Document filename: Information Management Policy
NHSmail
Project
NHSmail
Project Manager
Kevin Bolt
Status
Approved
Owner
Mark Reynolds
Version
2.0
Author
Kevin Bolt
Version issue date
24/10/2014
Directorate / Programme
Document Reference
NHSmail Information
Management Policy
This policy is currently under review for the new NHSmail
service and will be re-published when available
Copyright ©2013 Health and Social Care Information Centre
NHSmail Information Management Policy
V1.0
24/10/2014
Document Management
Revision History
Version
0.1
Date
27/11/13
Summary of Changes
Draft for comment
0.2
02/12/13
Second draft incorporating changes Mark Reynolds
0.3
09/12/13
Third draft completing the retention periods table
1.0
08/01/14
Approved by NHSmail Project Board
2.0
24/10/2014
Updated with minor changes to text
Reviewers
This document must be reviewed by the following people: author to indicate reviewers
Reviewer name
NHSmail Steering Group
Title / Responsibility
Date
Version
Approved by
This document must be approved by the following people: author to indicate approvers
Name
NHSmail Operations
Board
Signature
Title
NHSmail programme
Director
Mark Reynolds
Date
Version
08/01/14
1.0
24/10/14
2.0
Glossary of Terms
Term / Abbreviation
DL
What it stands for
Distribution list
GM
Generic mailbox
HSCIC
Health & Social Care Information Centre
LOA
Local Organisation Administrator
Document Control:
The controlled copy of this document is maintained in the HSCIC corporate network. Any
copies of this document held outside of that area, in whatever format (e.g. paper, email
attachment), are considered to have passed out of control and should be checked for
currency and validity.
Page 2 of 8
Copyright ©2014 Health and Social Care Information Centre
NHSmail Information Management Policy
V1.0
24/10/2014
Contents
1
Introduction
4
2
Account Management Lifecycle
5
3
Retention Periods
6
3.1
Overview
6
3.2
Details
6
Page 3 of 8
Copyright ©2014 Health and Social Care Information Centre
NHSmail Information Management Policy
V1.0
24/10/2014
1 Introduction
This document defines the Information management approach for the NHSmail service and
defines the minimum retention periods for which data will be kept. In certain circumstances
they may be exceeded, but this should not be relied upon. The periods defined within this
document will be used to determine what data is migrated when upgrading the service, for
example when moving to NHSmail2.
The document provides a description of the types of data and the account management
lifecycle. A full breakdown of the retention periods is given in section 3.
Page 4 of 8
Copyright ©2014 Health and Social Care Information Centre
NHSmail Information Management Policy
V1.0
24/10/2014
2 Account Management Lifecycle
User accounts go through a defined lifecycle as described below:
Created
Active
Inactive
Deleted
Once created, an account remains in the active state provided the password is changed
every 90 days (or less). If the password expires the account is determined as inactive, if it
remains in this state for a period of time (determined in the following sections) the account
will be automatically deleted.
Accounts can be deleted by a Local Organisation Administrator (LOA) marking them for
deletion at any time. Accounts can be protected from automatic deletion if they are marked
as suspended. This action is appropriate, for example, if the user goes on maternity leave or
a secondment.
The table below lists the retention periods for each stage.
Account status
Retention Period
Active Accounts (account password has
been changed within the last 90 days)
Retained indefinitely
‘Inactive’ person accounts (account
password has expired)
Retained within the service for 6 months. If the account is
not re-enabled within the 6 month period it will be deleted
and become irrecoverable.
Accounts deleted by Local Organisation
Administrator (LOA)
Removed automatically by the system 3 months after
deletion by the LOA.
Once deleted such accounts and the data retained within
them is irrecoverable.
Inactive Generic Mailboxes (GM)
GM’s that have not sent or received mail will be removed
from the service 6 months after the last date of activity within
the account.
Once deleted such accounts and the data retained within
them is irrecoverable.
Suspended accounts
Accounts that have been suspended status will be
automatically removed 18 months after the date of
suspension by the LOA if no further changes have been
made to status.
Once deleted such accounts and the data retained within
them is irrecoverable.
Pre-provisioned accounts (created by
LOAs, must be logged into by user to
activate)
If accounts are not activated by the users within 3 months of
creation they will be deleted automatically by the system.
Accounts marked as a leaver
Accounts should be marked as leavers by LOA’s when
users leave an Organisation. The account holder then has
30 days to get the account ‘joined’ to a new Organisation. If
this action is not completed the account and data within will
Page 5 of 8
Copyright ©2014 Health and Social Care Information Centre
NHSmail Information Management Policy
V1.0
24/10/2014
be deleted and will become irrecoverable.
Table 1: Account retention periods
3 Retention Periods
3.1 Overview
The data for the NHSmail service can be grouped in the following categories:
Area
Accounts
Description
The individual user account used to access the services. This is described in
Section 2 above
User
Detailed information about the user that makes up the account
Mailbox
The email and groupware mailbox, if one is used
Devices
Any mobile devices registered to use the service
Directory
The data stored in the directory regarding people and organisations
Distribution Lists
Email distribution lists
Audit
Audit data
SMS & Fax
SMS & fax messages
Commercial
Contracts, change control and associated financial information
Table 2: NHSmail data definition
3.2 Details
Category
User
Retention Period
Username
2 years from when the account is deleted
Primary email address
2 years from when the account is deleted
Secondary email address
2 years from when the account is deleted
Alternate email address (this is the nhs.uk
address prior to registration)
Retained until account deleted
Password History
The last 4 passwords are retained by the service
Account status (Locked, suspended, date
registered, pre-provisioned, security
questions, historic quota)
Only current data retained until the account is deleted
Login history comprising when logged in,
client used to access service.
Retained for 6 months
Mailbox
Admin Roles
Only current data retained until the account is deleted
Email, calendar, contacts, tasks, permissions,
Retained until the account is deleted
Page 6 of 8
Copyright ©2014 Health and Social Care Information Centre
NHSmail Information Management Policy
V1.0
24/10/2014
quota.
Deleted items
30 days from deletion of account
Configuration, comprising email address
cache, signatures, rules, junk mail settings,
OWA options.
Retained until the account is deleted
Devices
Mobile devices registered with the service
Details of the mobile device and its access permissions
are retained until the account or device is deleted
Directory
Organisation (connector and non-connector
fed)
Inactive connectors retained for 6 months
Person (connector and non-connector fed)
Inactive connectors retained for 6 months
All data deleted when an organisation is deleted
All data deleted when a person is deleted
Connectors (Configuration and metadata)
Inactive connectors retained for 6 months
All data deleted when an organisation is deleted
Active Directory Content
Retained whilst service is live
Distribution Lists (DL)
Name
Only current data retained until the DL is deleted
Email address
2 years from when the DL is deleted
Description, type, owner, visibility,
membership, exclusions and other
configuration data.
Retained until the DL is deleted
Transport and other rules
Only current data retained
Audit
Message archive
90 days
Message tracking logs
2 years
Audit logs
6 months
Service Management
Service Level Reports
Retained for duration of contract
Incident Logs
2 years from when the log is created
Problem Reports
2 years from when the report is created
Change Management Requests
2 years from when the request is created
Configuration Management Database (CMDB)
2 years from when the configuration item is created
(A database where all Service Management
Configuration items are stored)
Forward Schedule of Change (FSC)
2 years from when the schedule is created
Request For Changes (RFC)
2 years from when the change is created
Problem Management Database (PMDB)
All problem records are retained within a database and
are retained for the duration of contract
Known Issues
Logged and retained for duration of contract
Page 7 of 8
Copyright ©2014 Health and Social Care Information Centre
NHSmail Information Management Policy
Capacity reports and data
V1.0
24/10/2014
Logged and retained for duration of contract
Relay
Transport and configuration rules
Logged and retained for duration of contract
SMS & Fax
SMS Messages
Not retained
Fax Messages
Not retained
SMS reports
Logged and retained for the duration of contract
Commercial
Contracts
Retained as per HSCIC corporate standards.
Change Control Notices
Key Correspondence
Financial Records
Table 3: NHSmail date retention definition.
Page 8 of 8
Copyright ©2014 Health and Social Care Information Centre