Information management system
These are the rules that govern how suppliers should handle data and information on National Highways' behalf
Contents
Supply Chain Data Governance Manager
UK General Data Protection Regulation (UK-GDPR)
National Highways' information security
Managing National Highways' records
Digital continuity
Classifying and marking information
Data science: machine learning
Information governance assurance
Information ethics
What National Highways expects from the Supplier
The IMS is to be read in conjunction with the relevant National Highways contractual requirements with the Supplier.
For the purpose of the IMS the Supplier is equivalent to the terms Contractor or Consultant found in different contract forms with National Highways.
The term Supplier includes any sub-suppliers at any stage of remoteness to National Highways.
The Supplier to comply with National Highways' security policy, or to demonstrate corporate security policies providing equal assurance which is accepted by National Highways.
This applies when:
- accessing or processing National Highways information assets, whether on site or remotely
- subcontracting to other suppliers
Information requirements and specifications
National Highways policy is supported by:
Requirements - what the Supplier needs to do
National Highways requirements specify what is required for the Supplier to do and who needs to do it.
They will include contact information for National Highways subject matter experts and relevant documentation.
Specifications - how the Supplier does it
National Highways specifications will tell the Supplier how they are to meet the requirement and how the Supplier needs to document this where necessary.
National Highways information principles
National Highways information principles set out the standards required to be followed by all parties when managing their information:
- Use information as best as possible, even if it’s not perfect
- Increase the trust people have in the information by assuring its fitness for purpose
- Information can affect people’s lives and it is used transparently and ethically
- Need to understand how the information collected by National Highways and its Suppliers is used by others to make sure it's good enough for everyone
- National Highways and its Suppliers must continually earn the right to look after customers' data
- Information is a valuable resource that is kept safe and secure from accidents and attacks
- Looking after information has a cost - this is understood and accounted for
- All parties have a responsibility to look after the information so that it is fit for purpose
- Decisions made with information create better outcomes for customers, stakeholders and ourselves
- The value of information is only realised when it's used to help make decisions
Legal and regulatory obligations
National Highways and its Suppliers have a responsibility to comply with all current UK and EU legislation as well as a variety of further regulatory and contractual requirements.
Here's a summary of the key legislation governing how National Highways and its Suppliers must use information:
| Legislation | Governs: |
|---|---|
|
UK General Data Protection Regulation (2018) |
The use of personal data by organisations |
| The Security of Network and Information Systems Regulations (2018) | The overall level of security of network and information systems for the provision of essential services |
| The Freedom of Information Act (2000) | An individuals right of access to information |
| The Privacy and Electronic Communications Regulations (2003) | The use of electronic communications |
| Regulation of Investigatory Powers Act (2000) | The powers of public bodies to carry out surveillance and investigation |
| The Copyright, Designs and Patents Act (CDPA) | Copyright law in the UK |
| The Computer Misuse Act (1990) | Misuse of computer equipment in conducting unauthorised activity |
| The Public Records Act (1958 and 1967) | Public records in the UK, establishing a cohesive regulatory framework for public record |
Related requirements and specifications detail other applicable legislative requirements or provide further detail on the obligations arising from legislation.
