1. Name of organisation SIRO (Senior Information Risk Owner) or similar post (Chief Information Governance Officer etc), or responsible person for SIRO duties. There may be more than one SIRO.
Tony McDonald
2. Contact email of person or persons named in question 1.
Tony.mcdonald@elht.nhs.uk
3. Name of organisation DPO (Data Protection Officer) or responsible person for DPO duties.
Natalie Baxter
4. Contact email of DPO.
Natalie.baxter@elht.nhs.uk
5. Have you appointed, or do you plan on appointing or delegating the position of IAO to any employees?
Yes
6. Who is responsible for the leading IAO structure, I.E. the SIRO/’Lead’ IAO/Head of Governance/Head of Corporate Services etc?
Information Governance Function
7. Who is responsible for reviewing and implementing any training needs for the IAO’s?
Information Governance Function
8. In relation to questions 6 and 7, can we please be provided with the contact email address of the appropriate person?
Information.governance@elht.nhs.uk
9. Is IAO training delivered by an external third party or internally?
Internally via a module on our learning management system
10. Are you or have you considered becoming ISO 27001 compliant or certified? If so when?
No
11. Following on from Q10, If so whom is/would be responsible for implementation or exploration of ISO 27001? (as in, the person/job title/email address)
N/A
12. Who is the person responsible for the physical security controls in your estate e.g. CCTV, Lighting, barriers, intrusion detection and fencing.
For RBTH site, being a PFI managed site, maintenance is managed by a private company, so they are not obligated to respond to FOIs.
For the BGTH site, again part of the site is PFI managed the remaining parts of the site is Trust estate. CCTV checks are carried out daily and any faults reported to the helpdesk for remediation. Lighting, barriers, intrusion detection and fencing checks are maintained by Trust estates.
13. In relation to question 12 when was the effectiveness of these controls last reviewed?
For RBTH site, being a PFI managed site, maintenance is managed by a private company, so they are not obligated to respond to FOIs.
For the BGTH site, again part of the site is PFI managed the remaining parts of the site is Trust estate. Checks will be carried out as regular Planned Preventative Maintenance throughout the year.
14. In relation to question 12 can we please be provided with the name/job title and email address of this person?
For RBTH site, being a PFI managed site, maintenance is managed by a private company
For the BGTH site, again part of the site is PFI managed
15. Who would be the person responsible for the organisation of external training within your organisation. E.g. Head of learning and development / HR Manager.
The Trust does not supply details of members of staff unless they are already in the public domain. Contact details are also not provided unless these are public.
Structures for divisions are located on the Corporate Governance page of the Trust website
https://elht.nhs.uk/about-us/corporate-publications-annual-reports-and-accounts
Information relating to the board, including email address is on the Trust board page
https://elht.nhs.uk/about-us/trust-board
16. Can you please provide the name/job title and email address for the person in question 15?
The Trust does not supply details of members of staff unless they are already in the public domain. Contact details are also not provided unless these are public.
Structures for divisions are located on the Corporate Governance page of the Trust website
https://elht.nhs.uk/about-us/corporate-publications-annual-reports-and-accounts
Information relating to the board, including email address is on the Trust board page
https://elht.nhs.uk/about-us/trust-board
