-375 |
All transfers of hardcopy and digital person identifiable and sensitive information have been identified, mapped and risk assessed; technical and organisational measures adequately secure these transfers
|
| 14.1-376 |
Business continuity plans are up to date and tested for all critical information assets (e.g. data processing facilities, communications services and data) and service - specific measures are in place
|
| 14.1-377 |
Procedures are in place to prevent information processing being interrupted or disrupted through equipment failure, environmental hazard or human error.
|
| 14.1-378 |
Information Assets with computer components are capable of the rapid detection, isolation and removal of malicious code and unauthorised mobile code
|
| 14.1-379 |
Policy and procedures are in place to ensure that Information Communication Technology (ICT) networks operate securely
|
| 14.1-380 |
Policy and procedures ensure that mobile computing and teleworking are secure
|
| 14.1-381 |
There is an information asset register that includes all key information, software, hardware and services
|
| 14.1-382 |
All information assets that hold, or are, personal data are protected by appropriate organisational and technical measures
|
| 14.1-383 |
The confidentiality of service user information that is not involved in the process of providing direct care is protected through use of pseudonymisation and anonymisation techniques where appropriate
|
|
Care Records Assurance
|
| 14.1-441 |
The Information Governance agenda is supported by adequate information quality and records management skills, knowledge and experience
|
| 14.1-442 |
There is consistent and comprehensive use of the NHS Number in line with National Policy requirements
|
| 14.1-443 |
Procedures are in place to ensure the accuracy of service user information on all systems and /or records that support the provision of care
|
| 14.1-444 |
Procedures are in place for monitoring the availability of paper service user records and tracing missing records
|