Security and Compliance
Fife Council recognises that the information it holds is an important asset that must be controlled and protected. In recognition of this, the Security and Compliance Team was formed and has various policies and procedures that must be followed to keep the Council’s valuable information secure, controlled and protected.
Information Governance (IG) is a term for all the ways in which the Council manages its information. IG comprises three principal arms, each of which are of equal importance in ensuring that the Council does the right thing with information and is compliant with the relevant legislation and regulation. These are, in alphabetical order, data protection (DP), information security (IS) and records management (RM). Over the course of 2018, the Council will be moving to an integrated approach to offering staff straight-forward guidance on what they need to do when working with or handling information. This will be under the banner of IG.
The Council’s Data Protection Officer and Data Protection specialists ensure the Council is complying with the Data Protection Act and preparing for the EU General Data Protection Regulations (GDPR) which comes into force 25thMay 2018 by raising awareness of data protection responsibilities and the management of personal information, ensuring that data protection policies and procedures are developed and implemented, communicated and embedded across all Council areas.
The Information Security Team oversees the Council’s ICT security and ensures compliance with national standards such as PSN (Public Service Network), implements best practice and guidance from the Scottish Government and interacts with several security organisations such as CISP (Cyber-security and Information Sharing Partnership) and the new NCSC (National Cyber Security Centre). Much of the work of this team involves highlighting security awareness and risk management.
Records Management relates to the creation, maintenance, use, storage, retention and disposition (disposal or selection for permanent preservation) of records in compliance with relevant legislation and best practice. Records management is also concerned with facilitating business process improvement and developing business intelligence.