Common use of Monitor and Review Clause in Contracts

Monitor and Review. 7.1. Non-Compliance (Internal) Instances of internal non-compliance with this ISA will be logged and reported to the appropriate designated person (see Section 4.4). They should be dealt with promptly and in accordance with the relevant organisation’s Information Governance operational policies and procedures. These should be described in the appropriate SOP. Incidents should be logged and reported. These types of incident include, but are not restricted to:  inappropriate refusal to disclose information  'inappropriate conditions being placed on disclosure'  disregard of the information sharing agreement and associated documents and  Disregard of the views and rights of data subjects. 7.2. Non-Compliance (Partner Organisations) Instances of non-compliance with this ISA will be reported to the relevant organisation’s designated person. These instances should be dealt with promptly in accordance with the organisation’s Information Governance operational policies and procedures and should be described in the appropriate SOP. In addition, for both internal and external non-compliance, each organisation shall also inform such regulatory bodies as need to know or they are required to inform of any breaches, for example, the ICO. This should be the responsibility of the designated person. These reporting requirements should also be described in the appropriate SOP. 7.3. Data subject/Practitioner Concerns Any concerns or complaints received from data subjects (or their authorised representatives) relating to the processing/sharing of their personal information should be dealt with promptly in accordance with the organisations complaints procedure and, where appropriate, the conditions outlined in Sections 7.1 and 7.2 and in the appropriate SOP. Any concerns or complaints received from practitioners relating to the operation of this ISA will be referred to their organisation’s designated person who will respond in accordance conditions outlined in Sections 7.1 and

Monitor and Review. 7.1. Non-Compliance (Internal) Instances of internal non-compliance with this ISA will be logged and reported to the appropriate designated person (see Section 4.4). They should be dealt with promptly and in accordance with the relevant organisation’s Information Governance operational policies and procedures. These should be described in the appropriate SOP. Incidents should be logged and reported. These types of incident include, but are not restricted to:  • inappropriate refusal to disclose information  • 'inappropriate conditions being placed on disclosure'  • disregard of the information sharing agreement and associated documents and  • Disregard of the views and rights of data subjects. 7.2. Non-Compliance (Partner Organisations) Instances of non-compliance with this ISA will be reported to the relevant organisation’s designated person. These instances should be dealt with promptly in accordance with the organisation’s Information Governance operational policies and procedures and should be described in the appropriate SOP. In addition, for both internal and external non-compliance, each organisation shall also inform such regulatory bodies as need to know or they are required to inform of any breaches, for example, the ICO. This should be the responsibility of the designated person. These reporting requirements should also be described in the appropriate SOP. 7.3. Data subject/Practitioner Concerns Any concerns or complaints received from data subjects (or their authorised representatives) relating to the processing/sharing of their personal information should be dealt with promptly in accordance with the organisations complaints procedure and, where appropriate, the conditions outlined in Sections 7.1 and 7.2 and in the appropriate SOP. Any concerns or complaints received from practitioners relating to the operation of this ISA will be referred to their organisation’s designated person who will respond in accordance conditions outlined in Sections 7.1 and