Information Governance

Information Governance (IG) and IG Toolkit

What is Information Governance? | Why is IG/IGT an issue? | The College and IGT | What is the IG Toolkit? | About these web pages | Key Documents and References | Key Responsibilities | Contact

The IG Toolkit has NOT been scrapped.
Please note that contrary to recent reports, the NHS Digital Chief Operating Officer has confirmed that the IG Toolkit is undergoing development, and not being 'scrapped' (11.2016). 

We received confirmation from HSCIC (now 'NHS Digital') that our College IGT submission for 2015-16 had been approved as Satisfactory against all 14 requirements. Thanks to all those who contributed to this significant task.

If you are or have entered into an HSCIC Data Sharing Agreement you need to read the HSCIC DSA Information Security Policy, and consult with your Departmental Manager.  Advice also available from

 What is Information Governance?

IG Image (jpg)

 back to top
Information Governance is to do with the way organisations ‘process’ or handle information. It covers personal information, i.e. that relating to patients/service users and employees, and corporate information, e.g. financial and accounting records.

Information Governance provides a way for employees to deal consistently with the many different rules about how information is handled, including those set out in:

(see About the IG Toolkit )

A host of relevant information and advice regarding handling/management of data is available at our Research Data Management website.

Why is IG/IGT an issue?

back to top

In September 2011 the NHS England Chief Executive and Information Commissioner confirmed that all organisations that have access to NHS patient data must provide assurances that they are practising good information governance and use the Information Governance Toolkit to evidence this. Where services are commissioned for NHS patients, the commissioner is required to obtain this assurance from the provider organisation and this requirement should be set out in the commissioner-provider contract.

Letter from NHS England Chief Executive and Information Commissioner

It remains Department of Health policy that all bodies that process NHS patient information for whatever purpose should provide assurance via the IGT.

The 2014 Partridge Review - "Steps to guarantee greater openness and reassurance to the public, stricter controls over data use and better clarity for data users" - has placed greater emphasis on appropriate data management and resulted in tighter processes and greater institutional and researcher assurance requirements (See Partridge Review and Summary).

What is the IG Toolkit?

back to top

The Information Governance Toolkit is a Department of Health (DH) Policy delivery vehicle that the Health and Social Care Information Centre (HSCIC) is commissioned to develop and maintain. It draws together the legal rules and central guidance set out by DH policy and presents them in in a single standard as a set of information governance requirements. The organisations in scope of this are required to carry out self-assessments of their compliance against the IG requirements.

An assessment of compliance with requirements, within the Health & Social Care Information Centre Information Governance Toolkit (IGT), is undertaken each year.

The College and IGT

back to top

We received confirmation from HSCIC (now 'NHS Digital') that our College IGT submission for 2015-16 had been approved as Satisfactory against all 14 requirements. Thanks to all those who contributed to this significant task.

During the period to 31st March 2015 (final submission date for the IGT) a College IGT Working Group developed an IGT submission for the College as a whole.  This provides a range of University and College level evidence and support for departmental, research group, or trial/project level IGT submissions.

The College is registered as what is termed as a “Hosted Secondary Use Team/Project” and has to provide evidence against the following requirements:



Information Governance Management


Responsibility for Information Governance has been assigned to an appropriate member, or members, of staff


There is an information governance policy that addresses the overall requirements of information governance


All contracts (staff, contractor and third party) contain clauses that clearly identify information governance responsibilities.


All staff members are provided with appropriate training on information governance requirements.

Confidentiality and Data Protection Assurance


Personal information is only used in ways that do not directly contribute to the delivery of care services where there is a lawful basis to do so and objections to the disclosure of confidential personal information are appropriately respected


There are appropriate confidentiality audit procedures to monitor access to confidential personal information


All person identifiable data processed outside of the UK complies with the Data Protection Act 1998 and Department of Health guidelines


All transfers of personal and sensitive information are conducted in a secure and confidential manner

Information Security Assurance


Policy and procedures ensure that mobile computing and teleworking are secure


There is an information asset register that includes all key information, software, hardware and services


Unauthorised access to the premises, equipment, records and other assets is prevented


There are documented incident management and reporting procedures


The confidentiality of service user information is protected through use of Pseudonymisation and anonymisation techniques where appropriate


There are adequate safeguards in place to ensure that all patient/client information is collected and used within a secure data processing environment (safe haven) distinct from other areas of organisational activity

back to top

About this Website

This website will be used as the focal point for communication regarding IG and the IGT for the College.  Content will change significantly and often so please check the site regularly.

Key Documents and References

Key Responsibilities

  • The University Registrar, Dave Hall is the Senior Information Risk Owner (SIRO)
  • CMBSP IG Strategy Group - Chaired by Alison Goodall, Deputy Head of College.
  • CMBSP IT Advisory Committee - Chaired by Julian Ketley
  • IG Academic Lead - Julian Ketley
  • IG Lead (Research) - Andrew Burnham
  • IG Leads (who act as the College IGT Working Group) – Jitin Liladhar (College IT Manager), Debbie Oldham (Departmental Manager, Health Sciences)



Share this page:



Wellcome Trust Institutional Strategic Support Fund

More information about our new schemes

**New for 2017**
Contact Details

College of Medicine, Biological Sciences and Psychology
University of Leicester
Maurice Shock Building
University Road