Salisbury Foundation Trust


Internal Reference Number: FOI_4793

Date Request Received: 07/01/2019 14:13:46

Date Request Replied To: 09/01/2019 08:50:45

This response was sent via: By Email

Request Summary: Training and policing of information governance

Request Category: Private Individuals

Question Number 1:
Does the organisation have training that covers:
a. Recognising and reporting Phishing emails
b. Recognising Tailgating and how to respond (challenging strangers, checking for ID etc)
c. Disposal of confidential information
d. Dangers of using USB sticks being given away or finding one that looks like it has been dropped
Answer To Question 1:
a. Yes
b. Yes
c. Yes
d. Yes
Question Number 2:
Does the organisation allow the use of USB sticks?
Answer To Question 2:
Yes, Encrypted USB sticks procured by the Trust which meet NHS Standards.
Question Number 3:
Does the organisation deliver specialised training to key staff (those staff that could be targeted as part of a phishing email campaign, ie finance, execs etc)?
Answer To Question 3:
Question Number 4:
Does the organisation perform confidentiality audits as per the Data Security & Protection Toolkit?

Can you also answer relating to the audits:
a. Where the audits are undertaken would these be organised with the local team manager or the head of department ie the director etc?
b. Would an audit ever be carried out unannounced?
c. Do you have a policy / procedure of how to conduct the audit? – if so can you supply a copy.
d. Do you record the results on a checklist / report and return the key contact? – if so can you supply a blank copy.
Answer To Question 4:
a. Approval is sort form the Senior Information Risk Owner (SIRO)and Caldicott Guardian
Question Number 5:
Does the organisation have confidential waste receptacles placed through the entire organisation and are they regularly emptied?
Answer To Question 5:
Question Number 6:
Does the organisations Exec board receive board level training relating to Cyber Awareness?
Answer To Question 6:
Question Number 7:
How does the organisation provide Data Security & Protection Training to staff, does the organisation use (please indicate all the options that are applicable):
a. Third party application package
b. Third party Trainer / class room
c. eLearning for Health Data Security Awareness
d. In house developed package
e. Combination of any of the above
Answer To Question 7:
a. No
b. No
c. No
d. Yes
c. No
Please see attachments:
Ward&Department Information Governance Checklist v1.2 (Electronic version).docx
To return to the list of all the FOI requests please click here

Our staff at Salisbury District Hospital have long been well regarded for the quality of care and treatment they provide for our patients and for their innovation, commitment and professionalism. This has been recognised in a wide range of achievements and it is reflected in our award of NHS Foundation Trust status. This is afforded to hospitals that provide the highest standards of care.

Salisbury NHS Foundation Trust, Salisbury District Hospital, Salisbury, Wiltshire, SP2 8BJ
T: 01722 336262 E:
© 2022 Salisbury NHS Foundation Trust
Trust Values