NHSScotland Information Security Policy Framework 2015

Mandatory components that must be embedded in each Board-level Information Security Policy/Objectives document and own information security management system (ISMS) so that the risks relating to the confidentiality, integrity and availability of information are managed.

http://www.informationgovernance.scot.nhs.uk/isframework/