End user computing policy
Issue sheet
Document reference
NHSBSA EUC Policy v2.0
Document location
Author
S:\BSA\IGM\Mng IG\Developing Policy and
Strategy\Develop or Review of IS
Policy\Current and Final
NHS Business Services Authority – End user
computing policy
Richard Livingstone
Issued to
All NHSBSA staff
Reason issued
For information / action
Last reviewed
20 March 2014
Title
Revision details
Version
Date
Amended by
Approved by
Details of amendments
V1
V2
15.03.11
20.03.14
IGSG
ISF
Insertion to 7. Security to reflect
PCI DSS compliance
V3
17.04.15
C Dunn & C
Gooday
C Gooday
ISF
Need to notify IG of use of
Personal Data and register
Access Databases
S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current and Final\NHSBSA EUC Policy V2.0.doc
Contents
1.
Definition
2.
Policy
3.
Scope
4.
Responsibilities
5.
Publication
6.
Guidance
7.
Security
8.
Validity
1.
Definition
End user computing (EUC) within the NHS Business Services Authority (NHSBSA)
is defined as:
Any NHSBSA document, spreadsheet or database that is used and maintained by
an individual on the computing device (normally a PC) that has been allocated to
their role. These business solutions may be used in conjunction with, or completely
separately from established IT systems developed within the NHSBSA or those
from third party service providers.
2.
Policy
The development of any business solution that is for use by more than one user
and or requires an interface to business critical (as documented in the overarching
business continuity plan) established systems or services must be undertaken in
conjunction with the NHSBSA Business Solutions function.
3.
Scope
The scope of this policy:



forms part of the NHSBSA's requirement to maintain and achieve appropriate
governance for the services it delivers
ensures that employees understand what is acceptable use of any
computing device owned or operated by the NHSBSA and normally allocated
to their role
applies to all business areas of the NHSBSA.
S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current and Final\NHSBSA EUC Policy V2.0.doc
4.
Responsibilities
Responsibility for this policy resides with the Information Governance and Security
Group (IGSG):



5.
Head of Internal Governance (HoIG) will ensure the development,
maintenance and effective communication of the policy.
Information security and business managers will support the HoIG in the
communication of the policy.
Internal Audit Committee will audit as directed for compliance with this
policy.
Publication
This policy will be published by IGSG on the NHSBSA internet website and any
amendments or revisions will be notified to all staff.
6.
Guidance
Guidance for the development and maintenance of EUC solutions that meet the
criteria outlined in 2 above must be sought from NHSBSA Business Solutions within
the NHSBSA. This will be in conjunction with the use of the NHSBSA Business
Change Management Process.
7.
Security
The security of any document, spreadsheet or database developed for individual
use by an employee of the NHSBSA is their responsibility.
Any document, spreadsheet or database developed for individual use by an
employee of the NHSBSA must be protected against accidental or fraudulent
change or deletion.
Any document, spreadsheet or database developed for individual use by an
employee of the NHSBSA that stores personal data must be notified to with the
Information Governance Team to ensure compliance with NHSBSA guidance.
Every Access database needs to be registered with the Information Governance
team.
The creation of any document, spreadsheet or database for individual use
containing cardholder data is prohibited as this will breach PCI DSS compliance.
8.
Validity
This policy should be reviewed annually under the authority of the IGSG.
S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current and Final\NHSBSA EUC Policy V2.0.doc