Does your Trust have a policy relating to shadow IT and feral systems? If yes, can you provide a copy of that policy? – No.
Has your Trust carried out a recent audit of shadow IT and feral systems? – No.
If Yes, can we have a copy of that audit? If No, will you provide an estimate of the number of such systems in your Trust? – N/A.
If you are unable to identify ALL shadow IT and feral systems, will you explain how you intend to meet your obligations under GDPR? The Trust is carrying out an on-going mapping project to confirm all systems and data flows. The results of this project may include shadow IT and/or feral systems.
Do you have a picture of how many feral systems adhere to NHS national data standards? The Trust will not have an answer for this until the mapping project has been completed.
Are shadow systems currently covered under your trust’s Cyber Security policies and IG Toolkit? No – but all personal data and the medium on which it is held is covered under Trust policies.