An often-overlooked requirement within today’s modern and complex organisations is the need to manage, compile and then subsequently access a large quantity of both physical and electronic documents. These could be legal papers, contracts, regulatory information, insurance policies and schedules etc.
How does your own organisation manage what can be a large quantity of disparate and widely distributed documents? Where are the documents? What are they and who is responsible for them?
As an existing user of the JCAD CORE system for risk and compliance, Tower Hamlets Council identified that with some additional configuration they could tailor a new database to fit their requirements for an information asset register. In 2016 Tower Hamlets began preparation for the General Data Protection Regulations (GDPR) and Data Protection Act 2018 which were to take effect from 25 May 2018. The council sought to automate the information asset risk assessment and develop a repository for associated documents. Following a demonstration of JCAD, a mock-up was designed to incorporate the fields from the existing information asset register with additional menus, text boxes and tasks required by GDPR. The Applications Team worked with the council to customise the register and by February 2018 this central repository was starting to be filled with all the necessary information regarding electronic and paper files that the council possessed, including data sharing agreements and privacy notices. Before using JCAD CORE the council had used spreadsheets to store this information however, there were issues with this approach;
- excel was cumbersome for updating
- version control was also problematic
- tracking changes was difficult and more importantly….
- the process was not auditable.
Making use of the existing CORE application has provided many benefits to the council, not least the fact it is from an existing trusted software provider, but also because many users already had exposure to the system for risk management and thus knew the interface. In addition, adding a new module to an existing system is far more cost effective than purchasing a new system entirely.
Other benefits include;
- Improved compliance
- GDPR and internal information governance policies
- The ability to prove that information is being processed in line with policies
- Reporting on whether tasks are completed or not encourages information owners and administrators to update the system and take ownership of their assets
- Organisation buy-in
- Asset owners are responsible for ensuring information is processed and stored in the correct way. The centralised system that is easy to update aids buy in from these individuals.
- Assign tasks, reminders set
- Tasks and reminders can be set to ensure that the targets are adhered to. This helps to ensure that Tower Hamlets always remain compliant.
The centralised system ensures that the council is processing data in accordance with GDPR and their internal information governance policies. In addition to a risk assessment, the register holds details about the assets’ retention periods, conditions for processing personal/sensitive data, user access and sharing/interfaces with other organisations and systems. Tasks are assigned to individuals so if there is a change in personnel, it is simple process to reassign the tasks to new officers and ensure that the system remains robust.
“As a council we take our responsibilities for managing data relating to our residents, service users and partners very seriously.
“Using the document register in JCAD CORE demonstrates our commitment to ensuring that data processing and records management policies are adhered to and that we are compliant with legislation.”
Jessica Vinluan, Senior Information Governance and Complaints Officer,
Tower Hamlets Council