UCL INFORMATION SERVICES DIVISION
IT for SLMS
IT for SLMS Service Definition
Information Governance Advisory
1. Document Information
Document Name
IT for SLMS Information Governance Advisory Service
Definition
Service
Information Governance Advisory
Author
Anthony Peacock
Contributors
Trevor Peacock
Issue Date
02/09/2013
2. Document History
Version
Date
Summary of change
1.0
17/05/2013 Draft
1.1
13/08/2013 Additional material: Trevor Peacock
1.2
02/09/2013
Incorporating comments from Alice Garrett, Shane Murphy
and Anthony Peacock
This document includes data that is CONFIDENTIAL and shall not be disclosed outside UCL
and shall not be duplicated, used, or disclosed in whole or in part for any purpose other than
to evaluate and implement procedures defined within this document.
IG Advisory Service Definition.docx
Confidential
Page 1 of 7
UCL INFORMATION SERVICES DIVISION
IT FOR SLMS
Contents
1. Document Information........................................................................................... 1
2. Document History ................................................................................................. 1
3 Introduction ............................................................................................................ 3
4 Service Description ................................................................................................ 3
5 Service components .............................................................................................. 4
6 General Policy ....................................................................................................... 5
6.1
General policy ................................................................................................. 5
7 Users ..................................................................................................................... 5
8 Service Hours ........................................................................................................ 5
8.1 Service availability ........................................................................................... 6
9 Support and Documentation .................................................................................. 6
9.1 Support ............................................................................................................ 6
9.2 Support information ......................................................................................... 6
9.3 Service Request Processes ............................................................................ 6
9.4 General related documentation ....................................................................... 6
10 Supporting Services (for support see section 10.1) .............................................. 6
11 Costs..................................................................................................................... 6
12 Service agreement ............................................................................................... 7
12.1 Standard Service Requests and timescales:................................................. 7
IG Advisory Service Definition.docx
Confidential
Page 2 of 7
UCL INFORMATION SERVICES DIVISION
IT FOR SLMS
3 Introduction
To remain competitive, UCL researchers who handle clinical or other data of a
sensitive nature need to be clearly informed of the requirements for compliance and
the need to maintain a working environment that formally meets recognised
information security standards, including the requirements of the IG Toolkit.
4 Service Description
Service Item
Details
Service Name
SLMS Information Governance Advisory
Business Service
Owner
Senior Information Risk Owner (SIRO)
Graham Hart
Service Owner
IT FOR SLMS Head of Research Learning & Teaching
Anthony Peacock
Service Operation
Manager
Information Governance Lead (SLMS)
Trevor Peacock
Service Description
This service provides advice and support to researchers
handling or applying to handle sensitive data and in
particular, completing the Information Governance Toolkit
and other assessment tools.
This service comprises:
- Outreach, ensuring researcher awareness of the service
- Advice on IG elements of grant application
- Guidance through IG Toolkit registration and submission
- Individually tailored per-project advice on IG Toolkit
submission:
Roles and responsibilities
Training (see IG Training Service Definition)
Improvement plan
Contracts for personnel and services
Asset management
Data Sharing Agreements
Risk assessment of data transfers
Pseudonymisation
Remote working
IG Advisory Service Definition.docx
Confidential
Page 3 of 7
UCL INFORMATION SERVICES DIVISION
Customers
IT FOR SLMS
Physical security risk assessment
- Additional advice on tailoring SOPs where the researcher
is unable to use the IDHS (see IDHS Service Definition)
- Management of internal and external audit of IG for
studies
- Coordination of annual IG Toolkit submission for studies
UCL staff who:
- Work with clinical or other data of a sensitive nature
- Need to complete the IG Toolkit
- Need to provide IG assurance to funding bodies
- Are applying for Section 251 exemption
- Generate sensitive data directly
- Are already working with sensitive data
5 Service components
Service Components
Outreach
Consultancy
Maintenance of an IG
Framework
IG Toolkit registration
Service description
Publicity for the IG Advisory Service, via:
- Road-shows
- Departmental meetings
- Newsletters
- Posters and leaflets
- IT for SLMS website
These activities presented alongside the training and
awareness service
Advice on options for researchers planning to or already
holding sensitive data
Advice for researchers applying to handle sensitive data
that requires assurance other than via the IG Toolkit (eg.
non-NHS)
The SLMS IG Framework defines: roles; policies; key
governance bodies; resources; how responsibility and
accountability is cascaded through SLMS; training and
guidance; incident management.
The service provides: development, maintenance, record
keeping and reporting and improvement of the above
elements.
Coordination of IG Toolkit registrations within SLMS and
advice to researchers on the registration process
Assessment of evidence to ensure that it is sufficient for
IG Toolkit requirements
IG Advisory Service Definition.docx
Confidential
Page 4 of 7
UCL INFORMATION SERVICES DIVISION
Service Components
Tailored per-project
advice on IG Toolkit
submission
Additional advice
where the IDHS is not
used
Audit
Coordination of
annual IG Toolkit
submissions
IT FOR SLMS
Service description
Guidance on completion of an IG Toolkit Improvement
Plan. This includes support in completing the Information
Risk Assessment Tool and the Physical Risk Assessment
Tool, leading to advice on changes to planned or existing
processes that improve the risk profile. Advice includes
use of pseudonymisation, 3rd party contracts, ensuring
that roles and responsibilities are assigned.
Provision of standard entries for elements that are
common to all IG Toolkit submissions. These include
governance structures and reporting processes that
account for a large proportion of the IG Toolkit controls
Additional advice on tailoring SOPs where the researcher
is unable to use the IDHS (see IDHS Service Definition).
This will include tailoring SOPs for use within the
researcher’s technical environment
Management of internal and external audit of IG Toolkit
submissions for studies
Coordination of improvement plan reviews with IAOs to
ensure actions are identified in good time for submission.
Reporting to the IGSG on success of improvement plans
6 General Policy
6.1 General policy
All IG Toolkit submissions are subject to agreement to the SLMS Research
Information Governance Policy: SLMS-IG03
7 Users
The service is available to all SLMS researchers processing or planning to process
data of a sensitive nature
Service Hours
8
Support, consultation, advice and guidance:
•
09:00-17:00, Monday to Friday, excluding UCL closure periods.
IG Advisory Service Definition.docx
Confidential
Page 5 of 7
UCL INFORMATION SERVICES DIVISION
IT FOR SLMS
8.1 Service availability
Target for service availability is approximately 240 days/year
This service is staffed by 1.0FTE with no cover for annual leave or sickness
absence.
All requests relating to this service will be handled according to the IT for SLMS
Service Request process and related Service Level Agreements.
9 Support and Documentation
9.1 Support
To discuss requirements or make initial enquiries contact your local IT for SLMS
team or email slms.pid@ucl.ac.uk
9.2 Support information
All support documentation along with FAQs, contact details and information on
related services is held in the Sensitive Data portal at:
http://www.ucl.ac.uk/slms/ident-data/
9.3 Service Request Processes
Initial approach should be through local IT for SLMS team, who will complete a
checklist to capture key information about the study. This will be followed-up by the
IG Advisory Team, usually through an initial meeting with the researcher(s)
9.4 General related documentation
Information Governance Toolkit
SLMS IG Policy
UCL Information Security Policy
UCL Data Protection Policy
UCL Records Management Policy
10 Supporting Services (for support see section 10.1)
IT for SLMS Service Desk
11 Costs
The service is free at the point of delivery
IG Advisory Service Definition.docx
Confidential
Page 6 of 7
UCL INFORMATION SERVICES DIVISION
IT FOR SLMS
12 Service agreement
12.1 Standard Service Requests and timescales:
Request
Agreed Response maximum
Owner
Arrange initial meeting to
One working day from receipt of initial
IT FOR
discuss requirements
request
SLMS RL&T
Arrange follow-up meeting Five working days, though may be
IT FOR
to complete IG Toolkit
dependent on external factors
SLMS RL&T
elements
Service request metrics will be monitored via interaction on OTRS (IT FOR SLMS
helpdesk tool which records emails to slms.pid@ucl.ac.uk). Breaches will be
reported to the IG Advisory Service Owner for review. Any requests made outside
these systems will not be monitored against the service targets.
End of Document
IG Advisory Service Definition.docx
Confidential
Page 7 of 7