NHS Information Risk Management guidelines

NHS Information Risk Management guidelines

This guidance is aimed at those responsible for managing information risk within NHS organisations. It reflects Government guidelines and is consistent with the Cabinet Office report on ‘Data Handling Procedures within Government’. The key requirement is for information risk to be managed in a robust way within work areas and not be seen as something that is the sole responsibility of IT or IG staff. Assurances need to be provided in a consistent manner. To achieve this, a structured approach is needed, building upon the existing information governance framework within which many parts of the NHS are already working. This structured approach relies upon the identification of information assets and assigning ‘ownership’ of assets to senior accountable staff. These Information Asset Owners (IAOs) are likely to be supported within larger organisations by Information Asset Administrators (IAAs), or equivalents, who are operational staff with day to day responsibility for managing risks to their information assets. The IAOs are responsible for ensuring that information risk is managed appropriately and for providing assurances to a Board level lead termed a Senior Information Risk Owner (SIRO). The SIRO in turn provides assurances to an organisation’s Accounting Officer, normally the Chief Executive. The following diagram illustrates this information risk management structure.

About The Author

Emergency Live

Emergency Live is the only multilingual magazine dedicated to people involved in rescue and emergency. As such, it is the ideal medium in terms of speed and cost for trading companies to reach large numbers of target users; for example, all companies involved in some way in the equipping of specialised means of transport. From vehicle manufacturers to companies involved in equipping those vehicles, to any supplier of life- saving and rescue equipment and aids.

Related posts