You are here: Home Services & Applications Information Governance (IG) Information Governance Statement of Compliance More information

IGSoC contacts:

All IG SoC
enquiries:

Email: exeter.helpdesk@nhs.net

Phone: 01392 251289

 

IG SoC More Information

The IGSoC is the process by which organisations enter into agreement with NHS CFH for access to its services. The terms and conditions of access are set out in the IG Assurance Statement which is a required element of the IG Toolkit. It is essential that every organisation meets the obligations of the IG Toolkit, and complies with the IG Assurance Statement to the required standards to safeguard NHS Connecting for Health services and information for all.

What is the Information Governance Statement of Compliance (IGSoC)?

The Information Governance Statement of Compliance (IGSoC) is the process by which organisations enter into an agreement with NHS Connecting for Health for access to NHS Connecting for Health’s services, including the NHS National Network (N3), in order to preserve the integrity of those services.

Why should I complete the process?

By requiring organisations to meet the information governance standards incorporated into the terms and conditions of the IG Assurance Statement, NHS Connecting for Health can ensure that safeguards are in place to protect its services.

Do I need to complete the process for my organisation?

Every individual organisation, and entity of any legal form, that has direct access to any service provided by NHS Connecting for Health is required to complete the process and comply with the terms and conditions of the IG Assurance Statement.

What is the IG Assurance Statement?

As part of the IG Toolkit Assessment, you are required to accept the IG Assurance Statement.  This statement contains additional terms and conditions applicable to all organisations using NHS CFH services such as N3, and signifies an organisations' agreement to abide by those terms.

You can preview / print the IG Assurance Statement using the new "Preview/Print IG Assurance Statement" link on the Assessments page of the IG Toolkit (you need an "in progress" assessment for the link to be available).

Who should complete the IG Assurance Statement?

Whilst the IG Assurance Statement can be accepted by your Toolkit Administrator, it is binding on your organisation, and acceptance should be authorised by the most Senior Executive of an organisation in the same way as the IG Toolkit Submission.  This is to confirm the organisation’s commitment to meeting and maintaining the required standards of information governance, and the Senior Executive's responsibility for ensuring this is achieved.  For example, in GPs, this would be the Senior Partner.

How do I complete IG Assurance Statement?

The IG Assurance Statement is a requirement of the IG Toolkit that is completed and submitted by, or with the agreement of, the most senior executive of the organisation.  The statement can be printed prior to submission from the 'Assessments' page of the IG Toolkit in order to gain the required level of authorisation prior to formal submission.

What does the IG Assurance Statement include?

The IG Assurance Statement includes:

  • The Requirement that no Patient Identifiable Data or other sensitive data be stored or processed offshore where the location is deemed non-compliant with the NHS CFH Offshore Policy*
  • The right to audit by NHS Connecting for Health or nominated third parties
  • Change Control Notification procedures and approvals processes
  • The requirement for organisations to achieve, or be working towards, ISO27001
  • The requirements for reporting security events and incidents.

The IG Assurance Statement is a required element of the Information Governance Toolkit (IGT) and is re-affirmed by organisations’ annual submission of the toolkit.

IGSoC Clarification of status

The fact that an organisation has completed the IGSoC process does not remove the requirement for commissioners to assure themselves that their providers / suppliers are meeting and maintaining information governance standards.  Commissioners should therefore take into account the following information:

Where an organisation has assessed itself as meeting the requirements of the IGSoC process, has recorded its assessment of the IG Toolkit, and agreed to the terms of the IG Assurance Statement, this provides a clear and structured basis for auditing the organisation to obtain assurance that IG standards are being met.  An agreed IG Assurance Statement does not itself provide this assurance and bodies contracting, or otherwise engaging with organisations that have gone through the IGSoC process must ensure themselves that there is robust evidence of performance.  It is the responsibility of all NHS Contracting Authorities to ensure that appropriate IG assurance is obtained when contracting for the delivery of information services.