IGPOLCORE62 Information Governance Policy v7 by Provide Community

Information Governance Policy

Version: V7

Ratified by: Finance and Investment Committee

Date ratified: 01/03/2023

Job Title of author: IG & IT Projects Manager

Reviewed by Committee or Expert Group Technology Programme Group

Equality Impact Assessed by: IG & IT Projects Manager

1. Introduction

This policy sets out the high level principles adopted by Provide regarding a governance framework for Information related activities in its interactions and its service environment.

This governance framework will be known as Information Governance. Information Governance is ‘the governance framework for handling information in a confidential and secure manner to the appropriate ethical and quality standards in a modern health service’. It is concerned with ensuring that information is processed in accordance with good practice and in compliance with relevant legislation.

Information Governance is the information component of Clinical Governance and Corporate Governance. It brings together, within a singular cohesive framework, the interdependent requirements and standards of practice in relation to the following ‘associated’ information processing initiatives:

• Confidentiality Code of Practice

• Data Protection

• Freedom of Information

• Health Records

• Information Quality Assurance

• Information Governance Management

• Information Security

The organisation will make available a comprehensive range of operational policies and procedural guidance to support the effective implementation of this information governance policy. This high-level policy is therefore underpinned by, and must be read in conjunction with the specific policies and procedures relating to each element of Information Governance (See Appendix 1 for further details). Critical to the effective implementation of this policy is the organisation’s Information Governance Strategy and Improvement Plan.

2. Purpose

Information is a valuable tool the organisation utilises in delivering its services, both in terms of the clinical management of individual patients and the efficient management of services and resources. Information plays a key part in supporting clinical governance, service planning and performance management.

It is, therefore, of paramount importance that information is efficiently managed, and that appropriate policies, procedures and management accountability structures provide a robust governance framework for Information and its processing.

The purpose of this policy is to denote the position, principles and approach the organisation has adopted regarding the governance of information processing activities.

3. Benefits

Implementation of this policy will contribute significantly towards assuring Provide stakeholders, i.e. patients, partners, staff etc information has been processed in compliance with the legislative, ethical and national NHS policy requirements.

This policy will support the provision of high quality care and improvements in health by promoting the effective and appropriate use of information.

This policy will develop and provide staff with the appropriate tools and support to enable them to discharge their responsibilities to consistently high standards.

This policy will encourage responsible staff to work closely together, preventing duplication of effort and the more efficient use of resources.

4. Vision

The vision of the organisation is to ensure that:

• During the delivery of the services, the information, of any form or content, in whatever its context, is processed legally, securely, efficiently and effectively in accordance with the most current prevailing legislation and best practice recommendations

• The organisation benefits from a more positive appreciation of the business benefits arising from the improved control of information risk.

• The organisation uses the principles of Information Governance as an enabler to share and process information for the benefit of patients, staff and other stakeholders.

5. Scope

The high level principles set out in this policy are relevant to a wide range of legislation and NHS Guidance relating to the processing of information. Processing in this context means any activity performed on the information (collecting, storing, handling, disclosing etc).

This policy covers all aspects of processing activities that relate to (but is not limited to):

• Patient/Client/Service User information

• Personnel information

• Organisational information

This policy covers all information systems purchased, developed and managed by/or on behalf of the organisation (Provide Group) and any individual directly employed or otherwise by the organisation.

This policy covers all formats and modes of information processing, including (but not limited to):

• Structured and unstructured record systems - paper and electronic

• Transmitted information – email, post and telephone, as well as system to system transfers

6. Policy Statement

The Provide CIC Board recognises the importance of Information Governance and is committed to the development and maintenance of good practice in all areas of information management thereby reducing risk to the organisation, its staff, contractors and service users.

The Board’s position is that, within the interactions and service environment associated with Provide, Information, whatever its context, should be processed in accordance with the prevailing legislative, ethical and national NHS policy requirements.

The Board undertakes to put into place an appropriate structure, and commit the necessary resources, to ensure that an appropriate programme of work is initiated and sustained for this purpose.

The Quality and Safety Committee and Finance and Investment Committee will maintain, on behalf of the Board a monitoring role over the process, through progress reports and annual reporting against objective targets set down in the Data Security and Protection Toolkit.

7. Approach

The approach adopted for providing a robust information governance framework within the organisation (ie its management, processes, systems, and people activities) is based on the control of information risk through the following strategic actions:

• Integrating Information Governance within Provide core activities and strategies

• Improving standards of practice and compliance with legislative requirements

• Involving all its stakeholder i.e. those implicated by the organisations service activities

• Information for performance management purposes to assure the confidence and trust of its stakeholders

8. Principles

The high-level principles Provide will ensure with respect of Information Governance related activities include the following:

Openness and Protection

The organisation recognises the need for an appropriate balance between openness and confidentiality in its processing of information. Information will be defined and where appropriate be managed confidentially.

The organisation regards all personally identifiable information relating to patients as confidential. Compliance with the legislative framework for confidentiality is to be achieved, monitored and maintained.

Patients are to be enabled to have the ability to exercise their rights and choices as patients and access information relating to their own health care. There will be clear procedures and arrangements for handling queries from patients and the public.

Identifiable patient data accessed through the National Care Records Service shall only be used for the direct clinical care of a patient. Any exceptions to this rule, i.e., any intended use of identifiable patient data accessed through the Service other than for the direct clinical care of that patient, must first be justified, considered and approved by the Information Governance Manager, Caldicott Guardian or other applicable formal approval process.

The organisation also regards all personally identifiable information relating to staff as confidential except where legislative requirements dictate otherwise.

The confidentiality of personally identifiable information used by the organisation will be guided by the policy requirements set out within the NHS Code of Confidentiality Practice and other legislative requirements. Provide will establish and maintain policies and procedures to ensure compliance with the Data Protection Act, Human Rights Act and the Common law of Confidentiality.

An awareness of the individual responsibilities of staff during the processing of personally identifiable information will be promoted. This is to be monitored and assessed.

Contracts for any third party individual or company, required to carry out work for the organisation (irrespective of whether they are expected to have access to personal information), must contain Information Governance and confidentiality clauses.

The organisation will ensure that effective procedures are in place for dealing with Freedom of Information requests received from Commissioners of its services and, where legislation requires it to comply directly with requests and to make non confidential information and non-commercially sensitive information available.

Security of Information

Provide will establish and maintain core policies and procedures for the effective and secure management of its information assets and resources.

Availability of information for operational purposes will be maintained within set parameters relating to its importance via appropriate procedures and computer system resilience.

Audits will be undertaken or commissioned to assess information and IT security arrangements.

Provide Risk Management Strategy and the application of it are to be utilised to control risk with regards to information processing activities i.e. report, monitor and investigate all breaches of confidentiality, integrity and security.

Records Management and Information Quality Assurance

Provide will promote and support improvements in Records Management through various mechanisms such as policies, training and raising awareness.

The organisation will establish and maintain policies for the effective management of records.

Provide will establish and maintain policies for theeffective management of Information Quality Assurance. Improvements in the integrity of the information it processes are to be promoted, monitored and sustained in order to ensure that these improvements yield tangible benefits for the local community and its various stakeholders.

Audits will be undertaken or commissioned of the organisation’s quality of data and records management activities. Wherever possible, information quality will be assured at the point of collection.

9. Accountabilities and Responsibilities

Chief Executive

The Chief Executive of Provide has overall responsibility for all aspects of the management of this policy. The Chief Executive will nominate a Provide Information Governance Lead to co-ordinate and provide leadership for itsInformation Governance framework.

SIRO

The SIRO for Provide is the Group Chief Finance Officer who has overall accountability for the management of information in the organisation.

Caldicott Guardian

The organisation’s Medical Advisor is the Caldicott Guardian who acts as the ‘conscience’ of the organisation to ensure sensitive and personal information is used appropriately

Caldicott

SIRO Is advisory Is accountable Is the conscience of the organisation Fosters a culture for protecting and using data

Provides a focal point for patient or client confidentiality and Information Sharing Issues

Providing a focal point for managing information risks and incidents Is concerned with the management of patient or client information

Is concerned with the management of Information assets

Information Governance Manager

Strategically oversees, and operationally develops, implements, scrutinises and reviews appropriate strategies, policies and procedures that support Information Governance. Ensure the organisation complies with, and conforms to, legal requirements through the enforcement of suitable policies/procedures, providing advice, drive, assistance and guidance, as appropriate.

Figure 1 – Summary of the roles of the SIRO and Caldicott Guardian

Data Protection Officer (DPO)

The DPO will inform and advise the organisation and its employees about the obligations to comply with the UK GDPR and other data protection laws. Provide advice on, and monitor, data protection impact assessments (DPIA’s). Assess the severity of any Information Governance Incidents relating to breaches in the UK GDPR and data protection laws. Cooperate with the supervisory authority (Information Commissioners Office); and will be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc). Other tasks and duties may also be completed by the DPO so long as they don’t result in a conflict of interests with the DPO’s primary tasks.

Sub- Committees of the Provide CIC board

The strategic leadership and management of Information Governance across the organisation is to be advised through the following sub committees of the Board:

Quality and Safety Committee

Finance and Investment Committee

Technology Programme Group

These Committee’s will be responsible for the implementation of Information Governance standards across the organisation, monitoring performance against Information Governance standards, addressing areas of non-compliance and ensuring that improvements plans are put in place.

The Provide Caldicott Guardian and Senior Information Risk owner (SIRO) will sit on one or more of these committees. Reports from these committees are fed through to the Provide Board on the performance of the organisation and improvement plan actions for the following year.

The membership of these committee’s includes the IG and IT Projects Manager, Assistant Directors, Directors as well as other senior managers providing leadership for each specific Information Governance Initiative. This is to enable access to expert knowledge and representation for each specific area of the Provide CIC.

Boards of its Subsidiary Companies

Boards of its Subsidiary Companies must oversee the Information Governance arrangements and compliance with this and other Core IG policies withing their organisation.

Management Staff

Directors, directorate managers and all staff in managerial or supervisory roles have a responsibility to enabling good Information Governance practices within the work environments they manage. This includes but is not limited to:

• Ensuring that national and locally Information Governance standards are upheld within their department

• Advising all staff of their security, confidentiality and data quality responsibilities

• Determining required access levels to specific computer systems ensuring that no unauthorised access is allowed

• Ensuring that adequate training is provided to all staff

• Implementing procedures to minimise risk e.g. risk of fraud / theft / disruption of their systems

• Ensuring current documentation is maintained for all critical job functions

• Supporting planned evaluations of Information Governance and any resulting actions

• Investigating any Information Governance issues raised/ identified by members of staff, patients or visitors e.g. complaints, incidents.

Individual Responsibilities

The responsibilities of all persons working within Provide* service environment and on its activities, includes but is not limited to:

• Appropriately discharging their legal and ethical responsibilities for processing information. All persons involved in the organisations activities, have a legal, ethical and contractual obligation for maintaining Information Governance, regardless of their position (whether directly employed or not), standing or level of knowledge. These includes permanent, temporary, locums, voluntary, work experience and work force solutions staff, including contractors and partners involved in the organisation’s business

• Abiding by their staff group’s professional standards and any locally agreed standards

• Adhering to not only this policy but other Information Governance related documentation issued through the Provide Intranet, regular staff bulletins, MetaCompliance, MyCompliance and other channels of communication.

10.Risk Management

The organisation’s approach to controlling risk set out within its Provide Risk Management Strategy will inform the control of risk for Information Governance related activities. Specifically:

• It is the responsibility of departmental managers to ensure that all persons working within their service areas, whether substantive, temporary or voluntary etc, are fully compliant with this Policy and other Information Governance related policies and are aware of the consequences of non - compliance e.g. confidentiality is breached

• It is the responsibility of all persons involved in the organisation’s activities to report all actual or suspected security breaches, including near miss incidents that may have placed the availability, confidentiality or integrity of information at risk. Reporting of incidents does not replace the right of persons who may have genuine concerns from pursuing the matter via the organisation’s Whistle Blowing Policy

• It is imperative that all matters relating to patients, staff, or the financial contractual position of the organisation, remain strictly confidential. Under no circumstances is such information to be divulged or passed to any unauthorised person(s), either intentionally or by failure to comply with this Policy and interrelated Information Governance Policies (See Appendix 1)

• Failure to observe these rules may be regarded by the organisation as gross misconduct. Individuals involved in Provide activities should be aware that disciplinary procedures, civil action or criminal proceedings may be instigated as a consequence of damage caused to an individual or organisation

Incidents, breaches and identified risks related to Information Governance that have occurred for the preceding period will be reported to the Quality and Safety Committee. Reports will be submitted to the Finance and Investment Committee Periodically informing the organisation of Risks, Issues, Incident trend analysis and recommended actions.

11.Reporting and Investigation of Information Governance Incidents

Any Information breaches will be reported in line with the organisation’s Incident Management and Reporting Policy. All IG Incidents will be assessed against the NHS Digital Guide to the Notification of Data Security and Protection Incidents Where an Incident is confirmed as a reportable incident it will be reported through the Data Security and Protection Toolkit (DSPT) where it will be automatically flagged to the Department of Health and the Information Commissioners Office. Any reportable incidents must be assessed by the IG Manager and/ or the DPO and authorisation sought from the SIRO or Executive Director before being uploaded to the Toolkit.

An investigating officer will be appointed for any reportable incidents and a full investigation will be conducted in line with the Incident reporting and management policy.

A Serious Incident review group will be convened where the Investigating officer will report the findings of the investigation and actions will be agreed. Serious Incidents will also be highlighted at the Quality and Safety Committee. Details of IG Incidents including Serious Incidents will also be reported through to the Finance and Investment Committee by the information Governance Manager on a quarterly basis.

Local Incident reporting and investigation will be utilised where an incident is flagged as non-reportable. This may include, however, reporting through to Commissioners of the service and onto STEIS and formal Serious Incident reporting procedures invoked. Advice must be sought by the IG Manager, SIRO or Caldicott Guardian in such instances. Root Cause analysis will be completed on all incidents where lessons are to be learned.

12.Training

Considerations following a training needs analysis and assessment of resource implications have informed the development of an Information Governance training programme for staff. All staff regardless of their role must complete Information Governance training on an annual basis. Further training has been identified for

specialist roles within the organisation (See Information Governance Training Needs Analysis for further details)

Regular reports will be run by the organisation’s Learning and Development team and training compliance will be reported through the Quality and Safety Committee with any associated required actions. Group companies must have arrangements in place to monitor the IG compliance of their staff.

IG Training will be evaluated annually to ensure the effectiveness of the training programme, both with regards to content and delivery method. Training will be assessed against national requirements and DSPT requirements as well as local changes and requirements. Any required changes or updates will be reported through to the organisation’s Learning and Development Strategy forum for ratification before implementation.

Information Governance issues should be included within the Continuing Professional Development plans and Knowledge & Skills Framework for all staff members as part of their annual Performance Development Reviews and recorded within their Professional Development Plans (PDP). The IG Manager will run additional training sessions where gaps in training are identified.

To inform patients properly, staff must themselves be familiar with the content of local patient information leaflets as well as policies and procedures which will be made available on the staff intranet. Regular briefings from the Information Governance team will be provided via staff communication’s materials including the organisation’s Staff Newsletter and emails managed by the Communications team.

MetaCompliance will be used to effectively inform staff of key organisational policies and key Information Governance messages and reminders.

The IG Manager and Caldicott Guardian and DPO will be a point of contact for staff to refer to as a resource for assistance with queries regarding the holding, obtaining, recording, usage and sharing of their information.

Further advice will also be available from the Information Governance team including advice around the sharing of information and disclosure of information held in medical records.

13.Improvement Planning & Assessments

With respect to the implementation of Information Governance locally, an assessment of compliance with requirements set out in the DSPT, will be undertaken each year. This assessment will inform further improvement planning processes and the performance management information required to effectively assure Information Governance to the Provide board, the commissioners of Provide services and other stakeholders:

• The assessment will be undertaken with respect to compliance with the requirements set out in the DSPT

• The Leads of each of the initiatives will be responsible for establishing and providing verifiable evidence for the attainment scores on the initiatives they lead on

• The DSPT will be a standing item within the Information Governance report which is presented to the Quality and Safety Committee with regular progress and issues reported; and

• An annual compliance report, and an improvement work plan, the Information Governance Report will be developed and reported within three months following the completion of the annual assessment.

14.Informing Patients Effectively

The organisation will produce leaflets/link to information held electronically about Data Protection, confidentiality and consent to the sharing of information available to patients via the IG Team and the Customer Service team. These leaflets/links will also be routinely sent with other patient communications, and will also be made available via the organisation’s website.

Information Leaflets and posters will also be displayed in reception areas and other prominent areas accessible to patients for example in reception and waiting areas. The content of these leaflets will include:

• How patient’s information will be stored and used

• How patient information may be shared, along with appropriate safeguards on confidentiality

• how patient records will be kept secure

• how patients may obtain access to their records

• how patients may restrict the use and sharing of their information, if they wish so

• how to seek further advice

The organisation will ensure that the information is accessible to those patients with a range of special/different needs. This will require a robust assessment of the needs of those patients and communications materials designed to meet them through the trust’s equality and diversity agenda. It may be that the patient information is required in several formats, e.g.:

• In other languages

• Braille

• On audio tape

• In large print

• Easy to read

It may be necessary for the organisation to arrange access to a translator, e.g. for those patients who:

• Use sign language

• Are unable to speak English and are also unable to read in their native language

Patients who require more detailed advice will be able to access the required information or be guided towards a staff member who is able to answer their queries.

Staff will be informed of the uses of their information through a Staff Privacy Notice which will be distributed through Intranet/part of recruitment or onboarding process.

15.Audit, Monitoring and Review

This policy, and other Information Governance related policies, will be implemented by various sub committees of the board, including the Finance and Investment Committee and the Quality and Safety Committee

The review or creation of other Information Governance related policies and procedures will include mechanisms for monitoring compliance with the policy or procedures standards.

This policy will be continually monitored and will be subject to a regular review, which will take place 3 years from the date of issue and at yearly intervals thereafter.

An earlier review may be warranted if one of more of the following occurs:

• As a result of regulatory / statutory changes or developments

• As a result of NHS policy changes or developments

• Local organisational changes and developments

• For any other relevant or compelling reason.

16.Contacts for Information Governance in the Organisation

Information Governance Manager: Petra Lastivkova

Caldicott Guardian: Paul Spowage, Medical Advisor

SIRO: Philip Richards, Group Chief Finance Officer

DPO: John Adegoke, Head of Information Governance & Group Data Protection Officer

17.References

Data Security and Protection Toolkit: https://www.dsptoolkit.nhs.uk/

Data Protection Act 2018/ GDPR: http://ico.org.uk/

Appendix 1: Information Governance Policies & Procedures

IGPOL62 - Information Governance Policy

IGPOL53 Information Security Policy

IGPOL88 Email, Internet, Instant Messaging & Social Media Policy

IGPOL67 Mobile Computing Devices Policy

IGPOL65 Transferring Confidential Information Policy and Procedures

IGSOP02 Standard Operating Procedure for Email communication with Patients/Clients and their Families/Carers

IGSOP03 Safeguarding Confidential Information - Printers and Photocopies Procedure

IGPOL51 Registration Authority Policy

IGSOP01 Registration Authority (Smartcards) Procedure

IGPOL31 Data Protection Policy

IGPOL92 Subject Access Request (SAR) Policy and Procedure

IGPOL66 Freedom of Information Policy and Procedure

IGPOL90 Data Protection (Privacy) Impact Assessment Policy and Procedure

IGPOL70 Confidentiality Code of Conduct Policy for Staff

IGPOL69 Information Sharing Policy and Procedures

IGPOL35 Records Management Policy

IGPOL63 Health Record Keeping Policy

IGPOL76 Data Quality Policy

IGPOL54 Digital Images and Recordings of Patients Policy

Click here to enter text.

EQUALITY IMPACT ASSESSMENT TEMPLATE: Stage 1: ‘Screening’

Name of project/policy/strategy (hereafter referred to as “initiative”):

Information Governance Policy

Provide a brief summary (bullet points) of the aims of the initiative and main activities:

This policy sets out the high level principles adopted by Provide regarding a governance framework for Information related activities in its interactions and its service environment.

Project/Policy Manager: Petra

Lastivkova

Date: December 2022

This stage establishes whether a proposed initiative will have an impact from an equality perspective on any particular group of people or community – i.e. on the grounds of race (incl. religion/faith), gender (incl. sexual orientation), age, disability, or whether it is “equality neutral” (i.e. have no effect either positive or negative). In the case of gender, consider whether men and women are affected differently.

Q1. Who will benefit from this initiative? Is there likely to be a positive impact on specific groups/communities (whether or not they are the intended beneficiaries), and if so, how? Or is it clear at this stage that it will be equality “neutral”? i.e. will have no particular effect on any group.

Implementation of this policy will contribute significantly towards assuring Provide stakeholders, i.e. patients, partners, staff etc. information has been processed in compliance with the legislative, ethical and national NHS policy requirements.

Q2. Is there likely to be an adverse impact on one or more minority/under-represented or community groups as a result of this initiative? If so, who may be affected and why? Or is it clear at this stage that it will be equality “neutral”?

Neutral

Q3. Is the impact of the initiative – whether positive or negative - significant enough to warrant a more detailed assessment (Stage 2 – see guidance)? If not, will there be monitoring and review to assess the impact over a period time? Briefly (bullet points) give reasons for your answer and any steps you are taking to address particular issues, including any consultation with staff or external groups/agencies.

Impact not significant enough to warrant a more detailed assessment

Guidelines: Things to consider

Equality impact assessments at Provide take account of relevant equality legislation and include age, (i.e. young and old,); race and ethnicity, gender, disability, religion and faith, and sexual orientation.

The initiative may have a positive, negative or neutral impact, i.e. have no particular effect on the group/community.

Where a negative (i.e. adverse) impact is identified, it may be appropriate to make a more detailed EIA (see Stage 2), or, as important, take early action to redress this – e.g. by abandoning or modifying the initiative. NB: If the initiative contravenes equality legislation, it must be abandoned or modified.

Where an initiative has a positive impact on groups/community relations, the EIA should make this explicit, to enable the outcomes to be monitored over its lifespan.

Where there is a positive impact on particular groups does this mean there could be an adverse impact on others, and if so can this be justified? - e.g. are there other existing or planned initiatives which redress this?

It may not be possible to provide detailed answers to some of these questions at the start of the initiative. The EIA may identify a lack of relevant data, and that data-gathering is a specific action required to inform the initiative as it develops, and also to form part of a continuing evaluation and review process.

It is envisaged that it will be relatively rare for full impact assessments to be carried out at Provide. Usually, where there are particular problems identified in the screening stage, it is envisaged that the approach will be amended at this stage, and/or setting up a monitoring/evaluation system to review a policy’s impact over time.

EQUALITY IMPACT ASSESSMENT TEMPLATE: Stage 2:

(To be used where the ‘screening phase has identified a substantial problem/concern)

This stage examines the initiative in more detail in order to obtain further information where required about its potential adverse or positive impact from an equality perspective. It will help inform whether any action needs to be taken and may form part of a continuing assessment framework as the initiative develops.

Q1. What data/information is there on the target beneficiary groups/communities? Are any of these groups under- or over-represented? Do they have access to the same resources? What are your sources of data and are there any gaps?

Q2. Is there a potential for this initiative to have a positive impact, such as tackling discrimination, promoting equality of opportunity and good community relations? If yes, how? Which are the main groups it will have an impact on?

Q3. Will the initiative have an adverse impact on any particular group or community/community relations? If yes, in what way? Will the impact be different for different groups – e.g. men and women?

Q4. Has there been consultation/is consultation planned with stakeholders/ beneficiaries/ staff who will be affected by the initiative? Summarise (bullet points) any important issues arising from the consultation.

Q5. Given your answers to the previous questions, how will your plans be revised to reduce/eliminate negative impact or enhance positive impact? Are there specific factors which need to be taken into account?

NA Q6. How will the initiative continue to be monitored and evaluated, including its impact on particular groups/ improving community relations? Where appropriate, identify any additional data that will be required.

Guidelines: Things to consider

An initiative may have a positive impact on some sectors of the community but leave others excluded or feeling they are excluded. Consideration should be given to how this can be tackled or minimised. It is important to ensure that relevant groups/communities are identified who should be consulted. This may require taking positive action to engage with those groups who are traditionally less likely to respond to consultations, and could form a specific part of the initiative. The consultation process should form a meaningful part of the initiative as it develops, and help inform any future action. If the EIA shows an adverse impact, is this because it contravenes any equality legislation? If so, the initiative must be modified or abandoned. There may be another way to meet the objective(s) of the initiative.

Further information:

Useful Websites www.equalityhumanrights.com Website for new Equality agency www.employers-forum.co.uk – Employers forum on disability www.disabilitynow.org.uk – online disability related newspaper www.womenandequalityunit.gov.uk – Gender issues in more depth www.opportunitynow.org.uk - Employer member organisation (gender) www.efa.org.uk – Employers forum on age www.agepositive.gov.uk – Age issues in more depth