ScHARR Information Governance


Policy Section 2: Information assets management

Version 17/03/31

Background

It is the duty of the School, through its IG management processes and structure, to be aware of and safeguard the information assets it possesses. The primary objective is to ensure that, in the event of damage, destruction, loss or theft, there is awareness of what information is affected and, in the case of loss or theft, whether the information held on the asset is protected from unauthorised access.

Policy

Each member of ScHARR must manage all of their data in a way which satisfies legal and ethical obligations regarding patient confidentiality.

ScHARR must maintain a register of information assets. In practice there are three registers:

  • a hardware inventory register, maintained by ScHARR IT, detailing all hardware used to record or store data (including audio/visual equipment), who it is assigned to and details of its destruction if applicable. To enable the hardware inventory register to be kept up-to-date, hardware must be purchased through ScHARR IT, and line managers must complete a leaver’s checklist with any staff leaving ScHARR
  • a register of all projects maintained on the University’s Shared Networked Filestore, also maintained by ScHARR IT, detailing the project name, folder location, folder administrators, which users have access, and, if applicable, the expected archival/deletion date. Folder administrators are responsible for approving access. The leaver’s checklist is used to ensure access is removed when staff leave ScHARR
  • an NHS Digital information register containing details of the project title, the project lead, dates that the data sharing agreement is applicable between, details of data location and medium, and data destruction details. The IG Committee will keep the NHS Digital register up to date.

Section 3: Data storage and storage devices