Cookies on this website
We use cookies to ensure that we give you the best experience on our website. If you click 'Continue' we'll assume that you are happy to receive all cookies and you won't see this message again. Click 'Find out more' for information on how to change your cookie settings.

Flummoxed by FOI's? Feeling some tension about Records Retention? Intimidated about Incident Reporting? You've come to the right place. This page is a helpful guide to all things Information Governance related. Refresher training sessions will be coming soon, but meanwhile please take a moment to read some of the handy overviews listed below. They're really quite helpful and should set you straight on terminology, legal obligations and best practice.

Information Governance

The DSP Toolkit (formerly the Information Governance Toolkit) is an online self-assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.

Submission of incident reports, completion of asset registers, compliance with retention schedules...just about everything on this page is required to evidence that the department is processing data securely and legally. 

Ensuring staff are fully informed, confident and comfortable with Information Governance is essential for our ability to continue using data for health research and maintaining a strong reputation for data security.

It is everyone's responsibility to comply with the GDPR, Data Protection Act 2018 and also University policy regarding Information Governance. 

Further information on the DSP toolkit can be found here


Information Governance

All Department Members must complete the following two trainings initially upon hire and annually thereafter:

  1. The University Information Security Awareness Module (the Module) is available through the IT Services’ online course booking system (CoSy).

To book this training, Members shall follow these steps:

a)    Copy and paste this link into their web browser:

b)    Under the “Tools and Resources” banner on this landing page, click on the link provided to access the module.

c)    Log-in using SSO credentials;

d)    Complete the course booking within the CoSy application;

e)    Access the training completion certificate from the Cosy dashboard; and

f)     Upload the training certificate into the Department IG policy management application (PRISMs-IG) as evidence of completion.

To pass the module, Members must score 75% or above. If a Member does not pass, the application will trigger a retest. Once a Member has passed, he/she will need to access the course completion certificate and completion of a short online evaluation.

  1. Department IG Policies and Guides

These outline the Department IG requirements, procedures and protocols.  All Members access these on demand through Department IG policy management application (PRISMs-IG):

Members complete their review of these documents and attest to reading and understanding them. The IGM (Phil Nieri) monitors and confirms the completion of the above two trainings initially upon hire and annually thereafter.

More information is available in the Department IG training policy (PHC_POL_IG105 _v4.0_Training_Policy).


Information Governance

One of the ways our department ensures staff  are confident and familiar with data protection is through the conducting of Spot Check Audits. This process isn't meant to scare you! It's simply a way that we can check that data is being processed securely, staff have had an opportunity to review our policies, and we're meeting our obligations under the GDPR (General Data Protection Regulation).

You will be told in advance that a spot check audit is taking place.

The spot check audit form can be found here.