Quality systems

Quality policy and objectives

• We will provide an efficient and effective service to all our scheme members by responding quickly to requests for information and advice.
• We will provide an efficient and effective service to all beneficiaries i.e. current pensioners, dependants and deferred members and receivers of early leavers benefits by paying correct benefits on time.
• We will provide an efficient and effective service to all employers whose employees participate towards pension schemes administered by WYPF by responding quickly to requests for information, advice and training and by providing detailed guidance on the implications of any new legislation affecting the scheme.
• We will seek to continually improve the effectiveness of the quality management system and our service by reviewing the needs and expectations of our customers and our quality policy through regular Management Reviews.
• Our quality objective documents are reviewed regularly at Management Review.
• The aim of this Quality Manual is to describe the systems for controlling WYPF’s activities so these objectives are met and for controlling the requirements of the quality system standard ISO 9001:2015 in managing these activities.
• We will provide adequate training opportunities and facilities, and hold regular performance appraisals for all members of staff.
• All appropriate personnel shall follow the relevant methods defined in this manual, procedures and working instructions. If they find these methods prove to be unworkable, inefficient or inadequate they are responsible for raising this issue with their immediate manager and the Quality Systems Manager.
• All personnel shall follow the Information Security Policy and associated procedures as detailed in the Information Security Management System Manual. If they identify any unworkable or inadequate Information security issues, they are responsible for raising the issue with their immediate manager, the Assistant Director – Finance, Administration and Governance and the Quality Systems Manager.
• The Head of Employer Services and Compliance is the Management representative for quality and is responsible for the administration for the quality system described.
• The Quality Systems Manager is responsible for identifying any quality problems and initiating the necessary action that will correct and prevent them from recurring. The Quality Systems Manager is also responsible for verifying that any change in method is satisfactorily implemented and effective.
• The quality system is under the constant surveillance of the Quality Systems Manager to ensure compliance to the standard, to maintain the effectiveness of WYPF Quality Management System and to seek improvements in quality.

Euan Miller (Managing Director of WYPF)
Date: May 2024

The West Yorkshire Pension Fund (WYPF) Information Security Policy applies to all business functions within the scope of the Information Security Management System and covers the information, information systems, networks, physical environment and people supporting these business functions. This document states the Information Security objectives and summarises the main points of the Information Security Policy.

Objective

The objective of Information Security is to ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents. In particular, information assets must be protected in order to ensure:

1. Confidentiality i.e. protection against unauthorised access or disclosure
2. Integrity i.e. protection against unauthorised or accidental modification
3. Availability as and when required in pursuance of the WYPF/Bradford Council’s (Council) business objectives.

Responsibilities

1. The Managing Director of WYPF has approved the Information Security Policy.
2. Overall responsibility for Information Security rests with the Managing Director of WYPF and Assistant Director Finance, Administration and Governance.
3. Day-to-day responsibility for procedural matters, legal compliance, maintenance and updating of documentation, promotion of security awareness, liaison with external WYPF/Bradford Councils, incident investigation and management reporting etc. rests with the Quality Systems Manager who is the ISMS Coordinator.
4. Day-to-day responsibility for data protection rests with the Assistant Director – Finance, Administration and Governance.
5. Day-to-day responsibility for technical matters, including technical documentation, systems monitoring, technical incident investigation and liaison with technical contacts at external WYPF/Bradford Councils, rests with the Head of IT.
6. All employees or agents acting on WYPF/Bradford Council’s behalf have a duty to safeguard assets, including locations, hardware, software, systems or information, in their care and to report any suspected breach in security without delay, direct to the Bradford Council by following Data Security Breach process. Employees attending sites that are not occupied by WYPF/Bradford Council must ensure the security of WYPF/Bradford Council’s data and access their systems by taking particular care of laptop and similar computers and of any information on paper or other media that they have in their possession.
7. The Quality Systms Manager is responsible for drafting, maintaining and implementing this Security Policy and similarly related documents.
8. As with other considerations including Quality and Health & Safety, Information Security aspects are taken into account in all daily activities, processes, plans, projects, contracts and partnerships entered into by WYPF/Bradford Council.
9. Staff are advised and trained on general and specific aspects of Information Security, according to the requirements of their function within the organisation. The Contract of Employment includes a condition covering confidentiality regarding WYPF/Bradford Council’s business. All employees are required to undertake mandatory Information Security Level 1 training on an annual basis.
10. Adherence to Information Security procedures as set out in WYPF/Bradford Council’s various policies and guideline documents is the contractual duty of all employees and a clause to this effect is set out in Bradford Council’s Contracts of Employment.
11. The ISMS Manual is held on WYPF’s staff information folder. All staff should make themselves familiar with the contents.
12. Breach of the Information Security policies and procedures by staff will be reported through the WYPF incident reporting policy.
13. In view of WYPF’s shared service arrangement for Local Government and position as a trusted provider of fire service pension scheme administrators, particular care is taken in all procedures and by all employees to safeguard the Information Security of its service users and/or clients.
14. Agreements of Mutual Non-disclosure/Confidentiality are entered into as appropriate with third party Companies.
15. All statutory and regulatory requirements are met and regularly monitored for changes.
16. A Disaster Recovery/Business Continuity Plan is in place. This is maintained, tested and subjected to regular review by the Assistant Director – Finance, Administration and Governance.
17. Further policies and procedures such as those for access, acceptable use of e-mail and the Internet, virus protection, backups, passwords, systems monitoring etc. are in place, maintained and are regularly reviewed by WYPF or an appointed representative, as appropriate.
18. This Information Security Policy is regularly reviewed and may be amended by the Managing Director of WYPF in order to ensure its continuing viability, applicability and legal compliance, and with a view to achieving continual improvement in the Information Security Systems.

Date of Issue: 30 May 2024

Euan Miller (Managing Director of WYPF)
Date of Next Review: 30 May 2025