Case Study - Information Governance at Terrence Higgins Trust

Copy of Copy of Black And Blue Modern Marketing Outdoor Banner (2000 × 2000px) (2000 × 1000px) (2000 × 800px) (LinkedIn Article Cover Image) (34)

Terrence Higgins Trust is the UK’s leading HIV and sexual health charity. They support people living with HIV and help those using the services to achieve good sexual health. They are an organisation that pride themselves on placing the service user and their privacy first.

Challenge

Terrence Higgins Trust (THT) identified a need to transition to more flexible working practices with the goal of reducing office space costs, reducing travel costs, and allowing staff to work effectively from any location. THT decided to move their head office to a smaller premises with embedded Agile working.

With server hardware and operating systems at the end of their planned 5-year lifespan, a full infrastructure review was conducted. Smartdesc agreed with THT that the priorities were to:

Reduce maintenance, power and office space costs of having servers in THT offices.
Reduce the number of organisation-wide outages caused by head office power / internet failure taking servers offline.
Upgrade operating systems and Microsoft Office to newer, more secure, versions.
Embed Agile in the solution design.
Engage with staff as part of the design process.

The Smartdesc Virtual IT Director worked closely with THT to strategically look at a variety of options, costs, and benefits including RDS, Citrix, Microsoft 365 and co-location/cloud.

Solution

After a formal tender process, Information Governance specialists from Smartdesc began to work with THT and focus on areas of improvement to ensure GDPR compliance. They were responsible for implementing key changes ready for when GDPR was enforced. This included some of the following:

Completing the Data Protection and Security Toolkit
Data Protection Impact Assessment completion for high risk
data processing
Raising awareness through training
Advice and guidance on all Information Governance Policies and Procedures.

Smartdesc have provided support to THT through the successful completion of the Data Security and Protection Toolkit (formally the Information Governance toolkit). The Data Security and Protection Toolkit is an NHS online tool that organisations must complete to evidence their compliance with data protection law.

Mark Brookfield, Head of Quality and Compliance, Terrence Higgins Trust –

“We employed Smartdesc to review our Information Governance policies and processes to ensure that, as an organisation who deal with sensitive personal information, we could evidence our compliance with GDPR & the NHS Data Security Toolkit.

Their work, professionalism and comprehensive knowledge has made a significant difference to the understanding of Information Governance amongst staff, not only through streamlined processes and updated policies, but also through training that they developed and rolled out to both staff and volunteers.

We’ve seen a significant increase in staff understanding of data protection related issues as a result of their work and have been able to provide the Trustees with assurance of our current practices.”

Smartdesc continue to help with operational Information Governance requirements such as leading on Data Protection Impact Assessments, completing Subject Access Requests and other queries around individual’s rights, implementing and updating privacy notices, policies, processes and procedures to ensure they meet the requirements set out within data protection law.

Results

Confidence when processing personal information.
Improved policies and procedures.
Embedded ‘privacy by design’ approach.
Staff are GDPR trained and aware of their responsibilities.

Agile Working at Terrence Higgins Trust