Info assets

The request was successful.

Interested to know

Dear Birmingham Community Healthcare NHS Foundation Trust,

I wish to understand the structure within your organisation around the management of information/data flows and their associated risks and what are your systems and processes you have in place to manage and monitor them. Therefore, to help to understand what is the core business function of these flows, I wish to ask the following;

Roles and Structures

1. Who carries out the role of your Senior Information Risk Officer (SIRO) and is this a dual or stand alone role - Full Job title and name
2. Who carries out the role of Chief Information Officer (CIO) and is this a dual or stand alone role - Full Job title and name
3. Who carries out the role of Data Protection Officer (DPO) and is this a dual or stand alone role - Full Job title and name
4. Who carries out the role of IG Manager (or equivalent ie. Head of IG) - Full Job title and name
5. Questions 1 - 4 - Can we please have a copy of their job descriptions (Whether these are dual or stand alone job descriptions) and their pay banding.
6. Questions 1 - 4 could we please have a copy of their department structure
7. Do you have a separate structure specifically to support SIRO/CIO in their roles?

Information Assets

1. Do you have an information asset structure to support SIRO, can you advise on this is not covered by the above structure chart.
2. Have you identified your information asset owners and administrators? What role do they take within your organisation (e.g. head of service level) and how are their responsibilities defined. If in a document or JD please provide a copy.
3. Do you deliver a training package to your Information Asset Owners and/or administrators? How often do they do this training?
a. If so, can we please see a copy?
4. Do you have a group where the IAO/ IAA or SIRO meet and discuss information risk and if so could I have a copy of the Terms of reference for this group.

System and Process

1. What software do you use to map out your information assets i.e. excel, third party solution such as One Trust, CoreStream
2. Could I request a copy of your information asset register (template) and data flow mapping template
3. Could we please have a copy of your Data Protection Impact Assessment (DPIA) template.

Yours faithfully,

Thom Smith

BCHC, Foi (BIRMINGHAM COMMUNITY HEALTHCARE NHS FOUNDATION TRUST), Birmingham Community Healthcare NHS Foundation Trust

1 Attachment

Dear Thom

We received your information request below on 30 July 2020.  We will be
dealing with it under the terms of the Freedom of Information Act 2000,
which requires that we respond within 20 working days of our receipt by 27
August 2020.

Covid-19: In light of the current national emergency and in order to
support the NHS response, it may take longer to respond to your request. 
It is not possible to give a definite timeframe, but we will endeavour to
respond at the earliest opportunity, and thank you for your understanding
during this difficult and challenging time.

Please note the above, unique Request ID and quote it in all future
correspondence regarding this particular request.

Thank you.

Regards

Eugene C Aninweze

Freedom of Information Officer

Tel:                 0121 466 7293

Internal:         67293

Email:            [1][email address]

Web:              [2]www.bhamcommunity.nhs.uk

Corporate Division

Legal Services Team

Birmingham Community Healthcare NHS Foundation Trust

3 Priestley Wharf, Holt Street, Birmingham Science Park, Aston

Birmingham B7 4BN

show quoted sections

BCHC, Foi (BIRMINGHAM COMMUNITY HEALTHCARE NHS FOUNDATION TRUST), Birmingham Community Healthcare NHS Foundation Trust

10 Attachments

Dear Thom

Further to your information request, please find attached our
organisational response.

This request is now closed.

But please note and quote the above, unique Request ID should you wish to
contact us again in respect of this particular request.

Thank you.

Regards

Eugene C Aninweze

Freedom of Information Officer

Tel:                 0121 466 7293

Internal:         67293

Email:            [1][email address]

Web:              [2]www.bhamcommunity.nhs.uk

Corporate Division

Legal Services Team

Birmingham Community Healthcare NHS Foundation Trust

3 Priestley Wharf, Holt Street, Birmingham Science Park, Aston

Birmingham B7 4BN

cid:image001.png@01D66993.DC6FED00

show quoted sections

This e-mail and any files transmitted with it are private and
confidential. If you have received it in error you must not use, copy,
disclose or store the information contained within this email or
attachments. Please notify the sender immediately by using the reply
function and permanently delete what you have received. The statements and
opinions expressed in this message are those of the author and do not
necessarily reflect those of Birmingham Community Healthcare NHS
Foundation Trust.

Computer viruses can be transmitted by email. Messages and any attached
files will have been checked with virus detection software before
transmission, however we advise you to check emails and any attachments
for the presence of viruses as neither the Trust nor the sender accept
responsibility for any viruses transmitted by this email and/or any
attachments.

Confidentiality

The information contained in an email must comply with General Data
Protection Regulations 2016 & [7]Data Protection Act 2018 may be subject
to disclosure as required by law including under the [8]Freedom of
Information Act 2000.  Unless the information requested is legally exempt
from disclosure, we cannot guarantee that we will not provide the whole or
part of an email to a third party making a request for information about
the content of the email. Internet e-mail not secure, E-mails sent via the
Internet could be intercepted and read by someone else. Please bear that
in mind when deciding whether to send material to Birmingham Community
Healthcare NHS Trust, partner organisations or the NHS in general.

The principles of the Data Protection Act 2018 and the Caldicott
guidelines should be adhered to at all times. Incoming and outgoing email
messages may be monitored in accordance with the Telecommunications
Regulations 2000 and Human Rights Act 2000.

show quoted sections