Skip to main content Skip to footer

Policies and procedures

You can find all of the NHSBSA’s policies and procedures here.

Acceptable use policy (PDF: 181KB)

Anonymisation and pseudonymisation standard (PDF: 112KB)

Business continuity management policy (PDF: 138KB)

Business continuity management strategy (PDF: 62.9KB)

Caldicott principles (PDF: 66.8KB)

CCTV code of practice (PDF: 405KB)

Confidentiality audit procedure (PDF: 202KB)

Classification scheme and records retention schedule scope notes (PDF: 563KB)

Data classification matrix (Excel: 55KB)

Data handling and storage policy (PDF: 233KB)

Data protection and confidentiality policy (PDF: 198KB)

Data Protection, Re-use of Public Sector Information Regulations, Environmental Information Regulations and Freedom of Information review procedure (PDF: 187KB)
Data subject rights request procedure (PDF: 63.5KB)
Destruction standard (PDF: 64.1KB)

End user computing policy (PDF: 126KB)

Equality and diversity policy (PDF: 197.59KB)

Freedom of information policy (PDF: 168KB)

Freedom of information request procedure (PDF: 149KB)

Home working computer security policy (PDF: 378KB)

Information governance policy (PDF: 163KB)

Information governance strategy (PDF: 122KB)

Information Governance Steering Group terms of reference (PDF: 50.7KB)

Information security policy (PDF: 221KB)

Information security incident management standard procedure (Word: 2.21MB)

Mobile computing policy (PDF: 188KB)

New tender documents

NHSBSA subject access application form (PDF: 268KB)

Records management audit framework (PDF: 374KB)

Records management BCS and scope notes (PDF: 563KB)

Records management business classification scheme (BCS) (PDF: 327KB)

Records management business rules (PDF: 300KB)

Records management guidance (full) (PDF: 681KB)

Records management guidance (summary) (PDF: 207KB)

Records management policy (PDF: 183KB)

Records management retention schedule (Excel: 247KB)

Records management standard (PDF: 121KB)

Records management strategy (PDF: 161KB)

Registration authority and smartcard management procedure (PDF: 332KB)

Whistleblowing policy (PDF: 168KB)