Information Management Strategy.pdf - Lincolnshire Police

More documents

Recommendations

Info

NOT PROTECTIVELY MARKEDi) An organisational structure is established for the delivery of effective IA. This shouldinclude an effective process for achieving security awareness and accountability;ii) Funding is available to train staff who have IA responsibilities to meet recognisedprofessional IA standards (ITPC, IISP, CISSP etc);ii) IA requirements are addressed in strategic planning and are accepted as an integral partof the business;iv) Corporate security policies (are produced to) ensure consistency across the organisationand compliance with relevant laws, regulations and IA standards;v) Contingency planning in the form of disaster recovery, business continuity and forensicreadiness plans are produced and comply with recognised National and InternationalStandards and good practice guidance;vi) There is an assurance process to monitor and maintain the effectiveness of the corporateIA policies and plans;vii) All risk management decisions are justified and accountable in the context of the businessrequirement and there is a clear understanding of the potential business impact;viii) An escalation process is established to resolve conflict with or exceptions to corporate IArequirements (business objectives and risk tolerance);ix) Where an information system crosses organisational boundaries, or connects to a multiorganisationalservice, controls and reporting mechanisms are in place to support thewider IA governance requirements;x) Staff with delegated authority are in place to monitor and manage risk and are aware thatthey are accountable to the board.6.5 Information Asset Owner (IAO)a) The SPF requires forces to have Information Asset Owners (IAO) for each identifiedinformation asset. IAOs are senior individuals involved in running the relevant business.Their role is to:i) Lead and foster a culture that values, protects and uses information for the publicgood;ii)iii)Know what information assets the Department holds, what enters and leaves theDepartment and why;Know who has access and why and ensures their use is monitored;NOT PROTECTIVELY MARKED 38
NOT PROTECTIVELY MARKEDiv)Understand and address risks to the asset and provides assurance to the SIRO;v) Ensures the asset is fully used for the public good including responding torequests for access from others.6.5.1 In relation to Review, Retention and Disposal (RRD) of policing purpose information withinLincolnshire Police‟s designated systems, this will be dealt with in accordance to the RRDPolicy PD54 under the control of the Information Manager.6.5.2 The accurate Review, Retention and Disposal of information will ensure the following:Safer communities and improved public confidence will follow from moreeffective tasking and better decision-making. This will be realised by aninformation management infrastructure containing accurate and completerecords that supports effective searching.Linked records and elimination of duplicate entries can be expected to delivertangible operational benefits by:1. Less time needed to access better information2. Better deployment of operational resources3. Associations between crimes and offenders more easily made4. Reduced risk of missing significant informationBetter access to quality information reduces operational risks, resulting in safercommunities and justifies the efforts of all staff in ensuring compliance withMoPI.6.6 Senior Responsible Owner (SRO)6.6.1. The SRO is responsible for managing the information risk for specific programmes orprojects to ensure they meet the objectives agreed with the SIRO and Board levelbusiness owners. The SRO must understand the IA risks to the programme or project andhow it may impact the strategic goals of the programme or project. The SRO is alsoresponsible for ensuring that information risk management processes are carried outwithin the programme or project. The SRO cannot assume ownership of any corporateNOT PROTECTIVELY MARKED 39
Page 1 and 2: NOT PROTECTIVELY MARKEDLincolnshire
Page 3 and 4: NOT PROTECTIVELY MARKED2. Informati
Page 7 and 8: NOT PROTECTIVELY MARKEDPreventing t
Page 9 and 10: NOT PROTECTIVELY MARKED3. Strategic
Page 11 and 12: NOT PROTECTIVELY MARKED Review, ret
Page 13 and 14: NOT PROTECTIVELY MARKED6.2 This str
Page 15 and 16: NOT PROTECTIVELY MARKED7.4.3 Full d
Page 17 and 18: NOT PROTECTIVELY MARKED8. Responsib
Page 21 and 22: NOT PROTECTIVELY MARKEDHead Crime-
Page 23 and 24: NOT PROTECTIVELY MARKEDG4S Customer
Page 25 and 26: NOT PROTECTIVELY MARKED5.1.1 Lincol
Page 27 and 28: NOT PROTECTIVELY MARKEDDecision as
Page 29 and 30: NOT PROTECTIVELY MARKED5.3.5 The fo
Page 31 and 32: NOT PROTECTIVELY MARKEDdepartment t
Page 33 and 34: NOT PROTECTIVELY MARKED6.1.1 The fo
Page 35 and 36: NOT PROTECTIVELY MARKEDi) Informati
Page 37: NOT PROTECTIVELY MARKEDviii) Compli
Page 41 and 42: NOT PROTECTIVELY MARKEDi) Developin
Page 43 and 44: NOT PROTECTIVELY MARKEDData Protect
Page 45 and 46: NOT PROTECTIVELY MARKEDii)iii)Docum
Page 47 and 48: NOT PROTECTIVELY MARKEDix) Maintain
Page 49 and 50: NOT PROTECTIVELY MARKEDix) Co-ordin
Page 51 and 52: NOT PROTECTIVELY MARKEDii) To provi
Page 53 and 54: NOT PROTECTIVELY MARKEDvi) Liaising
Page 55 and 56: NOT PROTECTIVELY MARKEDAppendix ABU
Page 57 and 58: NOT PROTECTIVELY MARKED ACPO Guidan
Page 59 and 60: NOT PROTECTIVELY MARKEDInformation
Page 61 and 62: NOT PROTECTIVELY MARKEDOwner of pol
Page 63 and 64: NOT PROTECTIVELY MARKEDPolicy numbe
Page 65 and 66: NOT PROTECTIVELY MARKED13. Privacy
Page 67 and 68: NOT PROTECTIVELY MARKEDLinkage with

Information Management Strategy.pdf - Lincolnshire Police

Create successful ePaper yourself

Delete template?

Save as template?