Information Governance Information Asset Management Information Governance Manager

  • Slides: 12
Download presentation
Information Governance Information Asset Management Information Governance Manager

Information Governance Information Asset Management Information Governance Manager

Aim and objectives q Identifying an information asset q The role and responsibilities of

Aim and objectives q Identifying an information asset q The role and responsibilities of stakeholders: - Senior Information Risk Owner (SIRO) - Information Asset Owners or Administrators - Information Governance Team q Documentation q Risk Assessments q Benefits q Practical action/next steps q Quiz

Information Asset Register – template Information Asset Register

Information Asset Register – template Information Asset Register

What is an Information Asset? q Patient, staff or other corporate information/data that is

What is an Information Asset? q Patient, staff or other corporate information/data that is processed by us and held in either an electronic or physical format. q All assets should be identified and categorised by ‘hardware’, ‘software’ or ‘physical’ q Examples of assets include: üComputers, servers, memory sticks ‘hardware’ üDatabases and files ‘software’ üPaper records and images ’physical’ üBack-up and archive data üApplications and system software üPolicies and procedures üAudit information

The Senior Information Risk Owner q Board level accountability and greater assurance of risk

The Senior Information Risk Owner q Board level accountability and greater assurance of risk management; q The organisation recognises the value of the information we use; q Owners are identified for all information assets; q Owns the organisations information risk and management framework q Ensures risks associated with assets are managed appropriately q Approves the Information Asset Register(s)

Information Asset Owners (IAOs) & IAAs q Member of staff nominated to support/own one

Information Asset Owners (IAOs) & IAAs q Member of staff nominated to support/own one or more identified assets within their service area; q Identify, document, review and keep up to date the information assets the services/team own; q Ensure access rights and controls are monitored and enforced; q Information incidents are reported on Safeguard and investigated; q Associated risks are recorded on local risk registers q Ensure staff are aware of and comply with expected information governance and data security working practices; q Ensure completion and review of data flow mapping in their area; q Attend training to ensure competence and awareness of new national or organiational requirements; q Support SIRO with their overall information risk management function

The Information Governance Team Information Governance Manager & Data Protection Officer Information Governance Administrator

The Information Governance Team Information Governance Manager & Data Protection Officer Information Governance Administrator

Documentation: q Excel spreadsheet (Information Asset Register) q 5 Tabs: - Instructions - IAO

Documentation: q Excel spreadsheet (Information Asset Register) q 5 Tabs: - Instructions - IAO – role - IAA – role - Asset Register tool/template - Risk Assessment guidance q Available via the Information Governance Team or our Intranet Page * Please note: the format will change to ensure compliance with the legislation*

Risk Assessments Scenario: Ward lists which contain personal identifiable data, filed into a ring

Risk Assessments Scenario: Ward lists which contain personal identifiable data, filed into a ring binder and stored on a shelf in a room. The room is unlocked when occupied and locked when not in use. Severity: you may consider this ‘high’ because of the nature of the data and rate it 8 Likelihood: you may consider this ‘mid-point’ due to the room being locked when not in use and rate it 5 Risk score: your risk score is 40 (8 x 5) and so this risk will need to be reassessed every 6 months

Benefits: The completion of your Information Asset Register is mandatory. It provides: - evidence

Benefits: The completion of your Information Asset Register is mandatory. It provides: - evidence of what information is held where; - support to business continuity in identifying what is needed in urgent or emergency situation; - details of who is responsible for the information assets; - details of who should have access to the information assets; - support to the Trust IT and IG teams in recognising where shared information is held and who is responsible for the access to this information; - a reduction in the risk of information being lost or forgotten about during moves or relocation.

Next Steps: Q. Q. Q. Do you know what information you have, use or

Next Steps: Q. Q. Q. Do you know what information you have, use or create? Do you know who should and does have access to this? Are you potentially breaching Information Governance? Do: Do: Engage your staff/colleagues and discuss the requirements. Meet regularly with someone from the IG team. Familiarise yourself with the tools and data capture methodology Include information asset management as part of your daily routine.

Quick Quiz

Quick Quiz