B/17/73. PACS Update for the NSS Executive Board. NSS Formal Board Meeting 29 June 2017
|
|
- Griselda Hutchinson
- 6 years ago
- Views:
Transcription
1 B/17/73 NSS Formal Board Meeting 29 June 2017 PACS Update for the NSS Executive Board Purpose The Board is asked to review and consider the PACS Update report in terms of the current PACS issues and the NSS IT action plan and timescales. Recommendation The Board is asked to note the key issues, the NSS IT action plan and timescales. The action plan contains immediate short term activities to help address/alleviate the areas of risk identified by Audit Scotland and also a detailed options appraisal which will be presented to the relevant PACS, ehealth and Scottish Government governance groups to determine the best way forward for PACS in terms of Contract Re-Provisioning. The Board is asked to make comment on any additional actions that NSS IT should be taking. Timing The detailed options paper will be presented to the PACS Programme Board on 27 July and the ehealth Leads Group on 7 August with a view to creating an Outline Business Case and submitting for approval in September Irrespective of the Contract Reprovisioning option chosen, there has to be a technology refresh of the central hardware and an upgrade of the central software from v to v which could take upto12 months. The central hardware goes out of support variously between April 2018 and September Background During 2016 the PACS Programme Team/Programme Board embarked on the initial planning activities relating to a Re-Provisioning of the PACS IT Services used in NHSScotland because the Carestream contract is due to expire on 30 Jan In November 2016, operational responsibility for PACS was moved to CVSMT within NSS IT and the NSS IT Operations Director (J.Hall) initiated a technical assurance review of PACS. A number of technical, service delivery/performance, contractual and financial concerns relating to the existing PACS Service were identified. The High Level Options were presented to the ehealth Leads Group on 5th June and agreement was given to proceed to a Detailed Options Appraisal. Additionally, Audit Scotland outlined a number of PACS findings at the May NSS Audit and Risk Committee Meeting and they have incorporated a PACS Risk into their Draft Annual Audit Report to NSS. A Management Response has been provided which reflects the actions contained in PACS Update Report. Engagement Briefing provided to the NSS Chief Executive following the May NSS ARC Meeting. The Clinical Governance Committee (12 June) engaged in terms of Corporate Risk IT 4303 which relates to the possible unavailability of some PACS images in a disaster situation and possible permanent loss of images. Name of the Author: Andy Robertson Designation: Director of IT Tel: andy.robertson@nhs.net
2 PACS Update for NSS Executive Board June 29 th 2017 Version 1.0 (Issued) 1. Purpose The purpose of this brief paper is to update the NSS Executive Board on the current Picture Archiving and Communications System (PACS) issues, outline the NSS IT Action Plan and provide an update on the PACS Options Appraisal work. 2. Situation During 2016 the PACS Programme Team/Programme Board embarked on the initial activities relating to a Re- Provisioning of the PACS IT Services used in NHSScotland. A PIN, Procurement Strategy and Draft Initial Agreement were all produced based on the best information available at the time. Work currently on Hold. In November 2016, operational responsibility for PACS was moved to CVSMT within NSS IT with the purpose of bringing contract and service management activities under one organisational team to share best practice. Additionally, the NSS IT Operations Director (J.Hall) initiated a technical assurance review of PACS. This review and CVSMT due diligence activity identified a number of technical, service delivery/performance, contractual and financial concerns relating to the existing PACS Service that need to be taken into account when deciding the best way forward for PACS. At the 24 th April 2017 ehealth Leads Planning Session, J.Hall explained the need to carry out an urgent Options Appraisal which would take into account the potential solutions to address some of the short term issues as well as the Re-Provisioning considerations. The High Level Options were presented to the ehealth Leads Group on 5 th June (See Appendix 1) and there was agreement to proceed to a Detailed Options Appraisal to be completed by the end of July Audit Scotland outlined a number of PACS findings at the May NSS Audit and Risk Committee Meeting and they have incorporated a PACS Risk into their Draft Annual Audit Report to NSS. A Management Response has been provided which reflects the actions contained in this document. 3. Background 3.1 Contractual arrangements There are two contracts that relate to the PACS Service: Carestream provide the Managed Technical Service (MTS) for the application used at both national archive and local implementation levels the contract end date for the entire contract is January Atos as an additional Managed Technical Service (MTS) under the National IT Services Contract, host and manage the hardware, storage and backup for the National PACS archive the hardware for the Atos MTS goes out of support variously between April 2018 and September The Atos Contract itself ends on 31 March Current Solution Architecture: There are several components to the overall solution for acute hospitals, namely those components that are located within local Health Boards (31 local implementations) and the Central Archive component set (See Figure 1 on next page) It should be noted that all of the hardware (servers and disk arrays) for both the Local Health Board implementations and the Central Archive components was purchased in Local Health Board Components To operate effectively in real time a local PACS system, incorporating local storage, is required for each Health Board location where images are collected or reported. PACS Update for NSS Executive Board June J.Hall, G.Sommerville, K.Triner
3 SCOTTISH WIDE AREA NETWORK Figure 1 Current PACS Storage Model 2017 PULSANT Backup Site Data Centre 2 (31 SITES) Local Pacs sites have 24 months storage. 1 or 2 sites have less than 12 months due to local practice. 1 copy of Image/site Second Site (Backup) Partial DR site of 6 months rolling image data. Full copy of Global Worklist/Index which is synchronised with the Primary Site. Everything is copied to tape. No compression at the backup site. Data Centre 1 Note: Reviewed and agreed with radiology clinical lead, Clinical Advisory Group and CCLG Primary Site Full copy of all data captured at the Local Sites and is a DR site for all 31 local implementations. Global Worklist/Index keeps a record of the originating storage devices inthe hospitals. Data is compressed. Local Health Board Components (continued): Within Health Boards there are 31 local implementations of the PACS system. In each local implementation there are 2 sets of servers and RAID disk arrays. This means that there is one copy of each image within each Health Board implementation. The local disk arrays (in the 31 x implementations) theoretically should store 2 years worth of images for each site but in practice they store (on average across Scotland) about months of images. Local copying and viewing behaviour can vary this storage due to custom and practice in each Health Board between radiologists. The Health Board implementations are located in local Data Centres to various standards on Health Service property. Hardware is fully managed by Dacoll (on behalf of Carestream) with the application layers managed by Carestream. Additionally, there are about 350 physical reporting devices in Radiology across Scotland, on which the images taken in the X-Ray departments and other locations are reported. Carestream currently provide hardware support for all of the 350 devices (via Dacoll) but some Health Boards are now seeking to provide support for these local devices themselves (to save money). The Carestream PACS client reaches a further estimated 15,000 devices in wards and clinics which are used mainly for viewing and some of these will be used for diagnosis and reporting (eg.ultrasound and orthopaedic work). These are supported wholly by Health Board IT and are not under the Carestream contract Central Archive Components: The Primary site of the Central Archive is a Disaster Recovery site for all of the 31 x local implementations. The Primary site is located in the Atos Data Centre at Appleton Parkway, Livingston and the Secondary site is in an Atos controlled part of the Pulsant Data Centre at the Gyle. In the Primary Site, the data is largely in synch with the local sites but can be several minutes out of date for reasons of transmission between the local implementations and the Central Archive. There is also a Global Work List (Meta Data) which keeps a record of the originating storage PACS Update for NSS Executive Board June J.Hall, G.Sommerville, K.Triner
4 device in the hospitals. If the Primary site was ever to go down, then a Local Site can access the copy of the Global Work List from the secondary site, find the originating location for an image and retrieve it from the Local site storage for viewing in another Health Board site. This function is limited to the number of months images stored at a Local Site. Current data volume of images is nearly 1 Petabyte, this being all of the data transferred from V10 of the software from 2006 onto V11 and the data accumulated on V11 since July It should be noted that each generation of MIR and other imaging devices take more dices and slices of patients and the use of these devices, along with the single image devices is growing significantly on an annual basis. The 1 Petabyte of data is only going to increase in the years to come as devices are run 24 x 7 and imaging becomes more sophisticated. The Secondary Central Archive site for V11 was built as a partial replica of the Primary Central Archive site. It holds 6 months of pixel (image) data copied across from the Primary site plus the data that has not yet been copied to tape. In addition there is a Global Work List (Meta Data) which is synchronised with the GWL held in the Primary Central Archive. The Secondary Central Archive is both a limited pixel DR site for the Primary site and a staging area for the transfer of the Central Archive data onto tape. This decision was taken to save money. The previous version of the system implementation (V10) used the Secondary site as a full replica of the Primary site. In practice, however, the Secondary site does not hold the most recent six months worth of pixel data. The transfer of data from this site to tape has been affected by various technical factors since its inception in July 2015 and these are attributable to both suppliers. 4. Summary of Key Issues/Risks 4.1. Contract and Service Management Carestream Service Management support has been mixed over the years and this has recently resulted in a number of incidents that have affected both patient care and the effectiveness of the overall PACS service. In addition, the Contract with Carestream does not contain significant provisions around performance management. There is a need to review the approaches to contract and service management with Carestream, clarify all contractor responsibilities and incentivise performance where possible Historical decisions about different aspects of the PACS service (contract extension vs hardware purchased date/supportability duration) have been made on a compartmentalised basis without fully understanding the knock on impact to other areas of the service; For example, the contract was extended from Jan 17 to Jan 2020 without taking cognisance of H/W coming out of support in At the time of writing this document it is not yet clear how the budget for the work outlined below will be financed. However, avenues for funding and profiling are being explored National Archive Storage There is no provision for full replication of images held on the PACS Central Archive (the normally preferred method for assuring data availability for critical clinical systems under the National IT Services Contract) the Central Archive is, in essence, a single national disk based data store for all patient images with a combination of disk and tape at the second site. Given the fact that the tape solution is way behind where it should have been in terms of backup then this represents an effective single point of failure if the Primary Site was lost then went off-line there would be no immediate access to images that are only stored on the national archive and if it failed then there would be no practical way to build the Primary Site from an incomplete tape library. Even if this tape library was up-to-date it would take a prohibitive amount of time to restore all of the images from tape therefore the whole system would have failed There is no contractual provision with Atos for periodic technical refresh of the Central Archive hardware (either Servers or Disk Arrays) and all of this hardware is nearing the end of its practical support life. The hardware goes out of support variously between April 2018 and September PACS Update for NSS Executive Board June J.Hall, G.Sommerville, K.Triner
5 The tape backup solution has not operated correctly since its inception in July 2015 and there is backlog of images which have not been copied to tape. Indeed, it is understood the tape backup arrangements for V10 did not operate properly either The version of the PACS software currently used throughout Scotland (V on the Central Archive and at the Health Boards) is reaching the end of its support life. Additionally the V software on the Central Archive is not stable and requires periodic software resets. Carestream only support one other Central Archive site on earth at V and this is currently being moved to V12 of their software (reported expected completion date December 2017). Consequently, Carestream recommend that NHS Scotland move onto V for the Central Archive (64 bit version of their software that can use more powerful hardware). This is a non trivial task and would take a minimum of 9 months to upgrade the Central Archive. In addition, this would require the local sites to transfer to V to enable them to be used in the same configuration. This latter change is a relatively easy software upgrade that could be undertaken in a few hours per site Local Site Storage A small number of the Local Site Stores at territorial boards no longer have the capacity to meet the requirement of storing months of local activity. As a minimum, each local cache should be able to store all images taken, or referred to, during the last 12 months. A varying number (between 1 and 2) of these 31 local stores do not meet this minimum requirement (some of these can only store 9 to 12 months worth of local activity which increases the reliance upon, and use of, the national archive for access to current patient activity).local copying and viewing behaviours can vary this storage and this is due to custom and practice. Growing workloads and advances in technology in image capture since the contract was set in 2005 have also exacerbated this situation. This is a Health Board risk There is currently no planned technical refresh of the local systems, which also continue to operate using V11 of the PACS software (local PACS systems must operate on a compatible version to the Central Archive). This is a Health Board risk which has been mitigated in part by extending the support SLA with Carestream to January The intention was to sweat the assets towards the end of the contract in January If the Carestream contract is extended further then this risk will need to be revisited by the Boards and technical refresh will need to be re-considered. 5. Action Plan A key timeline driver is the need to have technology refresh and support arrangements agreed before the current hardware support arrangements for the national archive end (variously between April 2018 September 2018) or as soon after these dates as practically possible. NSS IT has created the following action plan which will be progressed over the next three months Agree a joint plan (NSS/Carestream/Atos) to address the tape backup issue End of June KPMG audit of PACS IT Resilience and PACS IT Disaster Recovery June Identify the end-to-end storage position (Central Archive and Local Implementations) and highlight any risks to PACS Governance Groups/Health Boards End of July Review the approach to contract and service management with Carestream with a view to clarifying all contractor responsibilities and incentivising performance where possible. This work will include a Scott Moncrieff audit of Carestream Change and Release Management September 2017 PACS Update for NSS Executive Board June J.Hall, G.Sommerville, K.Triner
6 5.5. Produce a Detailed Options Appraisal to determine the way forward for PACS End of July 2017 followed by an Outline Business Case September 2017 (See Appendix 1 for a summary of the High Level Options). Appendix 1 PACS Options Appraisal Update A high level options appraisal relating to the PACS Way Forward and PACS Re-Provisioning was completed at the beginning of June and the recommended next steps agreed by the ehealth Leads Group on 5 th June Key Messages Existing contractual arrangements expire in January 2020 (Carestream) and March 2022 (MTS for the National Archive through Atos extendable to 2026) The NSS IT technical assurance review of PACS (Nov-March) identified a number of technical, service delivery, contractual and financial concerns/issues Eg. Support for the central hardware purchased in 2012 (servers and 1 PB storage)expires between April & September 2018; Historical decisions about different aspects of the PACS service (contract extension vs hardware purchased date/supportability duration) have been made on a compartmentalised basis without fully understanding the knock on impact to other areas of the service; There are two important activities that have to take place no matter which Re-Provisioning Option is chosen. These are: I. Carry out a technical refresh of the National Archive equipment II. Improve the Contract and Service Management arrangements. There are 3 main procurement options, each with 3 different service delivery sub-options. 1)Single Supplier Extension of Carestream Contract for 1 to 3 years and then Re-Procure a Full PACS Service (OJEU) 2)Re-Procure Full PACS Service )OJEU) 3)Include PACS Service into National IT Services Contract with Atos plus A)Existing MTS Service Delivery Model o PACS Service Provider at Local Sites o Atos Data Centre for both Central Sites B)Change the MTS Service Delivery Model o PACS Service Provider at Local Sites o Atos Data Centre for 1 Central Site o PACS Service Provider for 1 Central Site C)Change the MTS Service Delivery Model o PACS Service Provider at Local Sites o PACS Service Provider for both Central Sites Next Steps and Current Timetable The following next steps have been agreed by the ehealth Leads Group. 1 Carry out a Full Options Appraisal Target Date: End of July 2017 a. Review with PACS Programme Board 27 July b. Review with ehealth Leads 7 th August 2 Produce an Outline Business Case Target Date: September 2017 a. Review with PACS Programme Board b. Review with ehealth Leads 4 th September c. Agree with ehealth Delivery Board (replacement for ehealth Strategy Board) in September. PACS Update for NSS Executive Board June J.Hall, G.Sommerville, K.Triner
7 NB. Irrespective of which re-procurement option is chosen the technical refresh of the central hardware and the upgrade from v to v of the central software is required. PACS Update for NSS Executive Board June J.Hall, G.Sommerville, K.Triner
8 Picture Archiving and Communications System (PACS) Update Andy Robertson NSS IT Director NSS Executive Board 29 June 2017 Version 1.0 (Issued)
9 PACS overview Ongoing business requirements/ current issues, risks, activities Business Strategy Local PACS BAU service management Farr Institute Image repository National archive resilience/ DR Cross border reporting capability Pathology Images system PACS contract reprocurement National Archive BAU service management Adverse event lessons learned Technical refresh Radiology BI/ analytics Extended clinical use other specialties RIS contracts renewal Digital mammography Supplier practices, controls, etc Multiple supplier/ no lead supplier Enhanced Voice reporting capability Data migration challenges Cloud storage/ VNA Technical Strategy Options Assessment criteria Governance Structure and Decisions Contractual mechanism Funding allocation Roadmap Delivery
10 SCOTTISH WIDE AREA NETWORK Current PACS Storage Model 2017 PULSANT Backup Site Data Centre 2 (31 SITES) Local Pacs sites have 24 months storage. 1 or 2 sites have less than 12 months due to local practice. 1 copy of Image/site Second Site (Backup) Partial DR site of 6 months rolling image data. Full copy of Global Worklist/Index which is synchronised with the Primary Site. Everything is copied to tape. No compression at the backup site. Data Centre 1 Note: Reviewed and agreed with radiology clinical lead, Clinical Advisory Group and CCLG Primary Site Full copy of all data captured at the Local Sites and is a DR site for all 31 local implementations. Global Worklist/Index keeps a record of the originating storage devices in the hospitals. Data is compressed.
11 Key Issues & Risks No provision for full replication of images held on the PACS Central Archive No contractual provision for periodic technical refresh of the PACS National Archive storage and the hardware is nearing the end of its practical support life The PACS National Archive software has reached the end of its support lifecycle and a significant upgrade has been recommended In the absence of full replication of images there is a solution in place to incrementally archive images to tape but this is not currently operating properly A small number of the Local Site Stores at territorial boards no longer have the capacity to meet the requirement of storing months of local activity Carestream Service Management support has been mixed over the years and recently resulted in a number of incidents that affected patient care. In addition, the Contract does not contain significant provisions around performance management. Full budget provision to over the anticipated cost of addressing these issues has still to be agreed. Audit Scotland Risk (Extract from Appendix 1, Draft Annual Report) If the PACS national archive fails, patient image records may be lost. Audit Scotland Recommendation (Extract from Appendix 1, Draft Annual Report) The Board should ensure that robust arrangements are in place to ensure business continuity and system resilience for PACS.
12 Action Plan 1. Agree a joint plan (NSS/Carestream/Atos) to address tape backup issue June KPMG audit of PACS IT Resilience and PACS IT Disaster Recovery June Identify the end-to-end storage position (Central Archive and Local Implementations)and highlight any risks to PACS Governance Groups/Health Boards July Review the approach to contract and service management with Carestream. Work to include a Scott Moncrieff audit of Carestream Change and Release Management September Produce a Detailed Options Appraisal to determine the way forward for PACS End of July 2017 followed by an Outline Business Case September 2017.
13 Background Slides
14 PACS Background Carestream PACS contract initially 10 years from 31/1/07 and recently extended to 30 January Access Agreements entered into between all Territorial Health Boards, the Golden Jubilee National Hospital and Carestream. All end simultaneously at the end of the PACS Contract on 30 January ATOS provide storage, infrastructure and hardware in the data centres. This contract has been extended to 2022 RIS is provided by either Carestream, HSS or TRAKCARE NHSS has 15 RIS systems across Scotland and the contracts are at Health Board level. PACS is a local install on 31 hospital sites and 2 central data centres (1 primary the other partial backup and tape), PACS/RIS integrate on 350 diagnostic workstations around the country and on around 15,000 PCs and tablets across wards in all acute hospitals, PACS currently has an archive of 28m studies nationally and 3.2m studies are added every year, During the working week 15k studies are produced and ingested per day, There are 23k registered clinical users, NHSS recently finished a full refresh and version upgrade to PACS V11 this took 2.5 years.
15 PACS Governance NHS Board Internal Goverance Chief Executive Group Clinical Change Leadership Group Scottish Government Health Directorate Board ehealth Oversight Group ehealth Leads ( NHS Board ) ehealth Delivery Board Board and Consortium Programme and Project Boards Portfolio Management Groups Existing Systems NO LONGER EXISTS National Systems Programme and Project Boards PACS Programme Board (Chair Dr Hamish McRitchie) Focus on Strategy and Direction of travel since March 2016 SLA/Performance Management PACS User Group PACS Clinical Advisory Group RIS User Group Group
16 PACS NSS IT Corporate Risk IT 4303 Risk Description: There is a risk that due to PACS Backups not working at sufficient speed - backlog approximately 12 months and growing. Some PACS images >12 months old will soon exist only at ATOS Livingston, after deletion at local health board. For around 1m studies there is only one copy. The risk detailed above could result in possible unavailability of some PACS images in a disaster situation, possible permanent loss of images. Current Status: Original risk raised in quarter /17 as a red risk and categorised as Clinical (secondary-business). Lorna Ramsay (NSS IT Medical Director) presented an SBAR relating to the above risk to the NSS Clinical Governance Committee on 12th June 2017 The recommendation was to change the categorisation and reduce the risk scoring as NSS does not itself use PACS to deliver its services. The clinical risk resides with the Boards. Primary category changed to Business, Secondary category to Reputational and scoring reduced to amber (12). CVSMT were asked to liaise with CLO to obtain clarification on NSS s position/liability should images become unavailable or permanently lost. The advice is summarised below: Reputation Issue if any central archive images become unavailable or permanently lost Data Protection Issue if a loss of data causes a breach of data protection which could expose NSS to a fine imposed by the Information Commissioner (currently limited to 500k but could increase). NSS may be in a position to back off any financial liability it may incur as a result of loss of data. NSS could have a potential claim against Carestream and/or Atos if NSS could establish that the relevant party was in breach of an obligation under its contract and it was this failure which resulted in loss/liability being incurred by NSS. Medical Negligence risk where loss of data is a contributing factor in a medical negligence claim. This is an NHS risk rather than a specific NSS risk.
NHS Fife. 2015/16 Audit Computer Service Review Follow Up
NHS Fife 2015/16 Audit Computer Service Review Follow Up Prepared for NHS Fife April 2016 Audit Scotland is a statutory body set up in April 2000 under the Public Finance and Accountability (Scotland)
More informationThe ehealth Annual Report aims to highlight the activities within the teams that make up the ehealth Department.
Board paper 18/41 THE STATE HOSPITALS BOARD FOR SCOTLAND Date of Meeting: 28 June 2018 Agenda Reference: Item No: 21 Sponsoring Director: Author(s): Title of Report: Purpose of Report: Finance and Performance
More informationBirmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018
1.0 Executive Summary Birmingham Community Healthcare NHS Foundation Trust 2017/17 Data Security and Protection Requirements March 2018 The Trust has received a request from NHS Improvement (NHSI) to self-assess
More informationInformation backup - diagnostic review Abertawe Bro Morgannwg University Health Board. Issued: September 2013 Document reference: 495A2013
Information backup - diagnostic review Abertawe Bro Morgannwg University Health Board Issued: September 2013 Document reference: 495A2013 Status of report This document has been prepared for the internal
More informationNHS Scotland Cyber Attack: NSS Evidence to Scottish Parliament Health & Sport Committee (Jun 17)
B/17/74 NSS Formal Board Meeting Thursday, 29 June 2017 NHS Scotland Cyber Attack: NSS Evidence to Scottish Parliament Health & Sport Committee (Jun 17) Purpose The Board is asked to review and consider
More informationREPORT 2015/149 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/149 Audit of the information and communications technology operations in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results
More informationGP IT Re-Provisioning Update (February 2017)
GP IT Re-Provisioning Update (February 2017) Background The current GP IT Framework Agreements with EMIS and INPS commenced on 1 March 2010 Each Call-Off contract exists for seven years from the date it
More informationGoverning Body 313th Session, Geneva, March 2012
INTERNATIONAL LABOUR OFFICE Governing Body 313th Session, Geneva, 15 30 March 2012 Programme, Financial and Administrative Section PFA FOR INFORMATION Information and communications technology questions
More informationJUSTICE SUB-COMMITTEE ON POLICING AGENDA. 2nd Meeting, 2014 (Session 4) Thursday 20 February 2014
JSP/S4/14/2/A JUSTICE SUB-COMMITTEE ON POLICING AGENDA 2nd Meeting, 2014 (Session 4) Thursday 20 February 2014 The Sub-Committee will meet at 1.00 pm in Committee Room 6. 1. Decision on taking business
More informationPolicy. Business Resilience MB2010.P.119
MB.P.119 Business Resilience Policy This policy been prepared by the Bi-Cameral Business Risk and Resilience Group and endorsed by the Management Boards of both Houses. It is effective from December to
More informationSEC Appendix AG. Deleted: 0. Draft Version AG 1.1. Appendix AG. Incident Management Policy
Draft Version AG 1.1 Deleted: 0 Appendix AG Incident Management Policy 1 Definitions In this document, except where the context otherwise requires: Expressions defined in section A of the Code (Definitions
More informationAUDIT OF ICT STRATEGY IMPLEMENTATION
APPENDIX A 2 1. Background AUDIT OF ICT STRATEGY IMPLEMENTATION 1.1. This report summarises the findings from the audit of ICT Strategy Implementation. This was a planned audit assignment which was undertaken
More informationIT Progress Report. Presented by: Owen Brady Director of Information Technology. Board. 19 th March 2015
Item 6 IT Progress Report Presented by: Owen Brady Director of Information Technology Board 19 th March 2015 Action for Board: For information For consideration For decision Table of Contents 1. Executive
More informationINFORMATION TECHNOLOGY SECURITY POLICY
INFORMATION TECHNOLOGY SECURITY POLICY Author Responsible Director Approved By Data Approved September 15 Date for Review November 17 Version 2.3 Replaces version 2.2 Mike Dench, IT Security Manager Robin
More informationMemorandum of Understanding between the Central LHIN and the Toronto Central LHIN to establish a Joint ehealth Program
Memorandum of Understanding between the Central LHIN and the Toronto Central LHIN to establish a Joint ehealth Program Purpose This Memorandum of Understanding (MOU) defines the terms of a joint ehealth
More informationService Improvement Review of Guarding:
Appendix 1 Service Improvement Review of Guarding: Management Summary August 2005 Not Protectively Marked Protective Marking Not Protectively Marked Publication Scheme Y/N Title N SIR - PO4/251b Version
More informationReport by Iain Ross, Head of ehealth on behalf of Deborah Jones, Director of Strategic Commissioning, Planning and Performance
ehealth UPDATE NHS Highland Board 30 May 2017 Item 4.9 Report by Iain Ross, Head of ehealth on behalf of Deborah Jones, Director of Strategic Commissioning, Planning and Performance The Board is asked
More informationAneurin Bevan Health Board
Aneurin Bevan Health Board Information Governance Committee Minutes of the meeting held on 10 February 2010, 2pm, in the Small Boardroom, Mamhilad House Present: Prof Janet Wademan - Independent Member
More informationNottinghamshire Office of the Police & Crime Commissioner & Nottinghamshire Chief Constable
Nottinghamshire Office of the Police & Crime Commissioner & Nottinghamshire Chief Constable Internal Audit Progress Report Audit Committee meeting: December 2014 Nottinghamshire Office of the Police &
More informationHow we do ehealth in NHS Scotland
Implementing strategies & infrastructures for ehealth or How we do ehealth in NHS Scotland Julie Falconer NHS for Scotland s 5.2m people NHS devolved to Scottish parliament Scottish Government Health &
More informationAGENDA ITEM: 3.4 DATE OF MEETING: 3 MAY 2018 INFORMATION MANAGEMENT, TECHNOLOGY & GOVERNANCE COMMITTEE
AGENDA ITEM: 3.4 INFORMATION MANAGEMENT, TECHNOLOGY & GOVERNANCE COMMITTEE DATE OF MEETING: 3 MAY 2018 Subject: Approved and Presented by: Prepared by: Other Committees and meetings considered at: Considered
More informationCouncil, 26 March Information Technology Report. Executive summary and recommendations. Introduction
Council, 26 March 2014 Information Technology Report Executive summary and recommendations Introduction This report sets out the main activities of the Information Technology Department since the last
More informationSTAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:
STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security
More informationREPORT 2015/010 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/010 Audit of information and communications technology strategic planning, governance and management in the Investment Management Division of the United Nations Joint
More informationNHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy
NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification
More informationFigure 1: Summary Status of Actions Recommended in June 2016 Committee Report. Status of Actions Recommended # of Actions Recommended
Chapter 3 Section 3.05 Metrolinx Regional Transportation Planning Standing Committee on Public Accounts Follow-Up on Section 4.08, 2014 Annual Report In November 2015, the Standing Committee on Public
More informationElectronic Service Provider Standard
Electronic Service Provider Standard Version: 1.6 Document ID: 3538 Copyright Notice Copyright 2018, ehealth Ontario All rights reserved No part of this document may be reproduced in any form, including
More informationINFORMATION GOVERNANCE. Caldicott Approval Procedure
NHS TAYSIDE INFORMATION GOVERNANCE Caldicott Approval Procedure Author: Peter McKenzie Review Group: Information Governance Group Review Date: September 2010 Last Update: September 2009 Document : NHST-ISC-CAP
More informationRegistration Data Incident Management Policy
Registration Data Incident Management Policy Author: DCC Operational Policy Draft Version 1 Date: 1 st May 2014 Page 1 of 23 Contents 1 Document History 4 1.1 Document Location 4 1.2 Review Dates 4 1.3
More informationRegulating Cyber: the UK s plans for the NIS Directive
Regulating Cyber: the UK s plans for the NIS Directive September 2017 If you are a digital service provider or operate an essential service then new security and breach notification obligations may soon
More information12 Approval of a New PRESTO Agreement Between York Region and Metrolinx
Clause 12 in Report No. 7 of Committee of the Whole was adopted, without amendment, by the Council of The Regional Municipality of York at its meeting held on April 20, 2017. 12 Approval of a New PRESTO
More informationGigabit West Sussex. Report to Cabinet. Executive Summary. Recommendations. Reasons for Recommendations. Background Papers
Report to Cabinet 21 st September 2017 By the Cabinet Member for Finance & Assets DECISION REQUIRED Not Exempt Gigabit West Sussex Executive Summary This report explains the reasons why the Council should
More informationThe Project Charter. Date of Issue Author Description. Revision Number. Version 0.9 October 27 th, 2014 Moe Yousof Initial Draft
The Project Charter Project Title: VDI Data Center Design and Build Project Sponsor: South Alberta Data Centers Inc. (SADC Inc.) Project Customer: The City of Calgary Project Manager: Moe Yousof Document
More informationSUBJECT: PRESTO operating agreement renewal update. Committee of the Whole. Transit Department. Recommendation: Purpose: Page 1 of Report TR-01-17
Page 1 of Report TR-01-17 SUBJECT: PRESTO operating agreement renewal update TO: FROM: Committee of the Whole Transit Department Report Number: TR-01-17 Wards Affected: All File Numbers: 465-12, 770-11
More informationChapter 35 ehealth Saskatchewan Sharing Patient Data 1.0 MAIN POINTS
ehealth Saskatchewan Sharing Patient Data 1.0 MAIN POINTS Since 1997, Saskatchewan has been developing a provincial electronic health records system for patients (called the provincial EHR) to allow for
More informationBoard Assurance Framework and Corporate Risk Register Report
Trust Board Meeting in Public: Wednesday 9 th November 20 Title Board Assurance Framework and Corporate Risk Register Report Status History For discussion The full BAF and CRR was reported to the: Audit
More informationWye Valley NHS Trust. Data protection audit report. Executive summary June 2017
Wye Valley NHS Trust Data protection audit report Executive summary June 2017 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act
More informationTo be an active partner, always ready to improve by working with others
Title of Report: Prepared By: Sponsor: Action Required: Statement of Assurance/Readiness Preparedness to Major Incidents Ben Cockerill, Emergency Planning Officer Kevin O Leary, Deputy Director of Operations
More informationManagement s Response to the Auditor General s Review of Management and Oversight of the Integrated Business Management System (IBMS)
APPENDI 2 ommendation () () 1. The City Manager in consultation with the Chief Information Officer give consideration to the establishment of an IBMS governance model which provides for senior management
More informationSALISBURY NHS FOUNDATION TRUST. TITLE - Information Strategy Annual Review
SALISBURY NHS FOUNDATION TRUST PAPER - SFT 1931 TITLE - Information Strategy 2007 2010 Annual Review PURPOSE OF PAPER To inform the Board as to progress made within the Information Systems Strategy during
More informationNATIONAL INFRASTRUCTURE COMMISSION CORPORATE PLAN TO
NATIONAL INFRASTRUCTURE COMMISSION CORPORATE PLAN 2017-18 TO 2019-20 CONTENTS Introduction 3 Review of period from October 2015 to end 2016 3 Corporate Governance 4 Objectives and Business Activity Plan
More informationBusiness Continuity Policy
Business Continuity Policy Version Number: 3.6 Page 1 of 14 Business Continuity Policy First published: 07-01-2014 Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/2014
More informationPublic Safety Canada. Audit of the Business Continuity Planning Program
Public Safety Canada Audit of the Business Continuity Planning Program October 2016 Her Majesty the Queen in Right of Canada, 2016 Cat: PS4-208/2016E-PDF ISBN: 978-0-660-06766-7 This material may be freely
More informationAudit & Advisory Services. IT Disaster Recovery Audit 2015 Report Date January 28, 2015
Audit & Advisory Services IT Disaster Recovery Audit 2015 Report Date January 28, 2015 Audit & Advisory Services Mission and Function The JCCC Audit & Advisory Services department provides an independent
More informationDFARS Cyber Rule Considerations For Contractors In 2018
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com DFARS Cyber Rule Considerations For Contractors
More informationCouncil, 8 February 2017 Information Technology Report Executive summary and recommendations
Council, 8 February 2017 Information Technology Report Executive summary and recommendations Introduction This report provides the Council with an update into the work of the Information Technology Directorate
More informationCHAIR AND MEMBERS CIVIC WORKS COMMITTEE MEETING ON NOVEMBER 29, 2016
TO: FROM: SUBJECT: CHAIR AND MEMBERS CIVIC WORKS COMMITTEE MEETING ON NOVEMBER 29, 2016 KELLY SCHERR, P.ENG., MBA, FEC MANAGING DIRECTOR ENVIRONMENTAL & ENGINEERING SERVICES AND CITY ENGINEER SHIFT RAPID
More informationCyber security. Strategic delivery: Setting standards Increasing and. Details: Output:
Cyber security Strategic delivery: Setting standards Increasing and informing choice Demonstrating efficiency economy and value Details: Meeting Audit and Governance Committee Agenda item 8 Paper number
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Colin Sloey Implementation Date: September 2010 Version Number:
More informationEHR SECURITY POLICIES & SECURITY SITE ASSESSMENT OVERVIEW WEBINAR. For Viewer Sites
EHR SECURITY POLICIES & SECURITY SITE ASSESSMENT OVERVIEW WEBINAR For Viewer Sites Agenda 1 Introduction and EHR Security Policies Background 2 EHR Security Policy Overview 3 EHR Security Policy Assessment
More informationAudit Report. The Prince s Trust. 27 September 2017
Audit Report The Prince s Trust 27 September 2017 Contents 1 Background 1 1.1 Scope 1 1.2 Audit Report and Action Plan Timescales 2 1.3 Summary of Audit Issues and Recommendations 3 1.4 Risk Rating of
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project / Work Data Sharing Audits Status Final Acting Director Chris Roebuck Version 1.0 Owner Rob Shaw Version issue date 19-Jan-2015 HSCIC Audit of
More informationManager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre
IDENTIFICATION Department Position Title Infrastructure Manager, Infrastructure Services Position Number Community Division/Region 32-11488 Yellowknife Technology Service Centre PURPOSE OF THE POSITION
More informationReviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.
Assistant Deputy Minister (Review Services) Reviewed by in accordance with the Access to Information Act. Information UNCLASSIFIED. Security Audits: Management Action Plan Follow-up December 2015 1850-3-003
More informationIBM Emptoris Managed Cloud Delivery
Service Description IBM Emptoris Managed Cloud Delivery This Service Description describes the Cloud Service IBM provides to Client. Client means the company and its authorized users and recipients of
More informationECS, epcs and KIS Newsletter March 2012
ECS, epcs and KIS Newsletter March 2012 Work continues to develop the Emergency Care Summary to extend access for medicines reconciliation in hospitals. Improvements to the GP interface of epcs will be
More informationCommissioning Digital Services for General Practice: GP IT Operating Arrangements, including addendum to the 2016/18 Operating Model
Commissioning Digital Services for General Practice: GP IT Operating Arrangements, including addendum to the 2016/18 Operating Model Sue Cooke, Senior DPC (GP IT) Programme Lead, NHS England Nikki Hinchley,
More informationOperational Services Procurement. Vendor Engagement Event 28 th March 2018
Operational Services Procurement Vendor Engagement Event 28 th March 2018 Agenda Introductions from the Chair Alt HAN Company Technology Services Update Operational Services Procurement Process Scope and
More informationBusiness Continuity and Disaster Recovery
Business Continuity and Disaster Recovery Index Section Title 1. Executive Summary 2. Policy Statement 3. Strategy 4. Governance 5. Key Documentation 6. Testing 1 Executive Summary Business Continuity
More informationCABINET PLANNING SYSTEM PROCUREMENT
Report No: 163/2017 PUBLIC REPORT CABINET 19 September 2017 PLANNING SYSTEM PROCUREMENT Report of the Director for Places (Development & Economy) Strategic Aim: Sustainable Growth Key Decision: Yes Exempt
More informationAndrew Durant/Ellen Sullivan
AGENDA ITEM: 3.5 INFORMATION MANAGEMENT, TECHNOLOGY AND GOVERNANCE COMMITTEE DATE OF MEETING: 2 OCTOBER 2018 Subject : Approved and Presented by: Prepared by: Other Committees and meetings considered at:
More informationData Encryption Policy
Data Encryption Policy Document Control Sheet Q Pulse Reference Number Version Number Document Author Lead Executive Director Sponsor Ratifying Committee POL-F-IMT-2 V02 Information Governance Manager
More informationGroton Data Center Migration Project
Groton Data Center Migration Project Category Enterprise IT Management Initiatives State Connecticut Contact Mark Raymond, Chief Information Officer mark.raymond@ct.gov Project May 2014 Initiation End
More informationREPORT 2015/186 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/186 Audit of information and communications technology operations in the Secretariat of the United Nations Joint Staff Pension Fund Overall results relating to the effective
More informationNORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives
NORTH CAROLINA MANAGING RISK IN THE INFORMATION TECHNOLOGY ENTERPRISE NC MRITE Nominating Category: Nominator: Ann V. Garrett Chief Security and Risk Officer State of North Carolina Office of Information
More informationProgramme Headlines. Project Headlines. Appendix - Watford 2020 Progress Update Report 8 November 2017
Completed by: Liam Hornsby Period from: 23 October 2017 Date completed: 6 November 2017 Period to: 6 November 2017 Current Programme Status Trend since last report Programme Headlines R R/A A/G G Worse
More informationDon t Be the Next Headline! PHI and Cyber Security in Outsourced Services.
Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. June 2017 Melanie Duerr Fazzi Associates Partner, Director of Coding Operations Jami Fisher Fazzi Associates Chief Information
More informationUse Of Mobile Communication Devices Within Healthcare Premises Policy
Use Of Mobile Communication Devices Within Healthcare Premises Policy Co-ordinator: Director of Facilities Reviewer: Working Group chaired by Director of Facilities Approver: GAPF Signature Signature Signature
More informationSCHEME OF DELEGATION (Based on the model produced to the National Governors Association)
SCHEME OF DELEGATION (Based on the model produced to the National Association) THE PURPOSE OF A SCHEME OF DELEGATION: A scheme of delegation (SoD) is the key document defining which functions have been
More informationN4 Design Options. Andy McAnaney DHID VDNS (Voice and Data Networks Services) Team
N4 Design Options N3-JANET gateway N3/N4 high level statements N4 Progress N4 - Achievements to date N4 Key Programme Milestones N4 Engagement Design diagrams Andy McAnaney DHID VDNS (Voice and Data Networks
More informationThe Defence Nuclear Enterprise: a landscape review
A picture of the National Audit Office logo Report by the Comptroller and Auditor General Ministry of Defence The Defence Nuclear Enterprise: a landscape review HC 1003 SESSION 2017 2019 22 MAY 2018 4
More informationAudit Report. Chartered Management Institute (CMI)
Audit Report Chartered Management Institute (CMI) 10 October 2012 Note Restricted or commercially sensitive information gathered during SQA Accreditation monitoring activities is treated in the strictest
More informationProcedure re-written. (i.e. All staff with responsibility for the creation, use and management of organisational responsibility)
Standard Operating Procedure Title of Standard Operation Procedure: Corporate Records Management Procedure Reference Number: ECT002863 Version No: 2.0 Supersedes Versions No: 0.1 Amendments Made: Procedure
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationProtecting information across government
Report by the Comptroller and Auditor General Cabinet Office Protecting information across government HC 625 SESSION 2016-17 14 SEPTEMBER 2016 4 Key facts Protecting information across government Key facts
More informationProvider Monitoring Report. City and Guilds
Provider Monitoring Report City and Guilds 22 May 2017 to 3 August 2017 Contents 1 Background 1 1.1 Scope 1 1.2 Provider Monitoring Report Timeline 2 1.3 Summary of Provider Monitoring Issues and Recommendations
More informationOCM ACADEMIC SERVICES PROJECT INITIATION DOCUMENT. Project Title: Online Coursework Management
OCM-12-025 ACADEMIC SERVICES PROJECT INITIATION DOCUMENT Project Title: Online Coursework Management Change Record Date Author Version Change Reference March 2012 Sue Milward v1 Initial draft April 2012
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationStopsley Community Primary School. Data Breach Policy
Stopsley Community Primary School Data Breach Policy Contents Page 1 Introduction... 3 2 Aims and objectives... 3 3 Policy Statement... 4 4 Definitions... 4 5 Training... 5 6 Identification... 5 7 Risk
More informationEX0-101_ITIL V3. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0. Exin EX0-101
EX0-101_ITIL V3 Number: 000-000 Passing Score: 800 Time Limit: 120 min File Version: 1.0 http://www.gratisexam.com/ Exin EX0-101 ITIL Foundation V 3.0 & ITIL Foundation Version: 8.0 Exin EX0-101 Exam Topic
More informationFinancial Planning Institute of Southern Africa SETTING THE STANDARD. Continuous Professional Development (Cpd) Policy
FPI FPI Financial Planning Institute of Southern Africa SETTING THE STANDARD Continuous Professional Development (Cpd) Policy Table of Contents Definitions 3-4 Introduction 4 Primary Responsibility 5 Mandatory
More informationMinistry of Government and Consumer Services. ServiceOntario. Figure 1: Summary Status of Actions Recommended in June 2016 Committee Report
Chapter 3 Section 3.06 Ministry of Government and Consumer Services ServiceOntario Standing Committee on Public Accounts Follow-Up on Section 4.09, 2015 Annual Report In March 2016, the Committee held
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationOrganization/Office: Secretariat of the United Nations System Chief Executives Board for Coordination (CEB)
United Nations Associate Experts Programme TERMS OF REFERENCE Associate Expert (JPO) INT-021-14-P014-01-V I. General Information Title: Associate Expert in Interagency Coordination / Special to the Director
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationMINIMUM SYSTEM SPECIFICATION (MSS)
MINIMUM SYSTEM SPECIFICATION (MSS) PROCESSES AND PROCEDURES FOR NHS WALES COMPLIANT SYSTEMS [Summary Document] MSS Scheme Development Processes and Procedures 1.0 PURPOSE This document describes the NHS
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationData Protection and GDPR
Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have
More informationIBM Emptoris Managed Cloud Delivery
Service Description IBM Emptoris Managed Cloud Delivery This Service Description describes the Cloud Service IBM provides to Client. Client means the company and its authorized users and recipients of
More informationApplication Decommissioning in Digital Transformation
Application Decommissioning in Digital Transformation Produced by In cooperation with MARCH 2018 CONTENTS Role of Application Decommissioning in Digital Transformation 3 What is application decommissioning?...
More informationAgenda. Bibliography
Humor 2 1 Agenda 3 Trusted Digital Repositories (TDR) definition Open Archival Information System (OAIS) its relevance to TDRs Requirements for a TDR Trustworthy Repositories Audit & Certification: Criteria
More informationEA-ISP Business Continuity Management and Planning Policy
Technology & Information Services EA-ISP-002 - Business Continuity Management and Planning Policy Owner: Adrian Hollister Author: Paul Ferrier Date: 06/03/2017 Document Security Level: PUBLIC Document
More informationFollow-up to Information Technology Security Audit
Follow-up to Information Technology Security Audit July 2004 Report Clearance Steps Follow-up process initiated September 2003 Report completed March 2004 Follow-up report approved by Departmental Audit
More informationZYNSTRA TECHNICAL BRIEFING NOTE
ZYNSTRA TECHNICAL BRIEFING NOTE Backup What is Backup? Backup is a service that forms an integral part of each Cloud Managed Server. Its purpose is to regularly store an additional copy of your data and
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationMotorola Mobility Binding Corporate Rules (BCRs)
Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,
More informationSOUTH AFRICAN LIBRARY FOR THE BLIND (SALB)
Name of Institution SOUTH AFRICAN LIBRARY FOR THE BLIND (SALB) Bid Number SALB 2019/01/01 A Description ICT Disaster Recovery and ICT Business Continuity Services to SALB Date Published 20/03/2019 Closing
More informationUse of Mobile Devices on Voice and Data Networks Policy
World Agroforestry Centre Policy Series MG/C/4/2012 Use of Mobile Devices on Voice and Data Networks Policy One of the policies on information security and business continuity which will be audited by
More informationGeneral Data Protection Regulation
General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced
More information