Add to collection(s) Add to saved
  1. No category

GP template risk assessment impact

advertisement 
NHS Information Governance:
Guidance – Fast track risk assessment for General Practices
To assist General Practices in managing the risks to their information systems and services, an NHS Information Governance
‘impacts checklist’ form is attached. This should be copied and used for each system or service operated by or provided to the
Practice. When completed these will be helpful to compare risk ratings, and identify mitigations and fall-back arrangements for
those systems of most importance.
Guidance in the use of the checklist:
1. The fast-track risk assessment checklist should be completed ignoring any implemented IG countermeasures. It will be
helpful to document any assumptions made so that these can be reviewed in due course.
2. Assess the range of possible impacts arising from events that affect the Confidentiality, Integrity or Availability of the System,
Service or its data and with particular reference to the business capabilities of the Practice. Also consider possible
secondary impacts that may arise to business partner organisations including NHS Trusts and Social Care departments.
3. Consider the various impact assessments when deciding upon the timescale and severity assessments. Those systems of
the highest severity rating and shortest timeline to the next impact level are likely to be ones of most importance to the
Practice and its patients. In assessing each you should consider how long it would take for the Practice to have to adjust its
working practices and at what points patient care processes would be adversely affected. These assessments will help in
deciding when and how to invoke Practice contingency arrangements.
4. Complete a checklist for each system or service used by the Practice and compare and contrast the results. This is often
helpful to ensure the completeness of the assessment and to identify risks or impacts that may have been previously
overlooked.
Your completed risk assessments will help you when you are considering how best to protect the Practice and its patients against
the types of events that could cause these information governance impacts. They will also help you to better understand the
Practice’s dependency on these systems or services in order that local contingency plans may be targeted on those services of
greatest importance and criticality.
NHS IG Toolkit: Fast track risk assessment for general Practices v1.0
Page 1 of 3
NHS Information Governance:
Guidance – Fast track risk assessment for General Practices
Practice:
Assessed timescale for
severity impacts arising
from the loss of system
or service to be
considered:
System or Service:
Minor – Inconvenient
but manageable
Moderate – Some
disruption to patient
care services
(hrs/days)
(hrs/days)
Major – Serious
disruption to Practice
capabilities causing
inconvenience to
patients
Critical – disruption to
Practice capabilities
resulting in lost data and
that may have patient
safety implications
(hrs/days)
(hrs/days)
Impacts of short-term loss of service:
Impacts of medium-term loss of service:
Impacts of long-term loss of service:
Impacts of lost or corrupted data:
(List impacts eg. who or what is likely to be affected, are other organisations
or business dependencies involved)
1.
2.
etc
1.
2.
etc
1.
2.
etc
(List impacts eg. who or what is likely to be affected, are other organisations
or business dependencies involved)
1.
2.
etc
NHS IG Toolkit: Fast track risk assessment for general Practices v1.0
Page 2 of 3
NHS Information Governance:
Guidance – Fast track risk assessment for General Practices
Impacts of breach of patient or staff
confidentiality:
Impacts of theft of computer or
communications equipment:
Impacts of unauthorised access to or use of
the system or service
Impacts of other events: (List each identified
event separately)
List impacts eg. who or what is likely to be affected, are other organisations or
business dependencies involved)
1.
2.
etc
List impacts eg. who or what is likely to be affected, are other organisations or
business dependencies involved)
1.
2.
etc
List impacts eg. who or what is likely to be affected, are other organisations or
business dependencies involved)
1.
2.
etc
List impacts eg. who or what is likely to be affected, are other organisations or
business dependencies involved)
1.
2.
Date assessed: ___________________________
By (name and position held)_______________________________________________________________
NHS IG Toolkit: Fast track risk assessment for general Practices v1.0
Page 3 of 3
Related documents
Information Strategy - National Information Governance Board for
Information Strategy - National Information Governance Board for
Governance template
Governance template
Innovation Hub Presentation
Innovation Hub Presentation
Helen Suddes – Talent for Care
Helen Suddes – Talent for Care
IMAGING REQUEST FORM for Lower GI Studies
IMAGING REQUEST FORM for Lower GI Studies
How We Use Your Health Records
How We Use Your Health Records
Q Will Sign up for Safety replace risk management assessments?
Q Will Sign up for Safety replace risk management assessments?
Information Governance Policy - Royal College of Psychiatrists
Information Governance Policy - Royal College of Psychiatrists
Download
advertisement