EURIM Working Group on Information
Governance
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Introduction and Terms of Reference
Group Outputs (Papers and Briefings) |
Subgroups: Security by Design |
|
Members Page – for meeting details, minutes, working drafts, and additional group information |
|
Introduction and Terms of Reference
This group builds on the enormous success of EURIM’s work on Personal Identity and Data Sharing, from the debate on the European Data Protection Directive, through exercises on Medical Data Protection and on Identity Cards, to the recent inquiries with regard to Information Assurance. One consistent theme has been the need to reconcile practical experience of what works with the aspirations of those seeking to promote new methodologies and technologies, while addressing “cultural problems” associated with individual and organisational behaviour and attitudes. The Group is also engaged in the political debate over the balance of risk between privacy and surveillance, Another theme has been the need to provide practical guidance as to who should be responsible for doing what, given so much conflicting legislation over what can and should, or should not, be retained and/or shared with whom, under what circumstances.
Objective
To rebuild confidence in the competence of the public, private and
voluntary sectors to securely manage the sharing of identity and
information services and support the creation and enforcement of
relevant professional codes of practice.
Strategy
Parliamentary
and political:
to change the nature of current debate on data protection and
information assurance by showing that secure electronic identity
management and information sharing are already commonplace,
including in the public sector, and that the need is to replicate,
reinforce and build on existing good practice.
Industrial and professional:
to provide a neutral umbrella for officials to meet with industry
(users as well as suppliers and consultants) to discuss practical
co-operation in overcoming fragmentation and confusion regarding
responsibilities, liabilities and governance. To share experience of
existing processes for handling interactions between those who do
not trust each other as well as those who do.
Work Programme for 2009
-
Directors Round Table: 5 work-streams have arisen from the Directors Round Table meetings, with the overall objective of setting the agenda and providing a forum to bring together people and organisations that can make things happen. Another 2 are in prospect.
1. Basic Principles – The first task is to produce guidance covering the elements that constitute good governance (clarity of accountability, responsibility, ownership, quality, security, availability, people processes etc.). An additional aim is the creation of credible policy frameworks against which suppliers can deliver transparently, thus enhancing client and customer confidence in their products and services. The Subgroup is working on an innovative, succinct a 1-page document with links to existing guidance and comments on what still needs to be addressed, supported by an animated voice-over video which illustrates the hierarchy of the concepts and processes involved.
2. Security by Design – Major users (both public and private) and suppliers are being brought together with the aim of incentivising industry to co-operate to devise better and inherently more secure products, and to use an appropriate set of standards with a secure architecture in which outputs are defined. An additional aim is to set and use common standards for inter-operability frameworks which can be mandated by major customers (civil or military) in the knowledge that major suppliers can and will supply products and services that will fit together. Activity teams are expected to produce early deliverables by end Q1.
This is an ambitious exercise to change market behaviour and introduce a new security paradigm, with EURIM providing a neutral umbrella for bringing major players together: users (public/private, military/civil) and suppliers, internationally as well as nationally. A delegation from the Subgroup recently met representatives of the Public Secure Network on 15 April to discuss the Government Conveyancing Network (the ‘glue’ between service provider networks), to press the case for an architecture-based approach to security.
3. Value of Information – Focus is on the incentives and benefits that derive from treating information as an asset: to be maintained and exploited securely and effectively. It also agreed deliverables for May and June with a final report in September covering the means of valuing information in order to help set budgets and justify investment in improving quality and security, working with the Knowledge Council and Audit Commission inter alia.
The Subgroup is developing a repository on the EURIM companion 'microsite' (link at the top of this page) of documentation, research and tools, e.g. presenting evidence linking performance to information management maturity, and covering methodologies for benchmarking and measuring performance etc. EURIM will assist the Knowledge Council in the areas of how to measure and enhance the value of data, and improving information and knowledge management skills and culture.
The overall purpose of the Subgroup is to:
*** raise awareness of the importance of and potential for better exploitation of information assets within organisations, particularly within the public sector;
*** influence the policies and strategies concerning how to achieve radically improved information management culture in the public sector;
*** provide high level guidance on available approaches to valuing the information asset and to measuring and benchmarking an organisation’s information management capability.
4. ID Governance – Targets and outcomes are being identified under the premise that while there is no single structure that meets all needs, there are some common principles of governance that Government will try to legislate on, across all departments.
A possible approach is to consider how citizens’ needs are met in a business model for identity cards and systems. The difficulty is, given the public’s lack of trust in Government generally to look after personal data, whether there will be sufficient popular buy-in: there needs to be a single, secure unique identity and a demonstrable benefit for the citizen.
A key aim is to educate a cadre of politicians and policy advisers who can ensure that policy follows a better set of frameworks than would otherwise have been the case. A common policy is necessary for the establishment of interoperability and providing for effective identity governance. The next meeting of the Subgroup will focus on a mission statement and a plan of action.
5. Quality of Information – proposal awaited
-
Frameworks for Cooperation – EURIM is supporting the Kent Connects KUDOS project in the application of FAME, beginning with a simplified 'FAME Lite' approach. Funding has been provisionally granted for the KUDOS project at Kent Connects, which aims to employ secure real-time information sharing of anti-social behaviour incidents between Kent Police, Kent County Council, Kent districts and Medway. See A short guide to FAME, the Framework for Multi-agency Environments & FAME_Lite, for a shared strategic vision
Forthcoming Meetings
| Date | Description | |
| 18 Mar 10 | Quality of Information Follow-up Meeting |
More details... |
| 25 Mar 10 | Meeting of the ID Governance Subgroup |
More details... |
Recent Meetings
| Date | Subject | Papers |
| 22 Feb 10 | Joint with the Audit Commission: Uncovering the Truth: Using Information to Deliver More for Less: A roundtable discussion |
Recording 1 [.wav] (5MB) Recording 2 [.wav] (8MB) |
| 03 Feb 10 | Identity Governance Subgroup scoping meeting |
Summary
Report |
| 13 Nov 09 | Security by Design Subgroup Meeting |
Summary
Report |
| 06 Nov 09 | Basic Principles Subgroup Meeting |
Summary
Report |
| 22 Oct 09 | Editorial team for Information Assurance paper | |
| 09 Oct 09 | Security by Design Subgroup Meeting to review first draft of group report | |
| 21 Sep 09 | Meeting on Compliance with Government Connects Codes of Practice |
Summary
Report |
| 16 Sep 09 | Basic Principles Subgroup Meeting |
Summary
Report |
| 03 Sep 09 | Value of Information Subgroup Meeting |
Summary
Report |
| 28 Jul 09 | Value of Information Subgroup Meeting |
Summary
Report |
| 21 Jul 09 | Meeting on Compliance with Government Connects Codes of Practice |
Draft Summary
Report |
| 09 Jul 09 | Basic Principles Subgroup Meeting |
Summary
Report |
| 09 Jul 09 | Security by Design Subgroup Meeting |
Summary
Report Presentation |
| 23 Jun 09 | Meeting of the Subgroup Chairs |
Summary
Report |
| 05 Jun 09 | Value of Information Subgroup Meeting |
Summary
Report |
| 07 May 09 | Identity Governance Subgroup Meeting |
Summary
Report |
| 07 May 09 | Value of Information Subgroup Meeting |
Summary
Report |
| 01 May 09 | Basic Principles Subgroup Meeting |
Summary
Report |
| 27 Apr 09 | Security by Design Subgroup Meeting |
Summary
Report |
| 09 Apr 09 | Identity Governance Subgroup Meeting |
Summary
Report |
| 09 Apr 09 | Basic Principles Subgroup Meeting |
Summary
Report Basic Principles Framework - Concept Diagrams Information Governance in the Context of Policy Evaluation  |
| 08 Apr 09 | Value of Information Subgroup Meeting |
Summary
Report Notes of Meeting with Catriona Massey of the Knowledge Council Emerging Themes from Desk Research |
| 05 Mar 09 | Data Value Subgroup Meeting |
Summary
Report |
| 03 Mar 09 | Security by Design Subgroup Meeting |
Summary
Report Presentation |
| 18 Feb 09 | 'Data Value' work-stream scoping meeting |
Summary
Report |
| 12 Feb 09 | 'Security by Design' work-stream scoping meeting |
Summary
Report Presentation |
| 23 Jan 09 | 'Basic Principles' work-stream scoping meeting |
Summary
Report |
| 18 Dec 08 | Directors' Round Table follow-up forward planning meeting | Summary
Report |
| 24 Nov 08 | The Directors Roundtable on Information Governance |
Summary
Report More details... |
| 14 Nov 08 | Data Sharing Subgroup meeting |
Summary Report Presentation from Experian Presentation from EDT |
| 09 Oct 08 | Group meeting |
Summary
Report Presentation List of supporting papers |
| 29 Aug 08 | Data Sharing Subgroup meeting |
Summary
Report |
| 09 Jul 08 | Data Sharing Subgroup meeting |
Summary
Report |
Group Outputs (Papers & Briefings)
|
Date |
Type of Output |
Title |
| Nov 09 | Status Report Summary |
From Toxic Liability to Strategic Asset: Unlocking the Value
of Information |
| Sep 09 | Status Report |
Unlocking the Value of Information |
| Mar 09 | Response |
Communications Group: Response to the Digital Britain
Interim Report |
| Jun 08 | Case Studies | Case Studies associated with the Identity Management & Information Parliamentary Showcase held on 10 June 2008 |
| Feb 08 | Group Position Paper |
Information Sharing Protocols Response from Tom Watson MP |
| Feb 08 | Consultation Response |
EURIM response to the Thomas-Walport
Consultation |
| Outputs prior to 2008 | ||
Other Relevant Documents and Links
|
What is Information Governance? |
| ISAF/BCS Personal Data Guardianship Code - www.bcs.org/datacode |
|
Public Procurement Sub Group
Status Report: Good Practice in Procurement |
| Outputs prior to 2008 |
|
||||||||||||||||||||||
 | ||||||||||||||||||||||
|
||||||||||||||||||||||
| ||||||||||||||||||||||
| copyright ©2010 www.eurim.org.uk | ||||||||||||||||||||||
