Our team are currently finalising a new GDPR Compliant version of IAM which will be available in April 2017. To learn more about our developments and to be one of the first to try the new IAM version to help you comply with GDPR please show your interest below.
The Apira Information Asset Manager (IAM) is a web based tool for registering information assets and recording all flows of information an organisation uses to perform its business functions.
Based on the ISO27005 approach to information risk management, IAM allows the organisation to record all its information, whether it is at rest or moving as part of a business flow.
IAM is unique in that those flows of data, be they HR data, patient letters or referrals, are linked directly to the asset they flow from or to, be they the HR database or clinical records database.
IAM is a cloud-based application to assist organisations in complying with the requirements of:
- The Data Protection Act 1998 (risk assessment of information assets and movementsof personal confidential data)
- The HSCIC Information Governance Toolkit (301, 307, 308 and more) and
- ISO27005 – Information Risk Management
Organisations collate, use and transfer large volumes of Personal Confidential Data (PCD), and do so within the legal regimes of the Data Protection Act 1998, Freedom of Information Act 2000, Access to Health Records Act 1990, Common Law Duty of Confidentiality, to name but a few. Many will be aware of the risk to losing data in the form of fines from the Information Commissioner. Coupled with NHS Policy on risk management and the requirements of the Information Governance Toolkit, the challenge is immense.
But it provides larger Acute organisations with much more than just compliance.
Organisations rely on robust business processes around information in order to operate. Being able to identify where information is being created and stored means that an organisation can better exploit that information to improve patient care, manage costs and redesign the services around the information needed by clinicians and managers.
Identifying and unlocking that information is essential to providing modern health services and IAM is well placed to support the organisation’s information strategy.
IAM allows organisations to record those information assets it holds, record the information flowing around the organisation and as a key function, provide a risk score against the information and flows. Included is a dashboard and reporting function that allows the Senior Information Risk Owner (SIRO) to be confident that information risk is being managed throughout the organisation.
The IAM system is a framework on which you can reflect your organisation’s risk appetite and strategy.
The system is configurable, and any item on the picking lists that contributes to a risk score is individually score-able. Risks are calculated on the options entered by the user and may be presented to the user in a number of ways (depending on the user profile):
- The dashboard
- Information asset screen
- Information flow screen
IAM Key Benefits
Simple interface to record personal or team flows in and out of a department, clinic or organisation
Rebuilt From the Inside Out
Automatic calculation of information risk scores on flows and assets
Links information flows to an information asset and creates an information asset register
Dashboards & Reporting
Risk reporting dashboards for SIRO, IAO and Information Asset Administrators
Built for Security
Hosted environment utilising a secure UK Data Centre with easy browser access from any location
Healthcare – IG Toolkit Compliance
Answers or greatly supports over 50% of toolkit requirements
Significantly reduces the risk of fines
Identifies unknown information assets
Minimises the on-going cost of maintaining information flows and asset register
Information flow mapping becomes a valuable resource rather than a costly annual exercise
Workflow to authorise new flows and assets in accordance with Caldicott principles
Apira IAM is an essential tool in the efficient recording and risk management of our data flows and the assets that they come from. The tool is proving an essential component of our information risk identification and management process, coupled with the other IG activities driven by the Information Governance Group.
Sirona Health & Care
Richard Tarring, Director of ICT and SIRO
Apira IAM was easy to deploy and being web based could be used by any team across the CCGs and CSU. We were able to provide our CCG customers with a comprehensive Data Flow Map and Information Asset Register in a relatively short period. We also provided them with follow up subject matter expertise in managing and mitigating the high level risks we discovered for the assets and flows of data.
South East CSU
Amy Ford, IG Subject Matter Expert and the SECSU IAM Implementation Manager