Under the Code of Connection and the new Information Governance Statement of Compliance, new connections complete an Information Governance Toolkit self assessment before they are allowed to connect to N3.

The Audit framework introduces a baseline check by independent auditors against that of the environment you submitted your self-assessment from.

Audits can cover a sample section of the Information Governance Toolkit headings or could be more exhaustive, especially as the Audit framework is linked to the Security Incident monitoring scheme. Regular or repeat offenders may find themselves under greater scrutiny and in a much shorter timeframe.

External audit firms will be used in rota and will themselves conduct assessments based up strict guidelines and templates prepared by Information Governance.

Where an entity such as a PCT has its own audit department if may be possible for them to conduct the work, or assist our audit staff and to ensure knowledge transfer takes place.