The Process

Find

Where the
@Lead Organisation
builds a
@Risk Index
using data provided from various
@Source Organisations
.

Building a Risk Index

The
@Lead Organisation
will need a data store to contain vulnerability attribute data, and to run a risk scoring algorithm.

We heard of a number of approaches that councils took to creating a Risk Index. SAVVI recommends some of the data structures that could be used, and the
contains examples from councils.

As
@Vulnerability Attribute
data is received, it will be loaded into the
@Risk Index
.

Information Governance for the Risk Index

The
@Risk Index
is a new dataset containing personal information, so there are some routine Information Governance steps to
complete.

The
@Lead Organisation
should
add the
@Risk Index
to its
perform a
and apply any mitigation actions to reduce risk
add the
@Risk Index
to its
(RoPA)

Although these are not different to any other data handling scenario, SAVVI has some advice about the steps to take, and points to guidance from authoritative sources such as the Information Commissioners Office (ICO). The
contains some examples.

Data Matching

Data in the Risk-Index can be matched by
@Residence
@Person

Data that cannot be matched could be listed so that it can be manually cleansed and linked.

Pseudonymisation

The SAVVI Process supports optional pseudonymisation steps prior to building the
@Risk Index
. This can be useful if
@Source Organisations
won’t share person-identifiable data until it has been established that a
@Household
is vulnerable.

SAVVI provides
and then later re-identified for those households that are found to be vulnerable.

Finding At-Risk Groups

Some business logic is run over the
@Risk Index
to apply the rules from the
@Risk Stratification Policy
to generate
@Risk Categories
.

The
contains examples where Local Authorities have generated Categories from a Risk Index.

Marking entries that are already being managed

In some cases, the
@Lead Organisation
may be aware that another organisation is already leading to support a person. For example, throughout the COVID19 pandemic, the NHS Shielding List listed people who were clinically at risk, and they led the contact strategy to find out their needs due to isolation during the lock-down.

Marking these cases on the Risk Index will avoid people being contacted unnecessarily, whilst still being able to report on how they are being supported.

Building a Case Index

For each entry on the
@Risk Index
that fall into a
@Risk Category
, the
@Lead Organisation
can raise a
@Case
so that needs can be assessed, and assistance offered where applicable.

The information that is recorded on a
@Case
does not bring forward any of the
@Vulnerability Attributes
from the
@Risk Index
, but does contain the
@Risk Category
and sufficient information to identify the
@Person
or
@Household
.

@Cases
build into a
@Case Index
, parts of which can be shared with other organisations.

Information Governance for the Case Index

The
@Case Index
is a new dataset containing personal information, so there are some routine Information Governance steps to
complete.

The
@Lead Organisation
should
add the
@Case Index
to its
perform a
and apply any mitigation actions to reduce risk
add the
@Case Index
to its
(RoPA)
set up a
with the organisations that it intends to share parts of the Case Index with.

Although these are not different to any other data handling scenario, SAVVI has some advice about the steps to take, and points to guidance from authoritative sources such as the Information Commissioners Office (ICO). The
contains some examples.



Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.