Continuous Improvement

PURPOSE

The aim of this document is to outline the approach in evaluating Health Informatics Centre (HIC) processes to continuously improve the efficiency and effectiveness of HIC procedures and policies which are governed by the Information Security Management System (ISMS).

SCOPE

The scope is an improvement framework to help implement material progress across HIC.

RESPONSIBILTIES

ROLE	RESPONSIBILITY
Governance Co-Ordinator	Monitors feedback gathered for improvements. Oversees the implementation of the continuous improvement process in-line with annual review. Coordinates activities, facilitates meetings, and tracks progress. Ensures that improvement initiatives align with quality standards and compliance requirements. Provides guidance on documentation and record-keeping related to improvement activities.
Governance Manager	Oversight of improvement initiatives and that they align with quality standards and compliance requirements. Reviews proposed changes for potential impacts on compliance obligations.
Process Manager	Own specific processes or areas targeted for improvement. Participate in identifying improvement opportunities. Implement and oversee changes within their respective processes.
Review Group	Comprised of members from different departments or areas relevant to the improvement initiative. Provide diverse perspectives and expertise to drive effective improvement efforts. Execute assigned tasks.
HIC All Staff	Actively contribute to the identification of improvement opportunities. Implement changes within their scope of work. Provide feedback, suggestions, and insights for ongoing improvement efforts. Embrace a culture of continuous improvement and support organisational initiatives.
HIC Leadership Team	Review and Approve changes. Decide if changes are material or strategic.
HIC Executive Group	Review and approve strategic changes.
Information Security and Governance Committee	Oversight for material and strategic changes.

PRINCIPLES

Incremental Change: Not a paradigm shift or invention, but measured, incremental progress is the most innovative. It helps apply change more easily, as well as giving the reigns to the organisation rather than having to respond to external forces. 
Employees Provide Ideas: Rather than management alone, the ideas for change should come from all HIC staff, who are often closest to areas for improvement within the organisation and issues or obstacles that might be experienced directly and have the knowledge to resolve them. 
Incremental Change Is Cheap: Small changes are likely to not be as costly (financial, reputational, operational, technical) and will not impact the operational budget as severely. The emphasis is on eliminating and simplifying, not adding to process, which is less expensive. 
Staff Take Ownership and Accountability: By giving HIC employees ownership of the process, they’re more invested and motivated. 
Improvement Is Reflective: The strategy of continuous improvement only works if there’s dialogue, feedback, and open communications between HIC staff. 
Improvements Can Be Measured and Repeated: Once a change is made, it is not left alone but reviewed, monitored, and measured, so determinations can made as to its effectiveness. Therefore, if that change does work, it can be repeated or applied to other aspects of the organisation.

PROCEDURE

Identification of Improvement Opportunities
- Governance Co-Ordinator initiates continuous assessment review from one of the improvement opportunity triggers; annual review, internal audit feedback, external audit feedback, incidents (such as significant events, business continuity scenarios and disaster recovery incidents both real and simulated), client complaints or employees.
Prioritisation of Improvement Initiatives
- Process Manager and Governance Co-Ordinator assess improvement opportunities based on their impact on information security against current controls and business objectives.
- Process Manager and Governance Co-Ordinator assess if improvement opportunities may be of a material or strategic nature. If potentially yes, then a wider review group is required.
- Process Manager identifies subject matter experts from HIC staff to create a review group.
- Review Group analyses current process for immediate improvements already identified and/or identifies further areas for improvement.
- Governance Co-Ordinator supports, coordinates, and drives the review which is to be completed in a timescale of two months.
Implementation of Improvements
- Process Manager and Governance Co-Ordinator prioritise improvement opportunities.
- Governance Co-Ordinator and Process Manager implement immediate changes.
- Governance Co-Ordinator captures future opportunities for improvements identified in Project Management System.
Approval of Improvements
- Governance Co-Ordinator routes the changes for approval to the HIC Leadership Team and Executive Committee. HIC Leadership Team will determine if the changes are material or strategic and require HIC Executive Committee approval. Review Group reviews any suggested changes made by the HIC Leadership Team and Executive Committee. Governance Co-Ordinator adjusts and changes, as necessary.
Communication of Improvements
- Once approved, Governance Co-Ordinator updates all relevant documentation, communicates to all stakeholders, and co-ordinates training where applicable.
Monitoring and Evaluation
- Governance Go-Ordinator in collaboration with Information Security & Governance Manager measures results of improvements made (via audits and significant events) and repeats improvements where applicable.

APPLICABLE REFERENCES

How To Manage Controlled Documentation
For Definitions see ISMS Glossary

DOCUMENT CONTROLS

Process Manager	Point of Contact

Process Manager	Point of Contact
Symone Sheane	hicbusiness-support@dundee.ac.uk

Revision Number	Revision Date	Revision Made	Revision By	Revision Category	Approved By	Effective Date

Revision Number	Revision Date	Revision Made	Revision By	Revision Category	Approved By	Effective Date
1.0	01/01/24	Moved SOP to Confluence from SharePoint and updated into new template	Bruce Miller and Symone Sheane	Superficial	Governance & Project Co-Ordinator: Symone Sheane	10/01/24
1.1	04/04/24	Updated Roles and Responsibilities	Bruce Miller	Superficial	Governance & Project Co-Ordinator: Symone Sheane	5/04/24
1.2	10/04/24	Formatted document control table and added in revision category	Symone Sheane	Superficial	Governance & Project Co-Ordinator: Symone Sheane	10/04/24
1.3	19/04/24	Updated Approved by title	Symone Sheane	Superficial	Governance & Project Co-Ordinator: Symone Sheane	19/04/24
1.4	24/04/24	Updated and changed language of Roles and responsibilities. Broke out steps further with descriptions Changed role language of BST to Governance Co-Ordinator. Added change definitions. Removed approval diagram removed heading section- review of improvements updated spelling of prioritisation Added applicable references link	Symone Sheane	Superficial	Process Manager: Jenny Johnston	30/04/24
1.5	30/04/24	Updated Header to conform with BSI guidelines.	Bruce Miller	Superficial	Governance & Project Co-Ordinator: Symone Sheane	30/04/24
1.6	02/05/24	Updated links to Definitions in ISMS Glossary, removed Definitions sections from within the document.	Bruce Miller	Superficial	Governance & Project Co-Ordinator: Symone Sheane	02/05/24
1.7	09/10/24	Incorporated suggestions from comments. Updated labels to align with the 2022 standard.	Bruce Miller	Superficial	Governance & Project Co-Ordinator: Symone Sheane	17/10/24
1.8	17/20/24	Updated Process Manager. Addressed comments and added in applicable reference.	Symone Sheane	Superficial	Governance & Project Co-Ordinator: Symone Sheane	17/10/24
1.9	18/11/24	Removed applicable references links that no longer exist.	Symone Sheane	Superficial	Governance & Project Co-Ordinator: Symone Sheane	18/11/24

Copyright Health Informatics Centre. All rights reserved. May not be reproduced without permission.
All hard copies should be checked against the current electronic version within current versioning system
prior to use and destroyed promptly thereafter. All hard copies are considered Uncontrolled documents.

HIC Policies and Standard Operating Procedures