Date last updated – 20th June 2019

This post provides a summary of TeamKinetic’s information governance policy. Full copies of all documents that make up our security policy are available on request. We utilise the Information Governance Toolkit to continually assess our adherence to governance standards and requirements.

Scope

The Information Governance framework covers all staff that create, store, share and dispose of information. It sets out the procedures for sharing information with stakeholders, partners and suppliers. It concerns the management of all paper and electronic information and its associated systems within the organisation, as well as information held outside the organisation that affects its regulatory and legal obligations.

Steven Hall – Information Governance Manager

Rolf Herbert – Information Asset Manager

Roles and Responsibilities

Directors

  • Coordination and operational management of Information Governance projects
  • Review of Information Governance compliance and ensure alignment with related policies and procedures
  • The monitoring and enforcement of records management, retention and disposal policies
  • Enforcement of information security policies and management of security breach incidents
  • Establishing and understanding of risk for each part of the business operations

Chief Technical Officer

  • Define all information assets
  • Establish an information asset register
  • Define the executive information asset manager
  • Define information asset owners
  • Define policies and procedures for handling information assets
  • Define security strategy and policies for information assets

Managers

  • Implementing and enforcing Information Governance practices and policies
  • Mitigating information risk
  • Implementing the security and authorisation of information
  • Ensuring that all employees understand and are equipped to comply with Information Governance processes and procedures

Employees

  • Implementing Information Governance practices and policies
  • Implementing the security and authorisation of information
  • Determining the Employee’s training requirement

All members of staff must understand the need to properly manage the information they create and access.

All members of staff must be made aware of the information governance framework and must ensure they are familiar with its contents.

Training and information will be provided to all new staff members and all staff during regular re-training.

Information Policies

  • Information security policy
  • Records management policy
  • Retention and disposal schedules
  • Archiving policy
  • Data privacy policy
  • Information and communication technology (ICT) policy
  • Information sharing policy
  • Remote working policy

Information Procedures

  • Legal and regulatory compliance
  • Creating and receiving information
  • Acceptable content types
  • Managing the volume of information
  • Managing personal information
  • Storing and archiving information
  • Collaboration and sharing information
  • Disposing of information

Working with Third Parties

  • Policies for sharing information information with third parties
  • Managing how third parties handle personal and confidential information
  • How Information Governance fits within supplier relationships and contractual obligations
  • Measurement and metrics for third parties meeting the organisation’s Information Governance goals

Disaster Recovery, Contingency and Business Continuity

  • Reporting information losses
  • Reporting information security breaches
  • Incident management and escalation
  • Back up and disaster recovery
  • Business continuity management

Auditing, Measurement and Review

  • Monitoring information access and use
  • Monitoring effectiveness of regulatory compliance
  • Monitoring the effectiveness of information security policy and procedure
  • Monitoring of ICT and storage infrastructure performance
  • Risk assessment and auditing
  • Information Governance review