For Derbyshire County Council employees
Subscribe for updates
Subscribe for updates
Search toggle
Menu
     
close menu
Home Information security Information governance Information governance group

Information governance group

The objective of the information governance group is to ensure that an appropriate, comprehensive information governance framework is in place throughout the organisation, in line with national and regional standards.

Other objectives include:

  • manage and review our information security management system (ISMS) to ensure its continuing suitability, adequacy and effectiveness. This shall include identifying opportunities for continuous improvement and the need for change
  • review, monitor, publicise and ensure the continuous development of effective information security related policies, procedures and guidelines
  • ensure information security communications and awareness training is effective
  • ensure we remain compliant with information legislation, regulations, best practice and contractual obligations
  • ensure our systems and processes are secure, fit for purpose and we're able to work collaboratively with third parties and share information with those third parties securely and in accordance with legal requirements
  • raise awareness of issues from the National Cyber Security Centre (NCSC) to build and improve our capability to manage cybersecurity threats and incidents
  • to seek cultural change within the organisation, such that keeping personal information safe but sharing information where it is legal and appropriate to do so, is embedded in everything we do

Roles of the group include:

  • developing our information governance work programme to establish good practice, promote a culture of information security awareness and ensure improvements to existing processes are implemented
  • ensuring that an appropriate comprehensive information governance framework and systems are in place throughout our organisation in line with national standards
  • informing and reviewing our management and accountability arrangements for information governance
  • validating reviews of existing information policies, procedures and guidelines and develop responses to new threats as they emerge
  • developing and maintaining an information security management system which conforms to the ISO 27001 standard
  • raising concerns, risks and issues associated with information security and to ensure that 'lessons learned' from data breaches are implemented within the organisation
  • establishing and supporting effective communication to ensure that our approach to information handling is communicated to all employees, including elected members, partner agencies, contractors and vendors with access to our systems and made available to the public
  • to promote best practice in safe and secure information sharing with third parties in support of service objectives
  • coordinating the activities of employees with data protection, confidentiality, security, information quality, records management and freedom of information responsibilities
  • offering support, advice and guidance to the Caldicott function and data protection programme within our organisation
  • monitoring our information handling activities to ensure compliance with law and guidance
  • ensuring that information governance awareness training is made available, and is taken up by staff as necessary to support their role
  • providing a focal point for the resolution and / or discussion of information governance issues
  • receiving reports from the information implementation working group
  • assisting us in compliance with the UK General Data Protection Regulations (UK GDPR)
  • reviewing data protection impact assessment process and seek to ensure we're applying a consistent approach

Membership

The membership of the information governance group will be:

  • Director of Digital Services (chair)
  • Data Protection Officer (vice chair)
  • Risk manager or nominee
  • Records manager
  • one senior representative from each service department
  • one senior representative from legal services, audit services, communications, property services, digital services and HR services

Group members

Leonardo Tantari (chair), corporate services and transformation - director of digital services

Jane Lakin, corporate services and transformation - assistant director of legal services and data protection officer

Neil Brailsford, adult social care and health - service manager

Lee Gregory, corporate services and transformation - HR head of service

Mel Turvey, corporate services and transformation - research and information manager

Dave Trubee, place - service relationship manager

Spenser Geeson, corporate services and transformation - senior auditor, audit services

Jon Dobinson, corporate services and transformation - county property systems and records manager

Hazel Coates, corporate services and transformation - risk and insurance manager

Martin Stone, children's services - team manager

Sinead Roberts, corporate services and transformation - senior solicitor, legal services

Mark Smith, place - corporate records manager

Jo Williams, corporate services and transformation - information security and governance manager

Members of the group will:

  • ensure engagement and awareness of the work of the Information Governance Group with executive directors, directors and senior management teams
  • reflect the views of their department and function and contribute to decision-making on action plans, policy developments and service delivery relating to information governance
  • consult with their department and function and contribute views based upon implications for implementation of information governance requirements from their departmental or function service delivery perspective
  • keep departments and functions informed on priorities, developments and decisions
  • ensure communication mechanisms are in place within their departments and functions to ensure information and actions are cascaded throughout our organisation
  • implement any agreed actions ensuring consistency of approach throughout the council
  • influence actions, behaviours and approaches and promote issues regarding information governance and best practice for sharing and collaboration with third parties within their department and function
  • maintain sensitivity, confidentiality and diplomacy with regard to any proposals

Organisation and structure

  • meetings will be held on a monthly basis
  • minutes of the meetings will be taken and circulated as appropriate within the council
  • the Director of Digital Services will report data issues to our corporate management team (CMT) as appropriate
  • our data protection officer will also report to CMT as they think appropriate
  • members of the group are responsible for ensuring that issues raised are reported to their respective management teams

Meetings

The group meets monthly. Contact Jo Williams for dates.