Information security & legislation compliance management review
The project issues
When the Data Protection Act 1984 was introduced Birmingham City Council (BCC) set up a corporate function in Central IT to fulfil statutory requirements. A network of contacts in departments who fulfilled a local data protection role assisted this. Typically this was an adjunct to their ‘proper’ job. This remained the case in 2003 despite the increase in legislation in the meantime.
There was no coherent approach to the internal lifecycle of setting standards; implementing them; policing / monitoring compliance, learning from them and enforcing / punishing non-compliance.
Gerry McMullan brought us in because he had identified the need to review this situation, prepare a business case /options appraisal for rationalisation and to produce an implementation plan, following audit reports and concerns raised.
The Socitm Consulting solution
We interviewed officers and users to assess the current level of understanding of the practical issues and the compliance requirements of DP, FOI and information security issues.
Our findings were used to influence the creation of a revised organisational structure looking at embedding an Information Governance framework for BCC to set it in good store for the challenges ahead in joining-up the various government initiatives including IEG, CPA requirements etc.
DP/FOI/RM and Information Security needed to be taken forward on the back of and embedded within the Corporate Governance framework. This would allow the emerging compliance and assurance process to be utilised effectively. This process was supported by the Council's Chief Executive who had written to all Chief Officers asking them to produce their assurance statements.
The benefits to the client
It is clear that there will be tangible benefits in key policy areas as a result of better information management throughout the Council. However, it will need to be appreciated that these will only be realised in time as the lifecycle of information management is improved.
The size of the organisation should not be a barrier to good practice.
Project identification
Client organisation: Birmingham City Council
Client contact: Gerry McMullan, Head of IT Strategy, 0121 303 4498, gerry_mcmullan@birmingham.gov.uk
Lead consultant: andrea.simmons@socitmconsulting.co.uk
Project no: 4335
Related items
You may also be interested in these items
- Information security gap analysis
- Mailshot 2009-12-18 - Security testing can find more than you expected
- Business continuity - putting information at the heart of the plan
- Managing information - your greatest asset
- ISO27001 scoping
- Information management
- The Civil Contingencies Act and how to respond to it
- Records Management strategy review
- Social Services system replacement and business process re-engineering
- Document management strategy
- Data Protection Act compliance programme
- Audit of PC disposal procedures
- Building Schools for the Future programme support
- Children’s services information sharing project management
- ICT security policy review