Information Security Management: NHS Code of Practice

Sets out standards for the management of information in NHS organisations.


Checklist for Reporting, Managing and Investigating Information Governance Serious Untoward Incidents

This file may not be suitable for users of assistive technology.

Request an accessible format.
If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email Please tell us what format you need. It will help us if you say what assistive technology you use.


This code of practice is intended to help NHS organisations manage digital and hard copy information effectively, and to comply with legal requirements and best practice.

The code of practice covers:

  • digital or hard copy patient health records
  • digital or hard copy administrative information
  • digital or printed X-rays, photographs, slides and images
  • digital media including data tapes, CDs, DVDs, USB disk drives, removable memory sticks
  • computerised records, including those that are processed in networked, mobile or standalone systems
  • email, text and other message types
Published 20 April 2007