Information Governance Wiki
This website has been developed to provide IG professionals with a single resource covering the key aspects of PKB's Information Governance approach.
If you are unable to find what you are looking for or feel that certain documentation should be included, please email firstname.lastname@example.org - we will be happy to assist with your query and welcome suggestions on how we could improve this website.
Compliance Pack (Zip Archive)
For convenience, all key documents can be downloaded as a single archive for local reference and attachment to other documentation.
- Agreements and Legal
Dataflows -- An overview of the dataflows, a detailed and deployment-specific dataflow will need to be produced by Providers
DPIA -- PKB's Data Protection Impact Assessment (Published in 2020)
JCA -- The Joint Controller Agreement, replaces previous agreements like the Information Processing Agreement
Legal Opinion -- Legal opinion from Tim Pitt-Payne QC of 11KBW, lay summary by DAC Beachcroft LLP
The Model -- An overview of the lawful basis and PKB Joint Controller Model
- Registrations & Certification
Cyber Essentials Plus -- PKB's CE+ certification
DSPT -- Details of PKB's Data Security and Protection Toolkit
DTAC -- Details of PKB's DTAC submission
ISO27001 -- ICO27001 certificate for Google Cloud Platform and PKB's own ICO27001 compliance documents
ODS, ICO, etc. -- Registrations; ICO Data Protection Register, NHS Data Organisation Service, etc.
Business Continuity -- Overview of PKB's Business Continuity approach
Incident Management -- PKB's Incident Response and Management Policy, mapped against NHS Digital guidelines
Privacy Notice -- Privacy information provided to Patients
Retention Policy -- PKB's approach to retention and deletion
Security Policy -- PKB's Information Security Policy