Trust HQ
Edward Jenner Court
1010 Pioneer Avenue
Brockworth
Gloucester
GL3 4AW
—
E-mail: freedomofinformation@ghc.nhs.uk Website: www.ghc.nhs.uk
DATE: 23/09/2021
Freedom of Information Request – Ref: FOI 214-2122
Thank you for your recent Freedom of Information request. Please find our response below.
1. Does the Trust have appointed Information Asset Owner’s Yes.
2. If the answer to Q1 is yes, how often are they trained, when was the training last delivered and who is responsible for organising the training? On appointment and then bi annually refresher.
3. Are you or have you considered becoming ISO 27001 compliant or certified? If so whom is responsible for the project? Not at present.
4. How is 3rd Party supplier risk assurance managed, in particular the risk in the areas of data protection and information security and who is responsible for this, if relevant? This is managed at the contracting stage with due diligence checks carried out. All contracts have standard DPA and IS clauses in place as per the NHS standard contract.
5. When did you last conduct a Physical Security risk assessment of the Trust’s Estates. and Buildings., and who is responsible for managing risk in this area? There are IG sight surveys carried out annually, which do touch on some physical security elements. Physical Security Risk Assessments are the responsibility of the Accredited Security Management Specialists within the Trust. They are conducted on a rolling programme or in the event of a security breach. Should you have any queries in relation to our response in this letter, please do not hesitate to contact me. If you are unhappy with the response you have received in relation to your request and wish to ask us to review our response, you should write to:-
– Head of Legal Services / Associate Director of Corporate Governance Gloucestershire Health and Care NHS Foundation Trust
Edward Jenner Court
1010 Pioneer Avenue
Gloucester Business Park
Brockworth
GLOUCESTER GL3 4AW
——-
E-mail: —
If you are not content with the outcome of any review, you may apply directly to the Information Commissioner’s Office ICO. for further advice/guidance. Generally, the ICO will not consider your case unless you have exhausted your enquiries with the Trust which should include considering the use of the Trust’s formal complaints procedure. The ICO can be contacted at: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Yours sincerely,
Freedom of Information Officer
On behalf of Gloucestershire Health & Care NHS Foundation Trust
FOI Request
Sent: 03 September 2021 14:30
Subject: Freedom of Information request
This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe. If unsure, please contact ghcit@ghc.nhs.uk
Good afternoon,
I would like to make an FOI request please, please feel free to publish the response publicly, however if you do I would appreciate if my personal details were removed prior to publishing.
1. Does the Trust have appointed Information Asset Owner’s IAO’s.
2. If the answer to Q1 is yes, how often are they trained, when was the training last delivered and who is responsible for organising the training? as in, the person. 3. Are you or have you considered becoming ISO 27001 compliant or certified? If so whom is responsible for the project? as in, the person. 4. How is 3rd Party supplier risk assurance managed, in particular the risk in the areas of data protection and information security and who is responsible for this, if relevant as in, the person. 5. When did you last conduct a Physical Security risk assessment of the Trust’s Estates. and Buildings., and who is responsible for managing risk in this area? as in, the person. Kind Regards