LONDON’S GLOBAL UNIVERSITY
SLMS HR Contracts Audit and Plan
1. Document Information
Document Name
Author
Issue Date
Approved By
Next review
SLMS-IG08 SLMS HR Contract Audit and Plan
Shane Murphy
18/03/2013
Chair of SLMS Information Governance Steering Group (IGSG)
Three years
2. Document History
Version
0.1
0.2
1.0
Date
18/03/2013
10/06/2013
02/08/2013
Summary of change
First draft for discussion
Second draft incorporating Trevor Peacock’s comments
Approved by Chair of SLMS IGSG
SLMS HR Contracts Audit and Plan v1.0
Page 1 of 4
Subject: UCL SLMS personnel records audit
Objective: to ascertain that contractor and other third party contracts contain clauses that clearly
identify information governance responsibilities (Requirement IG122).
1.0 Working Group
The Working Group was established under the direction of Anthony Peacock, to address the above
objective. The Working Group included the following personnel:
Anthony Peacock - Head of Research, Teaching & Learning and Developments, AISC
Taresh Dyal – HR Consultant
Alice Garrett – IDHS Project Manager
Shane Murphy – Information Governance Coordinator, IDHS Project
2.0 Background
It was necessary for the Working Group to understand the various types of contract in use within UCL
SLMS. Taresh Dyal, confirmed to the Working Group ascertained that UCL SLMS had employment
contracts in place for the following categories of staff:
- academic staff
- clinical consultant academics
- support staff (grade 7 and above)
- clinical academic staff
- research staff
A copy of the UCLH Honorary contract was also provided for assessment purposes. It was considered
efficient and good utilisation of resources to concentrate the audit upon these various types of contract
rather than undertake a very onerous exercise of examining individual contracts for relevant clauses.
3.0 Approach
The Working Group believed there were two potential ways forward. Firstly, all contracts could be
amended with a model contractual clause. Secondly, that existing contractual terms should be examined
and that reference to appropriate policies with similar wording would satisfy the IG Toolkit requirements.
The Working Group agreed an approach should be explored whereby UCL SLMS could rely upon
contractual terms and reference to UCL policies and procedures or other relevant guidance material.
There were three distinct confidentiality objectives, within the IG Toolkit, that needed to be satisfied:
1) Confidentiality in perpetuity
2) Linked to best practice (NHS CoP on Confidentiality)
3) Breach is subject to disciplinary action
SLMS HR Contracts Audit and Plan v1.0
Page 2 of 4
4.0 Evidence of Audit
This is summarised within the excel spread sheet and other documentation located at:
S:\_SLMS\AISC\ProgTeam\AISC_Other_Projects_2011_12\SLMS_UCLP_Identifiable_Data_Project_P1
10103-00\09. Workstreams\01. Policy and Process\IG Toolkit\IG122
5.0 Findings
A summary of the two major findings presented to the Working Group are below:
Finding No. 1 - Detailed below is the standard template reference to the Research Governance
Framework in the various UCL contracts.
ACA_LECT 001.DOC; RES_AS001.DOC; CLIACNCO001.DOC and Offer of Consultant Clinical Contract
(previously transferred) – Academic CONSACAP001.DOC
“All UCL staff undertaking research must comply with UCL’s research governance framework
where it is applicable. Information can currently be found at http://www.ucl.ac.uk/academicservices/resgov and it will be updated from time to time.”
Given this consistent approach it is appropriate to have reference to Information governance compliance
requirements within the Research Governance Framework.
Finding No. 2 - For research staff and academic staff see Clause 1 of UCL Terms and Conditions of
Service, this states:
“Members of staff are also expected to observe UCL policies and procedures in the course of their
appointment. “
6.0 Recommendations for the way forward
Objective 1 not satisfied: The Information Security Policy states at 1.3 and the 6th bullet point: “ensure
that all users understand their own responsibilities for protecting the confidentiality and integrity of the
data they handle; “ It should be extended to include the words, ”and in particular that the obligation for
confidentiality is in perpetuity”
Objective 2 satisfied: There are clearly within the UCL Research Governance Framework elements of
best practice. However, the framework should be bolstered with reference to Confidentiality and perhaps
the DoH Code of Practice on Confidentiality.
Objective 3 satisfied: Clause 6 of the Data Protection Policy conveys disciplinary action will be taken.
7.0 Action plan
Objective to update the existing UCL Research Governance Framework and UCL Information Security
Policy documents, to ensure that all staff are obligated to comply with IG requirements as part of
employment/service engagement processes.
SLMS HR Contracts Audit and Plan v1.0
Page 3 of 4
Action
Responsibility
Required Date
Outcome
Work with the Research
Governance Framework
stakeholder to introduce
suitable IG related
statements and
requirements.
Shane Murphy
and Rachel Port
30/04/2013
Amendments
scheduled for
Research
Governance
Committee June
2013
Work with the UCL
Information Security Policy
Stakeholder to introduce
suitable IG related
statements and
requirements.
Shane Murphy
and Bridget
Kenyon
30/04/2013
Amendments
passed by SWG
and confirmed in
email by Head
of Information
Security
28/05/2013
Obtain agreement and
approval from the
stakeholders and approval
from their respective
committees for the required
amendments.
Rachel Port and
Nick McNally for
the Research
Governance
Framework
19/07/2013
Bridget Kenyon
and SWG
SWG approval
confirmed by
Head of
Information
Security, Bridget
Kenyon
28/05/2013.
8.0 Proposed outcome
As a consequence of the above actions being completed UCL SLMS will be compliant with the
requirements of Version 10 of IG122 1a and 1c.
SLMS HR Contracts Audit and Plan v1.0
Page 4 of 4