South West London CCG Annual Report and Accounts 2020/21

of submission of the DSPT. The DSPT is based on the 10 National Data Guardian (NDG) standards. NHS South West London CCG completed all 89 mandatory assertions, and 43 of the 57 non-mandatory assertions. The CCG published the 2020-21 submission with ‘Standards Met’ on 31 March 2021, ahead of the submission cut off which was 30 June 2021. The CCG places high importance on ensuring there are robust information governance systems and processes in place to protect patient and corporate information. We have an information governance management framework, including information governance processes and procedures in line with the DSPT. We have ensured all staff undertake annual information governance training. There are processes in place for incident reporting and investigation of serious incidents. We continue to develop information risk assessment and management procedures and a programme is in place to fully embed an information risk culture throughout the organisation against identified risks. How we look after information securely The Senior Information Risk Owner (SIRO) for NHS South West London CCG is the Chief of Staff; he is a member of the Senior Leadership Team and attends Governing Body meetings. In response to the Covid-19 pandemic, RSM were requested to conduct an in-depth audit to provide assurance that: • South West London CCG’s Information Governance response to the Covid-19 pandemic followed best practice and met all legal requirements. • The control environment designed to ensure that South West London CCG managed its data sharing arrangements in accordance with the Control of Patient Information (COPI) Notice, were fit for purpose and that information was only shared as appropriate and where suitable data sharing arrangements are in place. The outcome of the audit was that substantial assurance was provided; all recommendations were swiftly implemented. Business critical models The CCG confirms that an appropriate quality assurance framework is in place and is used for all business critical analytical models. Third party assurances The CCG relies on a number of third party providers (such as NHS SBS, NHS BSA, NEL CSU) to provide a range of transactional processing services ranging from finance to data processing. Our requirements for the assurance provided by these organisations are reviewed every year. Appropriate formal assurances are obtained to supplement routine customer/ supplier performance oversight arrangements. 144 | NHS South West London Clinical Commissioning Group