Criterion VI – Culture and values

The agency must demonstrate a culture and values that ensure protection of confidential information and support the use of data as a strategic resource.

VI(a) How is an appropriate culture and values embedded in the agency’s corporate plan/mission statement/policies etc?Example documentation to consider:
  • Copy of Corporate Plan/Mission Statement
  • Confidentiality agreements
  • Security clearances of staff
  • Code of conduct
  • Position descriptions
VI(b) How have staff been trained in requirements for protecting personal information and how are they made aware of policies regarding breaches of security or confidentiality?Example documentation to consider:
  • Staff induction and security training, including evidence of training in confidentiality techniques
VI(c) Do staff sign undertakings relating to secrecy and confidentiality?Example documentation to consider:
  • Copy of undertaking proforma
VI(d) What mechanisms are in place to engage with stakeholders to maximise the usefulness of the data holdings?Example documentation to consider:
  • Project communications plan
VI(e) How does your agency provide for valuable use of the data, i.e. how does it maximise the value of data for users by providing them with access to as much data as possible while still protecting confidentiality?Example documentation to consider:
  • Data use policy

For more information on applying for accreditation and the self-assessment criteria see:

Return to Applying for accreditation

Continue to Criterion VII -Transparency of operation