document title it procurement policy · 2020-02-11 · all approved projects will be managed using...
TRANSCRIPT
CNTW(O)63
Document Title IT Procurement Policy
Reference Number CNTW(O)63
Lead Officer Darren McKenna,
Director of Informatics
Author(s) (name and designation)
John Gair, Head of Informatics - Infrastructure
Ratified by Business Delivery Group
Date ratified Nov 2017
Implementation Date
Nov 2017
Date of full implementation
Nov 2017
Review Date Nov 2020
Version number V05.1
Review and Amendment
Log
Version Type of Change
Date Description of Change
V05 Review Nov 17 Minor changes-Clinical Transformation- change of author
V05.1 Review Oct 19 Governance changes
This policy supersedes:
Document Number Title
CNTW(O)63 – V05 IT Procurement Policy
CNTW(O)63
IT Procurement Policy
Section Contents Page No.
1 Introduction 1
2 Purpose 1
3 Duties, Accountability and Responsibilities 1
4 Definition of Terms 2
5 Procedure / Process 2
6 Policy Administrative Process 4
7 Communication and Consultation with Stakeholders 5
8 Approval and Review of Document 5
9 Training 5
10 Implementation 5
11 Monitoring Compliance 6
12 Equality and Diversity 6
13 Fair Blame 6
14 Fraud, Bribery and Corruption 6
15 Associated Documents 7
16 References 8
Standard Appendices – attached to Policy
A Equality and Diversity Screening Toolkit 9
B Training Checklist and Training Needs Analysis 11
C Audit Monitoring Tool 13
D Policy Notification Record Sheet - click here
Practice Guidance Note – listed separate to Policy
Document No: Description
ITP-PGN-01 IT Procurement Guidelines
CNTW(O)63
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)63 IT Procurement Policy – V05.1 Oct 19
1
1 Introduction 1.1 Cumbria Northumberland Tyne and Wear NHS Foundation Trust (the
Trust/CNTW) has agreed standards in place for desktop software, operating systems, computer networks and computer hardware and peripherals. This standardisation is essential as it allows the Trust’s Informatics Department to provide a quality service.
1.2 The Trust has agreed standards in place for:-
PC
Laptop
Blackberry
Peripherals - printers, scanners
Software
Software maintenance and support contracts
Telephones
Camera, Camcorder and Audio device
USB Memory Stick
1.3 The main benefit areas are:
Informatics Support Staff are familiar with hardware and peripherals, thus speeding up fault finding
The Informatics Department is able to stock standard spares in order to reduce down time
Network installations are planned and coordinated centrally by experienced network engineers
Informatics staff with relevant skills are recruited
1.4 This policy documents the standards and controls which must be in place to achieve these benefits and to ensure the purchase, delivery and installation of IT equipment is coordinated successfully.
2 Purpose 2.1 The purpose of this policy is to provide a framework for the procurement of
IT hardware and software within the Trust, and to assist in the management and control of IT expenditure across all areas of CNTW.
3 Duties, Accountability and Responsibilities 3.1 Responsibility for implementation and compliance to this Policy lies with the
Chief Executive
CNTW(O)63
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)63 IT Procurement Policy – V05.1 Oct 19
2
3.2 Associate Directors must ensure ownership for implementation throughout their respective Locality Care Groups.
3.3 It is the responsibility of the Director of Informatics to ensure that IT
hardware or software is purchased in accordance with this policy only. 3.4 All purchasers of computer hardware and software have a responsibility to
ensure that this policy is adhered to. 3.5 It is the responsibility of the Informatics Service Helpdesk in conjunction with
the Procurement Team to ensure that all IT purchases are dealt with in accordance with this Policy and in a timely manner
4 Definition of Terms 4.1 ISO/IEC 27002:2005 International Standard for Information Security. 5 Procedure / Process 5.1 Procurement: 5.1.1 The Informatics Department is the sole authority for submitting requisitions
for IT equipment on behalf of any Ward or Department that has had approval for obtaining such equipment. The Director of Informatics retains the right to question any request for IT equipment, to ensure that purchases offer value for money etc.
5.1.2 All IT related hardware and software will be specified by the Director of
Informatics. Hardware and software cannot be purchased without a completed Online User Request. This needs to be approved by the department’s Cost Centre Manager.
5.1.3 The Informatics Department will ensure that all of the Trust’s Informatics policies and procedures are followed when setting up software and hardware.
5.1.4 Installation of replacement equipment will be given priority over new
equipment in order to maintain continuity in the existing service. 5.1.5 The following general principles will be applied to all IT purchases:
The Standing Financial Instructions which govern all procurement of goods and services across CNTW
All purchases will be suitable for purpose
All purchases will be of an acceptable quality
CNTW(O)63
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)63 IT Procurement Policy – V05.1 Oct 19
3
All purchases will have technical approval and financial approval from both the budget holder and the Director of Informatics
Request for replacement of equipment must be identified as faulty by the IT Team or fall outside the replacement criteria for the age of equipment
All purchases will be on the approved products list unless authorisation has been obtained from the Director of Informatics to purchase non-approved products
All solutions purchased to comply with the Trust Information Security Policy CNTW(O)35
All approved projects will be managed using PRINCE2 methodology
5.2 Procurement Policy: 5.2.1 Staff who wish to purchase IT equipment will:
Consider value for money
Identify maintenance requirements
Identify training requirements 5.3 The Purchaser or Line Manager will:
Ensure that the Online Order is completed, and approved by the budget holder
5.4 The Budget Holder will:
Ensure that all relevant paperwork is complete and give authority to proceed after approval by the Informatics Department.
5.5 The IT Department will:
Ensure that all purchase requests are dealt with in a timely manner
Ensure equipment is checked against delivery receipt and asset tagged
Ensure that all It equipment is configured appropriately by a trained member of staff
Used only in an approved environment
CNTW(O)63
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)63 IT Procurement Policy – V05.1 Oct 19
4
Maintained in a safe and reliable way
Replaced in accordance with statutory requirements, guidelines and changes in technology
Ensure that all software licences are checked for quantity and held securely
Decommissioned and disposed of in line with the Trust secure disposal guidelines
5.6 The Procurement Team will:
Accept Procurement (Oracle) requisitions from the Informatics Service Helpdesk and deal with these in a timely manner
Ensure That adequate information has been provided to complete the procurement
Raise a Purchase Order for the equipment, and forward this to the supplier
Will make reference to standardised list of products
Existing catalogues and contracts to be used by supplies where appropriate
Informatics will liaise with Procurement in order to determine source of supply for commonly used products
Supplies will use the Commercial Support Unit (formerly PRONE) for the supply of PCs and Laptops
6 Policy Administrative Process 6.1 The development, consultation and dissemination of this policy has been
undertaken in accordance with the Trust’s Policy CNTW(O)01, Development and Management of Procedural Documents and in conjunction with the policy administration process.
6.2 It has been circulated within the Trust CEO Bulletin and is available on the Trust Intranet site and also from policy administration.
6.3 Archiving of this policy will be in accordance with the Trust’s Policy, CNTW(O)01, Development and Management of Procedural Documents.
CNTW(O)63
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)63 IT Procurement Policy – V05.1 Oct 19
5
7 Communication and Consultation with Stakeholders 7.1 This is an existing policy which has only minor changes that do not relate to
operational and / or clinical practice therefore did not require a full consultation process
North Locality Care Group
Central Locality Care Group
South Locality Care Group
North Cumbria Locality Care Group
Corporate Decision Team
Business Delivery Group
Safer Care Group
Communications, Finance, IM&T
Commissioning and Quality Assurance
Workforce and Organisational Development
NTW Solutions
Local Negotiating Committee
Medical Directorate
Staff Side
Internal Audit
8 Approval and Review of Document
8.1 This document has been approved by the Corporate Decision Team and will be reviewed 1 year from date of issue, unless by exception, i.e. due to change in legislation or standards.
9 Training 9.1 Training for this policy is incorporated into the annual Information
Governance Training Mandated to all staff 9.2 The Corporate Decision Team (CDT) has:
Given full consideration to any training needs that have been identified during the development of a policy
Ensured that a full Trust wide training needs analysis has been undertaken
Identified who this will effect what level of training is required
How often training should be undertaken
Any resource implication
CNTW(O)63
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)63 IT Procurement Policy – V05.1 Oct 19
6
9.3 Where additional training is required it is the responsibility of both managers and staff to ensure that this is undertaken and that attendance is verified and recorded.
10 Implementation 10.1 Taking into consideration all the implications associated with this policy, it is
considered that a target date of May, 2014 is achievable for the contents to be implemented across the Trust.
10.2 This will be monitored by the CDT during the review process. If at any stage
there is an indication that the target date cannot be met, then the Group will consider the implementation of an action plan.
11 Monitoring Compliance 11.1 Responsibility for monitoring compliance with this policy locally lies with
Associate Directors and Line Managers. 11.2 The Information Governance Team will monitor compliance with this policy
through observation, spot checks and through incident management in line with the Trust Incident reporting process.
11.3 Compliance with this policy will routinely monitored through Internal and
External Audit. 11.4 Any compliance issues will be reported to the line managers concerned and
may be handled through staff disciplinary processes or contractual arrangements.
11.5 Incident Reporting
11.5.1 All incidents involving the loss of data whether encrypted or unencrypted
must be reported immediately to the Information Governance department and dealt with in accordance with the Trust incident reporting procedure (See Trust Policy, CNTW(O)05 Incident Reporting and Procedures).
12 Equality and Diversity Assessment 12.1 In conjunction with the Trust’s Equality and Diversity Officer this policy has
undergone an Equality and Diversity Impact Assessment which has taken into account all human rights in relation to disability, ethnicity, age and gender. The Trust undertakes to improve the working experience of staff and to ensure everyone is treated in a fair and consistent manner.
13 Fair Blame 13.1 The Trust is committed to developing an open learning culture. It has
endorsed the view that, wherever possible, disciplinary action will not be taken against members of staff who report near misses and adverse
CNTW(O)63
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)63 IT Procurement Policy – V05.1 Oct 19
7
incidents, although there may be clearly defined occasions where disciplinary action will be taken.
14 Fraud, Bribery and Corruption 14.1 The Fraud Act 2006 represents an entirely new way of investigating fraud.
It is no longer necessary to prove that a person has been deceived. The focus is now on the dishonest behaviour of the suspect and their intent to make a gain or cause a loss.
14.2 The Trust is committed to taking all necessary steps to counter fraud and
corruption. To meet its objectives, it has adopted the seven-stage approach developed by NHS Protect:
The creation of an anti-fraud and corruption culture
Maximum deterrence of fraud and corruption
Successful prevention of fraud and corruption which cannot be deterred
Prompt detection of fraud and corruption which cannot be prevented
Professional investigation of detected fraud and corruption
Effective sanctions, including appropriate legal action against people committing fraud and corruption, and
Effective methods of seeking redress in respect of money defrauded.
15 Associated Documents
CNTW(O)05 - Incident Policy, (including the management of
Serious Untoward Incidents and associated practice guidance notes (PGNs))
CNTW(O)33 - Risk Management Policy
CNTW(O)35 - Information Security Policy
CNTW(O)36 - Data Protection Policy
CNTW(O)44 - Visual Imaging and Audio Policy (and associated
PGN)
CNTW(O)55 - Information Risk Policy
CNTW(O)62 - Information Sharing Policy
CNTW(O)63
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)63 IT Procurement Policy – V05.1 Oct 19
8
CNTW(O)58 Issue and Use of Mobile Communication Devices Policy
16 References
ISO/IEC 27002:2005
Standard Financial Instructions
CNTW(O)63
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)63 IT Procurement Policy – V05.1 Oct 19
9
Appendix A
Equality and Diversity Impact Assessment Screening Tool
Equality Analysis Screening Toolkit
Names of Individuals involved in Review
Date of Initial Screening
Review Date Service Area / Locality
J Gair V05- Nov 17 November 2020
Informatics
Policy to be analysed Is this policy new or existing?
CNTW(O)63 - IT Procurement Policy
Existing
What are the intended outcomes of this work? Include outline of objectives and function aims
To regulate the procurement of IT equipment across the Trust, and to ensure secure use of IT equipment
Who will be affected? e.g. staff, service users, carers, wider public etc
Staff
Protected Characteristics under the Equality Act 2010. The following characteristics have protection under the Act and therefore require further analysis of the potential impact that the policy may have upon them
Disability N/A
Sex N/A
Race N/A
Age N/A
Gender reassignment
(including transgender)
N/A
Sexual orientation. N/A
Religion or belief N/A
Marriage and Civil Partnership
N/A
Pregnancy and maternity
N/A
Carers N/A
Other identified groups N/A
CNTW(O)63
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)63 IT Procurement Policy – V05.1 Oct 19
10
How have you engaged stakeholders in gathering evidence or testing the evidence available?
Through standard policy consultation mechanisms
How have you engaged stakeholders in testing the policy or programme proposals?
Through standard policy consultation mechanisms
For each engagement activity, please state who was involved, how and when they were engaged, and the key outputs:
Through standard policy consultation mechanisms
Summary of Analysis Considering the evidence and engagement activity you listed above, please summarise the impact of your work. Consider whether the evidence shows potential for differential impact, if so state whether adverse or positive and for which groups. How you will mitigate any negative impacts. How you will include certain protected groups in services or expand their participation in public life.
N/A
Now consider and detail below how the proposals impact on elimination of discrimination, harassment and victimisation, advance the equality of opportunity and promote good relations between groups. Where there is evidence, address each protected characteristic
Eliminate discrimination, harassment and victimisation
N/A
Advance equality of opportunity N/A
Promote good relations between groups N/A
What is the overall impact?
N/A
Addressing the impact on equalities N/A
From the outcome of this Screening, have negative impacts been identified for any protected characteristics as defined by the Equality Act 2010? NO
If yes, has a Full Impact Assessment been recommended? If not, why not?
Manager’s signature: John Gair Date: November 2017
CNTW(O)63
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)63 IT Procurement Policy – V05.1 Oct 19
11
Appendix B
Communication and Training Check List for Policies
Key Questions for the accountable committees designing, reviewing or agreeing a new Trust policy
Is this a new policy with new training requirements or a change to an existing policy?
No this is an existing policy.
If it is a change to an existing policy are there changes to the existing model of training delivery? If yes specify below.
N/A
Are the awareness/training needs required to deliver the changes by law, national or local standards or best practice?
Please give specific evidence that identifies the training need, e.g. National Guidance, CQC, NHS Resolutions etc.
Please identify the risks if training does not occur.
In order to comply with Data Protection Legislation, and to adhere to Standing Financial instructions and Trust Policy.
Please specify which staff groups need to undertake this awareness/training. Please be specific. It may well be the case that certain groups will require different levels e.g. staff group A requires awareness and staff group B requires training.
Trustwide. All staff should have an awareness of the policy and staff who may purchase IT equipment should have more through training. .
Is there a staff group that should be prioritised for this training / awareness?
All staff who purchase IT equipment.
Please outline how the training will be delivered. Include who will deliver it and by what method. The following may be useful to consider: Team brief/e bulletin of summary Management cascade Newsletter/leaflets/payslip attachment Focus groups for those concerned Local Induction Training Awareness sessions for those affected by the new policy Local demonstrations of techniques/equipment with reference documentation Staff Handbook Summary for easy reference Taught Session E Learning
Team brief, CEO Bulletin, Intranet, face to face training, E learning, IT Security handbook
Please identify a link person who will liaise with the training department to arrange details for the Trust Training Prospectus, Administration needs etc.
Head of Information Governance and Medico Legal.
CNTW(O)63
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)63 IT Procurement Policy – V05.1 Oct 19
12
Appendix B – continued
Training Needs Analysis
Staff/Professional Group
Type of training Duration of Training
Frequency of Training
All staff Awareness 1 hour Annually
Staff who purchase IT equipment
Use of system 1 hour Ad Hoc
Should any advice be required, please contact:- 0191 24 56770- Option 1( Internal 56770- Option1)
CNTW(O)63
Cumbria Northumberland, Tyne and Wear NHS Foundation Trust CNTW(O)63 IT Procurement Policy – V05.1 Oct 19
13
Appendix C Monitoring Tool
Statement The Trust is working towards effective clinical governance and governance systems. To demonstrate effective care delivery and compliance, policy authors are required to include how monitoring of this policy is linked to auditable standards / key performance indicators will be undertaken using this framework.
CNTW(O)63 – IT Procurement Policy - Monitoring Framework
Auditable Standard / Key Performance Indicators
Frequency / Method / Person Responsible
Where results and any associate Action Plan will be reported to, implemented and monitored; (this will usually be via the relevant Governance Group)
1. All IT procurement to be authorised by appropriate manager.
Annual / Informatics Department / Monitoring for IG Toolkit submission. Report to CHIG.
Caldicott & Health Informatics Group
2. Request for replacement of equipment must be identified as faulty by the IT Team or fall outside the replacement criteria for the age of equipment.
Annual / Informatics Department / Monitoring for IG Toolkit submission. Report to CHIG.
Caldicott & Health Informatics Group
3. All purchases will be on the approved products list unless authorisation has been obtained from the Director of Informatics to purchase non-approved products.
Annual / Informatics Department / Monitoring for IG Toolkit submission. Report to CHIG.
Caldicott & Health Informatics Group
4. Ensure that all software licences are checked for quantity and held securely.
Annual / Informatics Department / Monitoring for IG Toolkit submission. Report to CHIG.
Caldicott & Health Informatics Group
5. Decommissioned and disposed of in line with the Trust secure disposal guidelines
Annual / Informatics Department / Monitoring for IG Toolkit submission. Report to CHIG.
Caldicott & Health Informatics Group
The Author(s) of each policy is required to complete this monitoring template and ensure that these results are taken to the appropriate reporting governance group as above in line with the frequency set out. front of policy files.