- What is the purpose of Information Security
The purpose of the policy is to define our approach to
information, systems and communications security. This policy is
applicable to all permanent, contract and temporary personnel, and
to all third parties who have access to Newham systems and
- What are the objectives of the Information Security
The principal objectives of this policy are: • To protect Newham
information assets from all threats, whether internal or external.
• To ensure that all Newham personnel are fully aware of the
requirements of information security. • To identify to all
personnel their respective responsibilities in relation to the
security of information. • To ensure that all personnel are aware
of the requirement for them to comply with all Information Security
related legislation. • To protect customer information and assets.
• To ensure that Newham meets, or exceeds, all aspects of security
- How are the Caldicott Standards observed by the council?
We: 1. Inform clients about the use of information concerning
them (making arrangements for clients with special needs). 2.
Develop a code of conduct on confidentiality, which is updated
regularly. 3. Develop a staff induction procedure to ensure staff
have a comprehensive awareness of the requirements of Caldicott. 4.
Ensure there is ongoing assessment of staff training needs
(including evaluation as part of our appraisal process). 5. Provide
In-house training for all staff. 6. Ensure formal confidentiality
contracts are made with contractors and support organisations. 7.
Have regular reviews of information flows containing personally
identifiable information. 8. Ensure ownership is established for
all information/data. Owners need to justify this purpose and agree
staff access with the Caldicott Guardian. 9. Develop safe haven
procedures for all relevant information flows. 10. Review security
policy annually (check staff awareness and comprehension).
11.Ensure there is staff awareness of who has responsibility for
information security. 12. Ensure that an information risk
management programme exists (outcomes, reports and recommendations
are provided to senior management). 13. Ensure all security
incidents are documented and accessible to staff. 14. Ensure that
security monitoring is in place. 15. Ensure that password changes
are enforced on a regular basis. 16. Ensure that all staff have
defined access rights agreed by the Guardian.
- What are the benefits of Caldicott?
1. It breaks down barriers to partnership working. 2. Service
users and the public will have more confidence in the Council (in
the handling of personally identifiable information). 3. It will
work towards a seamless service between the Council services and
- Who is the Caldicott Guardian?
The Head of Information Governance has the overall
responsibility of making sure everyone in the council understands
the Caldicott Standards and applies them.
- What is a record?
Recorded information, in any form, (manual, electronic and
technological e.g. audio or video tape) which is created by or
received and maintained by us is a record. This includes all
recorded information in respect of any transactions or function or
activity carried out by us ranging from individual casework,
research, decision making, internal management of the business and
policy strategy formulation. It includes all records of opinion as
well as fact whether maintained in any structural form or not (e.g.
letters/memos out and in, file notes, notes of opinion, typed or
handwritten documents, leaflets, posters, tapes of conversations/
messages, reports, spreadsheets, working documents, metadata and
rough drafts). It will also include voice recordings, contact
centre recordings, voice mail, answer phone messages, instant
messaging and text messages.
- What is not a record?
Unrecorded information, information which will be recorded in
the future but has not yet been or information which was recorded
but has been destroyed where there is no other record available,
(this includes, conversations, minutes of meetings not yet produced
(but notes would be) and destroyed records (where all versions have
been destroyed permanently).
- Why is record management important?
Effective records management will help us to meet our aims and
legal requirements and help us access the information needed
speedily to do our jobs effectively.
- What is meant by re-use?
You must ask if you wish to re-use our information in such a way
that without permission, could breach our copyright.
- What are the Re-Use of Public Sector Information
Set conditions for copyright, licensing and terms for re-use of
public information The Re-use of Public Sector Information
Regulations 2005 started 1st July 2005 European Communities (EC)
- What are the basics of the Re-use of Public Sector
We do not have to make information available for re-use under
the Public Sector Information Regulations. We have 20 working days
from the first working day after the request is received for a
response to a request for re-use. We may extend this period if the
request is complex. We can charge a licence fee if we do not wish
re-use of our information to be free. We have to make available our
conditions for the re-use of information and any applicable
charges. We must not discriminate between applicants making
requests for re-use for comparable purposes. We should make
Information available for re-use electronically if
- Who are included in the regulations?
The following are included: Minister of the Crown Government
Departments Parliament Local Authorities Police National
Health Service Fire Authority, etc
- What does it exclude?
It excludes the following: Public Service Broadcasters
Educational and Research Establishments Cultural Establishments
Information exempt under FOI or EIR Breach of Data Protection
Someone else's copyright Outside Council's
- What do we have to do?
You have to: We have to set conditions for re-use of
information, which includes fees, if applicable. We need to
prepare and maintain an information asset register and arrange
access. Comply if copyright / licensing requirements.
- How do I make a request?
The request has to be in writing and can be sent
electronically i.e. email. The request has to be legible.
States name of the applicant and address for correspondence.
Specify the document requested. The request is sent to: Information
Governance 2nd Floor, Broadway House High Street London E15
- What information can be requested?
Statistics Tourists information Geographical information
Environment information Educational information Research
Census data Official records Contractors information Leaflets
and forms Any thing that the Council Public Information we
charge for Information we are asked for regularly Databases of
- What are information protocols?
Information protocols are agreements that provide the following
details: 1. The principles for information sharing 2. Relevant
legislation, guidance and procedure, including the Data Protection
Act and Caldicott 3. The conditions we need to meet if we are
sharing information 4. How we ask service users for consent to
share information. [back to top]