P_IG_12 Information Risk and Privacy Impact Assessment

The purpose of this policy is to establish employee responsibility and the rules of conduct for all members of staff regarding information risk management.  This policy applies to all staff in the Trust.

It is the policy of the Trust to ensure that:

  • Information is protected against unauthorised access
  • Confidentiality of information is assured
  • Integrity of information is maintained
  • Information shall be available and delivered to the right person, at the time when it is needed
  • Regulatory requirements and legislation are met
  • Information technology systems are used in a manner that prevents the release of information (by accident or deliberate/criminal act), ensures their safe use and avoids damage to the specific system or any other system to which it is connected
  • Information that can be used to identify a person including confidential information about that person, business information and confidential business information is restricted to authorised users only
  • Business continuity plans (BCP) are produced, maintained and tested
  • Information security training is available to all staff

Document Type: