Trust Headquarters Russells Hall Hospital Dudley West Midlands DY1 2HQ

Similar documents
22 March Tel: +44 (0) Fax: +44 (0)

Request under the Freedom of Information Act 2000 (FOIA)

You requested information regarding telephone and networks service. Specifically you asked for:

Thank you for your request for information about Iran International, Volant Media and Global Media Circulating Limited.

1. Please disclose the number of successful claims relating to Jimmy Savile made in the last 10 years.

Freedom of Information Act 2000 (FOIA) Decision notice

The Place Directorate

James McLaughlin 4 March 2011

Request under the Freedom of Information Act 2000 (FOIA)

ITCHENOR SAILING CLUB DATA PROTECTION POLICY

Thank you for your request under the Freedom of Information Act 2000 (the Act) dated 20 th July 2011 requesting the following information:-

GUILDFORD DIRECT LIMITED PUBLICATION SCHEME PART ONE

Address. I would appreciate clarification of the following points.

How we deal with complaints

I am writing to confirm that Ofcom has now completed its search of relevant documents falling within your request.

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Sun Life Assurance Company of Canada (U.K.) Limited. Customer Data Protection Notice

LAMP Services Limited Privacy Notice v1.2 4 th March Controller

Re: (b) The amounts given to each partner, as well as a description of the activities undertaken with the funding.

Thank you for your Freedom of Information (FoI) request received on 15/11/14, my apologies for the delay in replying. You asked:

CDC Group 26 May 2011 CDC POLICY IN RELATION TO FREEDOM OF INFORMATION ACT 2000

3. Any correspondence between Ofcom and Al Jazeera or any of its channels (including Al Jazeera Arabic) since 5th June 2017; and

Freedom of Information Act 2000 (FOIA) Decision notice

Policy on Freedom of Information

Aldridge Education. Freedom of Information Policy and Procedure

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information: internal review

Woodfield School Freedom of Information Policy

Mobius Life Limited Data Privacy Notice

GOVERNING BODY REPORT

FREEDOM OF INFORMATION POLICY. Date Agreed Body Review Date

Freedom of Information Act Policy

Environmental Information Regulations 2004 (EIR) Decision notice

BUPA GLOBAL CLAIM FORM

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Thank you for your Freedom of Information (FoI) internal review request received on 19/3/15. Your main concerns were:

Data held by BASC clubs and syndicates - a brief guide

Freedom of Information Act 2000 (FOIA) Decision notice

ERGO Versicherung AG UK Branch Data Privacy Notice

1. How many claims have been brought against the BBC for unfair dismissal since 2004?

Freedom of Information Act 2000 (FOIA) Decision notice

Data Protection: Fair processing of student personal information Contents

Thank you for your Freedom of Information request received on 20 th October You asked: 1) The function(s) of the Customer Compliance Department

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act Decision notice

Who are we? Why do we collect and use your personal information?

Freedom of Information Act Policy

Archwilydd Cyffredinol Cymru Auditor General for Wales. Councils Accounts: Your Rights

Ark Syndicate Management Limited. Privacy and Transparency Notice. Version 1

1. All details Ofcom have of complaints reported through the BBC, linked with PLT interference.

Privacy Statement for Intermediaries

henriksen limited This document sets out how Henriksen processes data and your rights as the data subject.

Delay, missed departure and catastrophe claim form

Freedom of Information Act 2000 (FOIA) Environmental Information Regulations 2004 (EIR) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice

Annuity Death Benefit Payment Authority

Freedom of Information Act 2000 (FOIA) Decision notice

DATA PROTECTION AND PERSONAL INFORMATION FAIR PROCESSING POLICY

Privacy Statement. Key Definitions. Data Controller. Processing

Freedom of Information Act 2000 (FOIA) Decision notice

NHS Finance. Denise Lewis Deputy Director of Finance

Trust Board Agenda & Minutes Guidance & Release

Freedom of Information Act 2000 (FOIA) Decision notice

Deferred Member s Transfer Request Form to a Scheme that was contracted in

Application form. Bupa By You. Thank you for choosing Bupa. Before you begin. For office use only. Ex Group Scheme Transfer D D M M Y Y Y Y

PRIVACY STATEMENT. There are terms in bold with specific meanings. Those meanings can be found in the attached Glossary.

Deferred Member s Transfer Request Form to a Personal Pension Scheme May 18

POLICY SUMMARY TYRE PROTECTION PROVIDED BY ABOUT YOUR TYRE PROTECTION ELIGIBILITY WHO PROVIDES THIS INSURANCE COVER PROVIDED

The Retirement Account

20 May, 2008 Reference: EPC 239. PUBLIC WRITTEN CONSULTATION UK-wide 'scores On The Doors' scheme on hygiene standards in food businesses

Memorandum of Understanding NHS North West London Integrated Care Pilot

JOSTENS EUROPEAN PRIVACY POLICY

Application/amendment form

Power of Attorney Application to Appoint an Attorney to Operate an Account(s)

Freedom of Information Act 2000 (FOIA) Decision notice

DATA PROTECTION INSURANCE MARKET CORE USES INFORMATION NOTICE

Privacy Notice A2 Solicitors LLP

Skydive. Have you got what it takes? Information Pack. Interested? Read on! In association with.

Personal effects, baggage, money and legal protection claim form

Trip cancellation or amendment claim form

Freedom of Information Act 2000 (FOIA) Decision notice

Hydro Building Systems UK Limited ( the Company )

Policy 0-25 SEND Personal Budgets (User Friendly)

LONG SERVICE AND RETIREMENT AWARDS

Freedom of Information Act 2000 (FOIA) Decision notice. East of England Ambulance Service NHS Trust

ERGO Versicherung AG UK Branch Data Privacy Notice

Change of Pastorate. Baptist Pension Scheme BBS Consultants & Actuaries Ltd Canard Court St George's Road Bristol BS1 5UU

Freedom of Information Act 2000 (FOIA) Decision notice

England Infected Blood Support Scheme (EIBSS) Discretionary (one-off) payments and/or income top-up amounts application form

Deed of addition to add beneficiaries

The Retirement Account

The Retirement Account

Munich Re UK General Branch Information Notice

Companies House Executive Agency

Charitable Funds. Target Audience. Who Should Read This Policy. All Clinical/Non Clinical Staff

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Transcription:

Trust Headquarters Russells Hall Hospital Dudley West Midlands DY1 2HQ FREEDOM OF INFORMATION ACT 2000 - Ref: FOI/010942 With reference to your FOI request that was received on 04/08/2011 in connection with 'Information Security'. Your request for information has now been considered and the information requested is attached. Further information about your rights is also available from the Information Commissioner at: Information Commissioner Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Tel: 0303 123 1113 Fax: 01625 524510 www.ico.gov.uk Yours sincerely Information Governance Manager Room 34a, First Floor, Esk House, Russells Hall Hospital, Dudley, DY1 2HQ Email: FOI@dgh.nhs.uk

Aug-11 Trust FoI Is your Trust ISO 27001 Compliant/Certified/Don't Know Kindly refer to the attached document for clarity on the requests being made Indicate Below Don't know If compliant or certified, how is this measured? IT services are outsourced to a private company via our PFI project agreement and local PCT for community. If complaint, was this declared by a third party or by the board? If by a third party, kindly send the report declaring the Trust as compliant. If the Board, the minutes of declaration. n/a if a self declaration, please provide the report and minutes of approval n/a The number of Commercial Third Parties (CTPs) and NHS Business partners that your Trust has signed contracts with. 2 The names of these companies and when the contract was signed that relate to business in 2011. Summit He NHS Dudley (Community staff IT requirements) List names of CTPs across each cell Which of these companies have access to personal/patient identifiable data? i.e under the Data Protection Act, NHS Number Both Of the companies above, indicate which does your trust feel are required to make an annual Information Governance declaration? NHS DudleySummit Healthcares repsosibilies are covered by our PFI PA. Also the Trust makes IG declarations. Of the companies above, which made their 2011 Information Governance Declaration NHS Dudley How many of these companies has your Trust audited against the Information Governance toolkit over the last 5 years? Please list the year Both (2010, 2011) Indicate which were regarded as compliant? Both

Who conducted the audit? i.e the trust or an external party. If external, the name of the company. RSM Tennon Please send the audit findings/reports? Which committee were these reports submitted to? Audit Committee Please provide the minutes of the committee meeting that the reports were submitted at. Where the reports approved? Please send your official policy/procedure for auditing CTPs Which companies were placed on the risk register and when? Yes. Mitigating actions have action plans and these are being monitored. Covered by main audit policy. Neither ISO 27001 For CTPs/NHS Business Partners that receive person identifable data from your trust:- Which have signed the "NHS supplementary conditions of contract relating to information security (July 2008)? PFI PA superseeds this requirement. Indicate which are certificed, compliant or don't know against the standard For those certified, has the scope of the certificate been checked for the data your trust suplies? With regards to section 5.2, how many of the CTPs/NHS Business Partners have notified you that they reasonably believe(s) that its certification to ISO 27001 would fail

For which CTPs/NHS Business Partners did the Trust waive the requirement for certification in respect of the relevant parts. Was this placed on the Trust risk register? If an alternative contract was signed, for companies that are supplied personal/patient data please send the details Are these companies required to be compliant or certified in ISO 27001? Please state List names of CTPs across each cell Which companies approached the trust for sponsorhip of their N3 connection? When did they make the request? If turned down, when and for what reason. Kindly supply the names of the companies that the trust sponsored for a N3 Connection Who conducted the audit to ensure their request was accurate? i.e the trust or an external party. If external, the name of the company. Please send the audit findings/reports? Which committee were these reports submitted to? Please provide the minutes of the committee meeting that the reports were submitted at.

Where the reports approved? if non-compliance was identified but approval given, on what grounds, and who was notified? Was this non-conformance placed on the risk register give date and indicate if still on register and the level? Please send your official policy/procedure for auditing CTPs on information governance, security and ISO 27001? Kinldy supply the correspondence with other Trusts/ SHA/ CfH/DH other parties that relate to this FoI request. If there is an forum that concerns this request, please supply the details and correspondence.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback