As a responsible public authority, we take seriously our commitment to protecting all our information, whether this information relates to staff member, stakeholders, clients, visitors, general public, suppliers or others.

Staff members must remain vigilant at all times, aware of the many potential risks to information security that exist throughout our organisation. This is not an issue that is relevant only to those responsible for the development, operation or maintenance of our statistical and ICT systems - instead, it is an issue of fundamental concern to us all.

To this end, We are currently engaged upon an active programme of improvement, aimed at ensuring that all information under our guardianship remains as secure as possible. This programme is fully in accord with all relevant Department of Health 'information governance' directives, and the Government Statistical Service 'Statistical Governance' directives, including the recommendations of the Caldicott Report 1997, British Standard BSI 17799, International Standard ISO 27001, The Data Protection Act 1998 and The Freedom of Information Act 2000.

Part of this programme requires us to ensure that we maintain a comprehensive range of security policies and procedures, aimed at providing staff members with 'best practice' guidance on how to help protect our organisation from the dangers of disclosure, inaccuracy, incompleteness or unavailability of its information.

We urge every staff member to be fully conversant with, and to observe, all those policies that apply directly to them in their working life; and remind all departmental and/or line managers that they must ensure that all policies are adequately implemented and enforced.

Furthermore, we will be specifically asking all managers to conduct regular Risk Analysis reviews to ensure that the approved security measures remain effective in minimising all potential threats, and that there are no major changes to either the ICT systems or the surrounding environment, that pose new dangers.

Only by us taking responsibility for our own actions, can we truly aim to ensure that we achieve optimum levels of information security.

For further details about our programme of activity, please contact us.