VISION MISSION STRATEGY GOALS (DATA)
| Vision | To be an confident and capable in Records Management, compliant with GDPR Compliance and Cyber Security with the ability to control data > information > knowledge > decisions to inform our development of products and services and protect our colleagues, customers and commercial data. |
| Mission | To have an integrated approach to Information Governance which drives the business, providing insights for Strategy and measures for operations which improve what we do, how we do it, and the value we provide to our colleagues, customers and commercial partners. |
| Strategy | To work collaboratively across projects and operations co-ordinating the themes outlined below. |
| Area | GDPR Legal Compliance | Cyber Security | Records Management |
| Leader | |||
| Work--Stream Participants | |||
| Aim | What are our key goals All policies updated and communicated All roles updated and communicated All processes mapped All necessary DPIAs complete All necessary DSA CPA complete All privacy notices complete Retention agreed Classification agreed | What are our key goals All policies updated and communicated All roles updated and communicated All systems / contracts / SLAs reviewed CyberEss Certification for Pharmacy CyberEss Certification for Medical CyberEss Certification for Funeral CyberEss Certification for Travel | What are our key goals Policy of what gets stored where agreed All roles updated and communicated Move to Level 3 on Maturity Model Document Management System Set-up H:\ & L:\drive moth-balled Retention agreed & applied Classification agreed & applied Archive /Destruction Policy |
| Critical Success Factors (What is Important?) | Critical Success Factors (What is will make the difference, what is key to success?) Having necessary engagement of people Having the time/priority Having the funding Having the knowledge/expertise | Critical Success Factors (What is will make the difference, what is key to success?) Having necessary engagement of people Having the time/priority Having the funding Having the knowledge/expertise | Critical Success Factors (What is will make the difference, what is key to success?) Having necessary engagement of people Having the time/priority Having the funding Having the knowledge/expertise |
| Key Performance Indicators (How do we measure?) | Key Performance Indicators (How do we measure?) Number of Breaches Number of D-SARS Number of DPIAs complete Number of DSA/CPA contracts Number of people trained GDPR Dashboard Scores Governance and Accountability x pct Training and Awareness x pct Records Management x pct Security of Personal Data x pct Subject Access Requests and Individual Rights x pct Data Sharing x pct Information Risk Assessment (DPIA) and Management x pct Direct Marketing x pct | Key Performance Indicators (How do we measure?) Number of people trained C2M2 Metrics Dashboard Scores Risk Management x pct Asset, Change, and Configuration Management x pct Identity and Access Management x pct Threat and Vulnerability Management x pct Situational Awareness x pct Information Sharing and Communications x pct Event and Incident Response, Continuity of Operations x pct Supply Chain and External Dependencies Management x pct Workforce Management x pct Cybersecurity Program Management x pct | Key Performance Indicators (How do we measure?) Number of people trained Records Management Maturity Scores Management Control Level 1 Benefits Management Level 1 Financial Management Level 1 Stakeholder Engagement Level 1 Risk Management Level 1 Organisational Governance Level 1 Resource Management Level 1 |
| In 3 Months | All Data Owners identified and trained All processes mapped in Data Asset Inventory Newsletters on-going SMT/EMT Dashboard reporting All CCTV DPIAs complete Templates for DPIAs DSA/CPA contracts all agreed GDPR Dashboard Scores above x pct | All Data Owners identified and trained USBs “blocked” (as necessary) Newsletters on-going SMT/EMT Dashboard reporting x pct on CE Dashboard Tool Templates for IT/Supplier due diligence all agreed C2M2 Metrics Dashboard Scores above x pct | Policy of what gets stored where agreed All roles updated and communicated All physical cabinets reviewed Clear Desk Policy Applied Newsletters on-going SMT/EMT Dashboard reporting Archive /Destruction Policy Suppliers/Procurement Processes Agreed (eg contracts) |
| In 6 Months | All necessary DPIAs complete All necessary DSA CPA complete All PII forms note T&C/Privacy GDPR Dashboard Scores above x pct | x pct on CE Dashboard Tool All systems have a “users list” which is reviewed by the Data Owner for RBAC C2M2 Metrics Dashboard Scores above x pct | Move to Level 1 on Maturity Model Archive /Destruction In Practice (eg outsourced Suppliers) Contracts Database complete |
| In 12 Months | Audit/Compliance Checks in-place GDPR Dashboard Scores above xpct | Audit/Compliance Checks in-place x pct on CE Dashboard Tool C2M2 Metrics Dashboard Scores above x pct | Document Management System Set-up Audit/Compliance Checks in-place Records Management Maturity Scores = 2 |
| In 24 Months | Audit/Compliance Checks identify 100pct compliance | Audit/Compliance Checks identify 100pct compliance | Audit/Compliance Checks identify 100pct compliance |
