Does this include considerations and inclusion of the third sector and blue light services to avoid further work with Councils in terms of negotiation of separate arrangements for these services? One of the key cornerstones of the IS Toolkit is efficiency. The Toolkit is developed for adoption when information happens between a Scottish public sector organisation and […]
IS Toolkit road testing
The Toolkit is an evolution from the experience gathered using SASPI and Gold Standard;. The review has collected experiences and advice from experts across Local Authorities, Central Government, Health Care and Police; a road tested set of expert advice. Some resources have been in used for a number of years; any reviews are always produced by experts from […]
IS Toolkit final release
There is not such a thing as a final release for the Toolkit; it is a live set resources to enable safe and compliant information sharing across organisations. New guidelines and updates will be continually offered as required. Resources will be available via this site.
Is it possible to continue using SASPI?
The Scottish IS Toolkit is an update of SASPI which was developed in 2011 and due for review since 2015. The Toolkit incorporates an enhances information sharing arrangement across the public sector, including confidential information beyond personal information. But also represents an improvement in terms of good practices along the negotiation process that represents the […]
IS Toolkit – communications & awareness campaign
How the IS Toolkit has been communicated and what’s the plan for future communications? The overall plans of The Scottish Government in terms of Information Governance and Security, were initially communicated via DL (2015) 17 ” Information Governance and Security Improvement Measures 2015-17″; the IS Toolkit being part of this package of measures. The Toolkit has been presented at […]
‘safe haven’ boundaries
Where and what are the boundaries of the ‘safe haven’ which are being accredited – the charter restricts the definition to the analytical platform where access to anonymised data is being given, but does not necessarily include the preceding stages (anonymisation/linking agents, etc)? The boundaries of the ‘safe haven’ should include the linkage agent etc […]
Save Haven’s standards and the controls
What about other standards and the controls (for example ISO9000 and ISO15489), these are equally if not more important than information security in protecting data? Addressed in the additional controls included in accreditation set
ISO 27001 ISMS certification
Does ISO 2700 ISMS certification get you automatic safe haven accreditation, and if not why not? The existing ISO certification should shortcut most of the work, but evidence still required and additional controls not in ISO 2700 need to be addressed
IS Toolkit – what happens with current completed agreements, protocols, accords etc?
Does the launch of a set of templates, guidance and associated documentation – called the Information Sharing Tool-kit – mean that we have to set aside all the current completed agreements, protocols, accords etc? Negotiating information sharing can be difficult and time-consuming, and the last thing that The Scottish Government wants to do is undermine […]
Central team and National accord
Is there a central team that creates an overall accord and does some basic assurance on the organisations that which to share information? The tool-kit has been designed so that there is no overall national accord. It is not possible for The Scottish Government, or other central team, to assure organisations at a basic level […]