Information Governance policy
9 October 2018
Digital Identity is a vital asset. Government, corporate and individual rights to privacy and accuracy of results must be protected.
GlobalEdentity, LLC follows all appropriate legal regulations including the European Union General Data Protection Regulation (GDPR) and United States laws and regulations regarding data access and privacy.
All data is hosted in redundant, highly secure facilities. All access to servers is limited to defined need, carefully managed and logged.
It is therefore of paramount importance that information is efficiently managed, and that appropriate policies, procedures, management accountability and structures provide a robust governance framework for information management.
- Purpose of the policy
This Information Governance (IG) policy provides an overview of the organization’s approach to information governance; a guide to the procedures in use; and details about the IG management structures within the organization.
- The organization’s approach to Information Governance
GlobalEdentity, LLC. undertakes to implement information governance effectively and will ensure the following:
- Information will be protected against unauthorized access;
- Confidentiality of information will be assured;
- Integrity of information will be maintained;
- Information will be supported by the highest quality data;
- Regulatory and legislative requirements will be met;
- Business continuity plans will be produced, maintained and tested;
- Information governance training will be provided to all staff as necessary to their role;
- All breaches of confidentiality and information security, actual or suspected, will be reported and investigated.
- Procedures in use in the organization
This Information Governance policy is underpinned by the following procedures:
- Identity management procedure that set outs how digital identity will be created, used, stored and disposed of;
- Access control procedure that sets out procedures for the management of access to computer-based information systems;
- Information handling procedure that sets out procedures around the transfer of confidential information;
- Incident management procedure that sets out the procedures for managing and reporting information incidents;
- Business continuity plan that sets out the procedures in the event of a security failure or disaster affecting computer systems;
- Staff guidance in use in the organization
Staff compliance with the procedures is supported by the following guidance material:
- Records management: guidelines on good record keeping;
- Staff confidentiality code of conduct: sets out the required standards to maintain the confidentiality of personally identifiable information; obligations around the disclosure of information and appropriately obtaining identified persons’ consent;
- Access control: guidelines on the appropriate use of computer systems;
- Information handling: guidelines on the secure use of personal information;
- Using mobile computing devices: guidelines on maintaining confidentiality and security when working with portable or removable computer equipment;
- Information incidents: guidelines on identifying and reporting information incidents.
- Responsibilities and accountabilities
You can contact the Information Governance lead for the organization at firstname.lastname@example.org.
The key responsibilities of the lead are:
- Develop and implement IG procedures and processes for the organization;
- Raise awareness and provide advice and guidelines about IG to all staff;
- Ensure that any required training is completed;
- Coordinating the activities of any other staff given data protection, confidentiality, information quality, records management and Freedom of Information responsibilities;
- Ensure that digital identities are kept secure;
- Monitor information handling in the organization to ensure compliance with law, guidance and local procedures;
- Ensure clients and shareholders are appropriately informed about the organization’s information handling activities.
The day to day responsibilities for providing guidance to staff will be undertaken by the GlobalEdentity Information Governance department.
The corporate officers and partners/owner(s) of the organization are responsible for ensuring that sufficient resources are provided to support the effective implementation of IG in order to ensure compliance with law, professional codes of conduct, and other relevant information governance assurance frameworks.
All staff, whether permanent, temporary or contracted, and contractors are responsible for ensuring that they are aware of and comply with the requirements of this policy and the procedures and guidelines that support it.