You can find all of the NHSBSA’s policies and procedures here.
Acceptable use policy (PDF: 181KB)
Anonymisation and pseudonymisation standard (PDF: 112KB)
Business continuity management policy (PDF: 138KB)
Business continuity management strategy (PDF: 62.9KB)
Caldicott principles (PDF: 66.8KB)
CCTV code of practice (PDF: 405KB)
Confidentiality audit procedure (PDF: 202KB)
Classification scheme and records retention schedule scope notes (PDF: 563KB)
Data classification matrix (Excel: 55KB)
Data handling and storage policy (PDF: 233KB)
Data protection and confidentiality policy (PDF: 198KB)
Data Protection, Re-use of Public Sector Information Regulations, Environmental Information Regulations and Freedom of Information review procedure (PDF: 187KB)
Data subject rights request procedure (PDF: 63.5KB)
Destruction standard (PDF: 64.1KB)
End user computing policy (PDF: 126KB)
Equality and diversity policy (PDF: 197.59KB)
Freedom of information policy (PDF: 168KB)
Freedom of information request procedure (PDF: 149KB)
Home working computer security policy (PDF: 378KB)
Information governance policy (PDF: 163KB)
Information governance strategy (PDF: 122KB)
Information Governance Steering Group terms of reference (PDF: 50.7KB)
Information security policy (PDF: 221KB)
Information security incident management standard procedure (Word: 2.21MB)
Mobile computing policy (PDF: 188KB)
NHSBSA subject access application form (PDF: 268KB)
Records management audit framework (PDF: 374KB)
Records management BCS and scope notes (PDF: 563KB)
Records management business classification scheme (BCS) (PDF: 327KB)
Records management business rules (PDF: 300KB)
Records management guidance (full) (PDF: 681KB)
Records management guidance (summary) (PDF: 207KB)
Records management policy (PDF: 183KB)
Records management retention schedule (Excel: 247KB)
Records management standard (PDF: 121KB)
Records management strategy (PDF: 161KB)
Registration authority and smartcard management procedure (PDF: 332KB)
Whistleblowing policy (PDF: 168KB)