Data Protection Policies and Procedures
We specialise in drafting data protection and information governance policy documentation. We can draft policies from scratch, or we can review and revise current policies you already have. We will work with the Buyer to ensure that the policies are also followed in practice.
Features
- Data Protection Advice and Consultancy
- Data Protection Impact Assessment (DPIA) /International Transfer Risk Assessments
- External Independent IG Reviews, Security Incidents, Data Breaches
- IG and Data Protection Training
- Data Protection Officer Services
- Fair Processing and Transparency Materials / Privacy Notices
- Data Security and Protection Toolkit ( DSPT)
- Compliance Development (SARs, SOPs; IG Policies; Information Security Policies)
- Record Of Processing Activities (ROPA) & Information Asset Registers (IAR)
- Data Sharing and Processing Agreements
Benefits
- Clear advice on data protection from legally trained consultants
- Ensured and maintained compliance with UK GDPR / GDPR
- Demonstrated expertise in IG in the healthcare sector
- Recommendations and actions to improve your organisation’s practices
- Comprehensive training packages online, remote and flexible services
- Tailored investigations to fit each client's case and needs
- Reduced work duplication and focus on practical solutions
- Keep on top of changes to legislation affecting public services
- Prevent reputational harm and financial penalties
- Implement compliant, efficient and ethical IG processes
Pricing
£65 to £220 a unit an hour
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
2 7 3 5 6 8 3 1 4 2 8 0 4 3 8
Contact
INFORMATION GOVERNANCE SERVICES LIMITED
Robin Johnson
Telephone: 02081067936
Email: procurement@informationgovernanceservices.com
Planning
- Planning service
- Yes
- How the planning service works
-
We can review and provide organisations with action plans to improve their IG processes and data protection best practices and in particular regarding:
The organisation structure to ensure that there are proper data protection roles and responsibilities in place;
The processes in which you collect, capture and process data, including any further processing your organisation takes.
The data protection/ information governance policy documentation;
The fair processing materials;
The record of processing activities and information asset registers;
The data storage processes;
The engagement with third party processors;
The internal organisational information governance practices;
The template forms, standard operating procedures (relevant to data protection);
Specific aspects of compliance you are concerned about;
For each area, we will undertake a comprehensive review to capture any strengths and weaknesses within your organisation, providing recommendations and outputs against each area for you to consider and take action on (as necessary). - Planning service works with specific services
- No
Training
- Training service provided
- Yes
- How the training service works
-
We offer the following types of training:
Staff-wide data protection training, including compliance certification upon completion: The training course will cover a wide remit of the GDPR/UK GDPR, Data Protection Act, Information Governance best practices and procedures – all tailored to your organisation.
Detailed training needs analysis on the results of staff training can be made available.
Board members/senior staff with data protection responsibility training: the training will be aimed at staff who have more organisational responsibilities for data protection. This is a more in-depth and detailed training on how they can fulfil their roles and have the knowledge to do so.
Bespoke training of identified areas of support and need: your organisation may have a gap, weakness, or an area where your team need some specific training in relation to information governance.
Examples: Training relating to handling Freedom of Information Requests or Subject Access Requests. Training regarding completing Data Protection Impact Assessments etc. - Training is tied to specific services
- No
Setup and migration
- Setup or migration service available
- Yes
- How the setup or migration service works
-
We help buyers by ensuring that the envisaged cloud migration fully complies with all requirements under data protection legislation.
We achieve this by conducting a Data Protection Impact Assessment to identify all potential risks resulting from the migration on the rights and freedoms of data subjects. Commencing with the data being migrated, the DPIA allows us to understand what personal data will be migrated, how the principles of data minimisation, accuracy and storage limitation are met, what lawful basis supports the original collection of the data. Moving to the migration of the data, we assess the necessity and proportionality of the data migration in relation the purposes, the lawful basis supporting the migration, and the technical and organisational measures applied to protect the data in transit.
Finalising by looking at the cloud service, we assess whether the technical and organisational measures implemented ensure a level of security appropriate to the risks, whether data processing agreements and other contractual arrangements satisfy the legal requirements and whether any international transfer of data complies with the required standards. Once all potential risks resulting from the migration are mapped out, we develop an action plan with measures designed to address or mitigate the risks. - Setup or migration service is for specific cloud services
- No
Quality assurance and performance testing
- Quality assurance and performance testing service
- No
Security testing
- Security services
- No
Ongoing support
- Ongoing support service
- Yes
- Types of service supported
-
- Buyer hosting or software
- Hosting or software provided by your organisation
- Hosting or software provided by a third-party organisation
- How the support service works
-
Whether an organisation is transitioning from a start-up, or when an organisation is more established, a big challenge is ensuring compliant data protection practices and procedures are in place. If you do not employ, or have, information governance or data protection professionals in your organisation, it is likely that you have gaps and weaknesses in your compliance.
When buying or using cloud services or software within your infrastructure may have impacts towards your IG processes when processing of personal data is involved. We can help you assess your information systems to make sure they are compliant with the regulations.
Service scope
- Service constraints
- We don’t offer specific project management support, by way of a formal project manager. However, we could work with a contractor if the buyer requires it.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Information Governance Services consultants have direct contact numbers which clients are able to contact for support. IGS ensures that there is a dedicated member of staff available between 9 to 5 so that routine support can always be provided between those hours. The contact number of our Lead Consultant is made available, so he can be reached out of hours for any urgent matters. For email queries we adopt a practice of acknowledging an email as soon-as-possible (but always within 24 hours) and then provide a timeframe for when the query will be answered/ completed.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Support levels
-
We will support every buyer, no matter their seize, industry or needs. We are able to provide them with the data protection expertise and support they require.
We will ensure that we provide the highest level of service possible. We are committed to ensuring that we monitor these service levels so that they meet our buyers' expectations and requirements.
Complex and nuanced pieces of work will always be reviewed by the relevant members of the contract team with particular expertise in that area to ensure that our consultants agree on the advice we are providing to buyers.
Internally, we have one-to-one supervisions, where we will discuss our performance during the contract. This will allow us to evaluate how we have provided the service to you, and if required, implement any necessary changes.
If there is any feedback which requires us to make any changes as to how we provide you with the service, then we commit to implementing those changes in as far as they are reasonably possible and within the scope of our services.
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Security Clearance (SC)
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Information Governance Services (IGS) is committed to ensuring that our business is sustainable and that the carbon footprint of the company is reduced where possible. The following policies and procedures are in place to fight climate change. IGS employees are encouraged to work remotely. Video conferences have provided a robust way of conducting business while avoiding unnecessary commutes. This policy has benefits for both employees and the environment by substantially reducing the amount of business travel. By reducing the frequency of commutes by employees, IGS also reduces the overall carbon footprint of Head Office. On days when no employees are physically in the office, savings can be made on lighting and heating the workplace. Working online can also reduce the amount of paper and supplies used by IGS. Employees are provided with company laptops rather than desktops, which are more efficient and consume less power. IGS is committed to promoting sustainability and avoiding unnecessary energy consumption at their offices. Employees are responsible for ensuring that lights are turned off at the end of the day and in rooms which are not in use. Central heating and air conditioning is kept at a minimum. Plugs are switched off at the mains when not in use. IGS do not physically print documents and business is carried out online. IGS Head Office has a fully stocked kitchen, where sufficient crockery are provided to avoid disposable cups, plastic cutlery, etc. IGS Head Office has a recycling system, including recycling bin with bright label to encourage the responsible disposal of waste.Covid-19 recovery
Information Governance Services (IGS) are a predominantly remote based organisation. During the COVID-19 outbreak staff were required to work from home. Since national restrictions have been eased, IGS staff come into the office once a week, which limits the amount of time staff are in close proximity to each other. Furthermore, all staff must adhere to health and safety rules to reduce the risk of transmission of COVID-19 in the workplace, whether or not they have been vaccinated. These rules include: Washing hands carefully and frequently; Maintaining social distancing within the office, by avoiding contact with other members of staff and staying at least 2 metres away from other individuals, where possible; Wiping down all work equipment, devices, and desks upon arrival at the office, and before exiting the office; Following current government COVID-19 guidance on the GOV.UK site. The above information is outlined in IGS’s ‘COVID-19 Safety in the Office Policy’ for staff to refer to.Tackling economic inequality
Information Governance Services (IGS) are committed to encouraging equality, diversity and inclusion among our workforce, and to eliminating unlawful discrimination. Our Commitments IGS commits to encouraging economic equality, diversity and inclusion in our workplace. IGS commits to creating a working environment free of bullying, harassment, victimisation and unlawful discrimination, promoting respect for all, and where individual differences and the contributions of all staff are recognised and valued. This commitment means that managers and all other employees must be trained about their rights and responsibilities regarding economic equality. Responsibilities include employees conducting themselves to help IGS tackle economic inequality and provide equal opportunities in employment. All employees, as well as their employer, can be held liable for acts of bullying, harassment, victimisation and unlawful discrimination, in the course of their employment. IGS commits to taking seriously any complaints by fellow employees, clients or the public and such acts will be dealt with as misconduct under the IGS Grievance procedure, with appropriate action being taken. IGS commits to making decisions concerning staff being based on merit.Equal opportunity
IGS are committed to promoting equal opportunities in employment. You and any job applicants will receive equal treatment regardless of age, disability, gender reassignment, marital/civil partner status, pregnancy/ maternity, race, colour, nationality, ethnic/national origin, religion/belief, sex/ sexual orientation (Protected Characteristics). The following forms of discrimination are prohibited under IGS policy and are unlawful: (a) Direct discrimination: treating someone less favourably because of a Protected Characteristic. (b) Indirect discrimination: a provision, criterion or practice that applies to everyone but adversely affects people with a particular Protected Characteristic more than others, and is not justified. (c) Harassment: this includes sexual harassment and other unwanted conduct related to a Protected Characteristic, which has the purpose or effect of violating someone's dignity or creating an intimidating, hostile, degrading, humiliating or offensive environment for them. (d) Victimisation: retaliation against someone who has complained or has supported someone else's complaint about discrimination. (e) Disability discrimination: this includes direct and indirect discrimination, any unjustified less favourable treatment because of the effects of a disability, and failure to make reasonable adjustments to alleviate disadvantages caused by a disability. RECRUITMENT AND SELECTION Recruitment, promotion and other selection exercises will be conducted on the basis of merit, against objective criteria that avoid discrimination. Job applicants should not be asked questions which might suggest an intention to discriminate on grounds of a Protected Characteristic. PART-TIME AND FIXED-TERM WORK Part-time and fixed-term employees should be treated the same as comparable full-time or permanent employees and enjoy no less favourable terms and conditions (on a pro-rata basis where appropriate), unless different treatment is justified.Wellbeing
Information Governance Services (IGS) are committed to ensuring and supporting the wellbeing of their employees. IGS encourages their employees to work remotely, where possible, and to maintain a healthy work-life balance. The opportunity for flexible working can reduce the time employees spend commuting and ease the pressure from the employee's personal life. The following policies and procedures apply to all persons working for IGS or on the company's behalf in any capacity, and are intended to broadly address and protect the well-being of their employees. Anti-Corruption and Bribery Policy Anti-Harassment and Bullying Policy Equal Opportunities Policy Grievance Procedure Whistleblowing policy Additional Resources: IGS uses a HR Software, which also provides a variety of resources to support the well-being of their employees. IGS is also procuring health insurance for its employees, such that they can access private healthcare whenever they need it.
Pricing
- Price
- £65 to £220 a unit an hour
- Discount for educational organisations
- Yes