Information Governance Toolkit

Last Updated 12th February 2013


Department of Health Information Governance Toolkit Version 10


  • Social Care Delivery

Working towards

  • Local Government Information Governance Toolkit

What is it?

A set of ‘information governance’ measures and associated good practice materials, available from an online system.

Subsets of these measures are grouped and presented as relevant for certain types of Organisation.


Enables organisations and partners to assess themselves against a base set of Public Service Information Governance policies and standards.

Currently, compliance is necessary as a part of gaining access to the N3 Network.

Work within Local Government is ongoing to update the toolkit to:

  • drive convergence across other common Information Assurance regimes that local authorities are asked to comply with, such as
    • Public Sector Network – Code of Connectivity

The toolkit can be used to accelerate the adoption of information sharing arrangements, between organisations using the same toolkit.

Where is it

The measures can be viewed from the ‘Requirements’ menu, by first selecting an ‘Organisation Type’. The most appropriate for Local Authorities is ‘Social Care Delivery’. The ‘Local Authority’ option is aspirational at the moment, and will build into a set of measures that are relevant for all disciplines in a Local Authority.

Ownership and Licensing

The toolkit web site Web site says …

“You may use and re-use the information featured on this website (not including logos or images) free of charge in any format or medium, under the terms of the Open Government Licence.”

Scope and Jurisdictions

Applies to England, however, organisations from other administrations are not turned away if they ask specifically to use it.

The toolkit covers topics including,

  •  Information Governance Management
  •  Records Management
  •  Information Compliance
  •  Information Security
  •  Data Quality & Assurance
  •  Information Sharing


The toolkit is managed by ‘Connecting for Health’. Updates are applied typically annually.

Work towards a Local Government view of the Toolkit is being led by Sheffield City Council, contact .

Sheffield are now working with

  •  Cabinet Office
  •  CESG

… to promote convergence.

Sheffield C.C. report their progress to the Local CIO Council.

Relationship to other Standards

The Toolkit is based on ISO27001.

Sheffield C.C. maintain a mapping from the Toolkit to the PSN Code of Connectivity at version 2.7.

The toolkit takes account of all relevant frameworks and guidance, such as

  •  HM Security Policy Framework
  •  Local Data Handling Guidance

Take Up

The current ‘Social Care Delivery’ part of the toolkit is typically used by councils wishing to access the N3 network. The ‘Public Health Transfer’ to Local Authorities will increase that.

Some councils apply measures from the toolkit across their organisations and partners.

The toolkit is endorsed by

  •  Cabinet Office
  •  N4 programme
  •  PSN
  •  LGA
  •  Local CIO Council

Product Support

Not applicable.

Potential Future Development and re-use

There are two main issues within which the Toolkit can be developed and refined.

  • Creating versions of the measures and supporting materials, that are in ‘Local Government’ terms, rather than ‘Health’ terms. Sheffield City Council are leading this work which is due to be published as Version 11, from June 2013.


  • Broadening the acceptance of the toolkit for general use across all local authority functions, partners, and central government departments and agencies. This would enable each data sharing/handling scenario to be described in terms of a single set of common measures, upon which extra ‘top-up’ measures can be added to meet the specific demands of a particular application. This work has not been commissioned and will require a drive from the Local Government community.


Comments from the Custodian ( Sheffield City Council )


This initiative at a National Level offers a common sense and practical way forward to rationalise and standardise around a common approach to Information Governance across all Government Sectors moving forward.

Beginning with Local Authorities and NHS organisations, it provides best-practice, detailed guidance and the ability to bench-mark to a common set of Information Governance standards for the mutual benefit of both sectors.

Starting from a basic premise of a mutual underlying Information Assurance standard that is applicable to all (in the form of the PSN Code of Connection) it builds out to enable organisations to demonstrate compatibility against the hitherto separate Information Governance regimes which have emerged across all Sectors of Government. This for example includes the NHS’s Information Governance Statement of Compliance (IGSOC) process which is currently a pre-cursor for any organisation wishing to exchange information or use NHS infrastructure, applications or Services.

Extrapolated wider moving forward the same approach could be readily applied to ease and simplify the journey to connected Service delivery moving forward and would logically encompass the plethora of governance regimes currently in play such as HMG’s Security Policy Framework which fulfils the same requirement for Central Government