information governance cqi nuclear special interest group september 2015 simon tucker head of...
TRANSCRIPT
Information Governance
CQI Nuclear Special Interest GroupSeptember 2015
Simon Tucker
Head of Information Governance & Chief Information Officer
NDA as a Governing & Strategic Authority
• NDA Strategy (2006, 2011 & 2016)
• Information & Knowledge Management
Critical Enabler (2011)
• Information Governance Strategy (2013/14)
• Information Governance Programme (IGP)
(2014/15)
2
Information Governance Strategy
“To optimise value from NDA knowledge and information assets in a compliant and secure manner,
investing only in that which needs to be retained to deliver the NDA’s
mission”
Information Governance CE in Strategy 2016(including Information & Knowledge Management)
• Strategy II Critical Enabler - Information and Knowledge Management (IM & KM) • Information Governance Strategy (IGS) issued in Feb 2013 building on the CE• Strategy Topic is “Information Governance”• There are 5 Sub-Topic areas:
IM Information Management KM Knowledge Management ICT Information and Communication Technology IPM Intellectual Property Management IRM Information Risk Management
• IM & KM sub-topics remain as the focus of the strategy. However IRM, IPM & ICT are, in effect, Critical Enablers themselves in realising the vision and goals of the IGS
• IGS currently at strategy gate C.
The Challenge
• The nuclear legacy dates back to the 1940s
• Information and knowledge is being lost every day
• Decommissioning programmes are having to relearn and/or start over
• Re-use of existing information & knowledge assets is poor
• New build programme is a blessing and a threat.
6
The Challenge: UKAEA 1940-2008 as an example
The Challenge: Why do we need a distinct strategy?
• NDA inherited a 70 year industry’s worth of information assets, information systems, facilities and (some) processes to manage them
• As an NDPB NDA is obligated to comply with many Acts and HMG instructions (where they didn’t necessarily exist/apply before)
• As an organisation within the Nuclear Industry NDA and the Estate are obligated to comply with many regulations (some at odds with other statutory instructions)
• The risks associated with getting it wrong are huge (unacceptable risk & unaffordable programmes)
• The legacy of a fragmented and federated industry does not make for an easy ‘one size
fits all’ solution
The Response
• Capture, manage and protect vital knowledge & information assets
• Centralise and preserve records to facilitate efficient decommissioning
• Facilitate improved access to information so it can be re-used effectively and securely, realising its value
• Provide an information ‘service’ as an exemplar NDPB on behalf of DECC
IGP is NDA’s response to “The Challenge”
NDA is delivering an Information Governance Programme (IGP) in order to…..
9
Information Governance Programme (IGP)
• National Programme status
• NDA Executive-sponsored Programme Board
• NDA Major Projects assurance and reporting
• Formal governance
• Formal stakeholder engagement and communications
• Centralised projects (or in conjunction with the SSA)
• Centralised funding
What are the biggest challenges?
• Estate-wide fragmentation and the NDA/SLC operating model
• The size and complexity of the issues
• The cost
• Commitment in the face of competing business priorities
• A skills and knowledge shortfall
• Winning everyone over (in light of all of the above)
• Very Long-term Records Management, ‘Waste’ records and memory retention What is critical? What else is needed? For how long?
• Getting the balance right……all of the stakeholders some of the time or some of the stakeholders all of the time?
Statutory & Regulatory Governance Structure
Ministry of Justice
Cabinet Office
The National Archives
Information Commissioner
DECC
NDA SIRO
IAO
ComSO
DSO
ITSO
ONR
DRO
DPO
CESG
Joint Intelligence Committee
GCHQ
PRAFOIEIRDPA
Re-useDHRMMM
SPFNISR 2003SPFSLCs
Key:
PRA – Public Records Act 1967 DPO – Data Protection Officer Red box - RegulatorFOI – Freedom of Information Act 2000 DRO – Departmental Records Officer Blue box – HM GovernmentEIR – Environmental Information Regulations 2004 IAO – Information Asset Owner Purple box – Security ServicesDPA – Data Protection Act 1998 DECC – Department for Energy & Climate Change Brown box – NDA rolesRe-use – The Re-use of Public Sector Information Regulation 2005 NDA SIRO – Senior Information Risk OwnerDHR – Data Handling Review DSO – Departmental Security OfficerMMM – Minimum Mandatory Measures ITSO – Information Technology Security OffierONR – Office for Nuclear Regulation (OCNS & NII) ComSO – Communication Security OfficerNISR 2003 – Nuclear Industry Security Regulations 2003 GCHQ – Government Communications HeadquartersSPF – Security Policy Framework CESG – Communications-Electronics Security GroupEA – Environment Agency SLCs – Site License ConditionsSEPA – Scottish Environmental Protection Agency
EA
SEPA
SLCs
(Never ending) Governance
• OGSIRO (Cabinet Office)• DECC SIRO Forum• NDA Board• NDA Audit Committee• NDA Executive• NDA (Estate-wide) SIRO Governance Forum• Information Governance Officer’s Forum• Information Technology Governance Forum• Nuclear Information Assurance Forum• Information Governance Programme Board• Information Governance Programme Regulatory Forum• NDA Major Projects Review and Assurance Programme
13
IGP Activities Map
14
Information Management
….to ensure compliance, promote wider openness and transparency and reduce risk and baseline costs.
• NDA estate-wide Records Retention Schedule• Managing NDA Information: Requirements• The NDA Archive• Records Management compliance• Information Access compliance requirements
– FoIA, DPA, EIR, Re-Use• HMG Open Standards• Digital by Default
15
What is the NDA Archive
• An industry-wide information and records store compliant with the NDA’s statutory and regulatory obligations, built and operated to the relevant standards and The National Archive’s “Standard for Record Repositories”
• A Public Records Place of Deposit
• Satisfying the NDA’s requirement to effectively manage records until their end-of-life, even when this may be hundreds or thousands of years
• Ensuring that data of scientific, technological, historical and local interest is actively managed, effectively preserved and made as proactively available to, and re-used by, as wide an audience as possible
A consolidated and valued collection of the UK civil nuclear industry’s corporate memory
NDA Nuclear Archive Site – 13 Acres16
Building Description
• Building Size – 4,530 sq metres;• Simple, practical with a powerful and enduring form;• Triangular in design;• Inviting and welcoming the local, expert and the visitor;• Cellular construction, double skin roof for the repository
providing permanence, environmental stability and security;
• Ancillary areas – open plan lightweight construction;• Design future proofed for extension.
17
Concept Design Criteria Statement
Design & Construction - Technical Requirements
The archive building must achieve the following requirements:
• Place of Deposit status, subject to inspection by National Archives, to ensure compliance with PD 5454:2012 [The recognised
standard Archive Buildings Specification & Management] and The National Archives Standard for Record Repositories. Followed by “Archive Service Accreditation” within 2 years of operations.
• Compliance with conditions of access and security procedures set out by Office for Nuclear Regulation [ONR].
• Compliance with Standards, Statutory and Legal Requirements:• Planning Approval• Building Standards Scotland [Regulations]• Construction (Design and Management) Regulations [CDM]• Energy Requirements & Sustainable Development - European Directive 2002/91/EC.
• BREEAM (Building Environmental Charter Mark) - It is an objective for the design of this building to achieve a BREEAM rating of “excellent”.
• Design Life & Durability of Materials -The building should be designed to have a design life of not less than 120 years .
• The Disability Discrimination Act (DDA) 1995, as a minimum standard, but a fully Inclusive Design should be the main aim.
18
Archive Repositories & Storage Criteria
Total shelving requirement briefed = 28,000 linear meters of storage, split into 4 types:
• NDA Archive Storage – Briefed Target Capacity circa 22,000 linear metres [lm]• NDA Archive Secure Storage – Briefed Target Capacity circa 1,000 linear metres [lm] • Photographic Archive - Briefed Target Capacity circa 1,000 linear metres [lm] • North Highland Archive - Briefed Target Capacity circa 4,000 linear metres [lm]
19
NDA Significance
• Collaboration• Exemplar
• Re-use• Knowledge
• Efficient• VfM
• Compliance• Respected
Community Significance
• Focus• Recognition
• Investment• Community
• Civic Pride• History
• Future• Legacy
Socio-Economic Benefits.
Design & Build Contract• Capital Investment of £21m• Use of Local Supply chain and local labour• Adoption of Highland Shared Apprentice Scheme• Contractor visits to local schools
Commercial Partner Contract• Collaborative working with the Highland Council• Working with SME’s, supporting new business• Working with local organisations on skills development• Developing a local focus group• Participate in visitor attraction networks
22
Construction Phase / Leasing Arrangements
23
Questions so far………?
24
25
Knowledge Management
….to improve business efficiency by sharing information and encouraging learning; capturing and transferring that knowledge which is necessary to the decommissioning mission.
• Estate-wide Policy
• Roadmap
• KM Maturity Assessment
• KM Improvement Plans
• KM Hub
KM Hub 2.0 Project
• Contract Award – 6th July 2015 to G2G3 Digital (a wholly owned subsidiary of Capita Business Services Ltd)
• Collaborative Platform – Jive• Contract Start Date – 7th September 2015 (anticipated)• Key Milestones
KM Hub 2.0 Project
Information & Communication Technology
….to use common standards and technologies, enabling collaboration through shared solutions and procurement strategies.
• Currently no Estate-wide strategy exists• Sanction & Validation process exists, but inconsistent (in its
application and its effecectiveness)• NDA Estate-wide Vision accepted by NDA Exec (Nov 2014)• ICT (sub)Strategy now developed• NDA need to provide strategic governance (the Intelligent Client)
2017 shared services support contract(s) emWaste Obsolescence – systems and data (> 88 DMSs at SL alone)
28
29
Intellectual Property Management
….to protect information, knowledge and know-how and exploit its value where appropriate.
• Energy Act 2004 obligation
• Contractualised identification, effective management and reporting requirements
• Strategy development underway
• Policy and associated Procedure for managing exploitation requests
• INS operating as the commercial lead
30
Information Risk Management
• ….to improve information assurance and reporting by building confidence in our ability to manage risk effectively.
• SIRO & AO mandated accountabilities wrt Information Assurance
• Extensive reporting programme (DECC, Audit Committee, Board, Exec, SIROs, IGOs)
• Information Assurance Maturity Model assessment (CO Framework) Mandated HMG process assessing information risk DECC (CO) target of 3 by end 2013 NDA improvement programme to achieve 3 by end 2015/16 (in line with NDA
Operating Plan Targets) Improvement Plans
Questions?
Simon Tucker
Head of Information Governance & Chief Information Officer
(01925) 802034
(07921) 516833
Herdus House
Westlakes Science & Technology Park
Moor Row
Cumbria
CA24 3HU
Waste Package Records – A problem shared……….?!
NucSIG Presentation 30th September 2015
Martin Robb – NDA National Programme Manager IGP
Waste Package Record Programme
• Why should we do it?
• Why now?
• What is a waste package record?
• How many waste packages do we currently have in NDA estate?
• How many waste packages will there be ? (excluding LLW / fuel / graphite)
• What documents should form part of a waste package record?
• What format are records currently held in?
• What format should they be held in?
• What QA processes are currently used?33
Waste Package Record Programme
Why do it?• NDA primary product is a waste package with appropriate waste record (e.g.
QA accreditation / documentation)
i.e. “waste package records are a key NDA business need”• Requirement of Site Licence Condition 6, 24 and 36 to hold appropriate
records and ensure suitable SQEP workforce is in place (knowledge)• Requirement from EA /SEPA permits that appropriate records are in place
Why now?• We have a “burning platform” due to IT obsolescence & workforce
demographics• ILW waste package records (in some form) are required for disposal, interim
storage, safeguards, transport and national inventory
Waste Package Records