Information Sharing Protocol

Aim 

The Protocol will: 

  • Facilitate the timely sharing of information about childrens social care and education providers between local authorities, schools and safeguarding partners where there are events or concerns that may be relevant to their contractual relationship or the safety of children. 
  • Help authorities and safeguarding partners to monitor the quality of providers of externally commissioned provision and protect the welfare of children and young people in care.
  • Offer a straightforward and consistent approach to information sharing. The approach is intended to be open and transparent. 

Benefits 

  • The benefits of the ISP include: Local authorities, schools and safeguarding partners will have information routinely provided which will inform their managing risk associated with externally commissioned provision. 
  • Providers will benefit by having the reassurance of effective cross agency collaboration and information sharing via a transparent process. 
  • Children and young people will benefit through reduced risk and better quality provision. 

To note: 

  • Information is shared under this Protocol only where it is necessary and proportionate to protect children and young people, manage identified risks, or support lawful commissioning and oversight decisions. 
  • ISP notifications must not be used for routine performance management, contractual disputes, or to exert undue influence on providers. 
  • Issuing agencies should consider their position of responsibility as a public authority. 

Confidentiality 

  • The information given above is for the exclusive use of those receiving it. Sharing of notifications within safeguarding partners is permitted with discretion. 
  • The notice may impact future referrals, and this is at the discretion of each agency. 
  • In no circumstances should any agency receiving information pass this information to anyone outside those agencies referenced in this guidance including verbally.

 Limitations of the protocol 

This notification is provided for information only. It is the responsibility of each agency receiving this information to decide how to use it. Potential actions receiving authorities may take, include: 

  • Contacting the agency that sent the notice for more information to assess the risk for any children in placement. 
  • Contacting the provider for further information to better understand the situation. 
  • Organising a meeting across local authorities, schools or safeguarding partners to share information and collaborate on actions. 
  • Obtaining further information independently via other partners. 
  • Seeking legal advice. 
  • This Protocol represents a high‑risk information sharing arrangement. Participating organisations are expected to consider whether a local Data Protection Impact Assessment (DPIA) is required when issuing ISP notifications in complex or novel circumstances 

Providers with an open notification should not be on a de facto ‘blacklist’ when placement decisions are made. 

Roles and responsibilities 

  • Each organisation participating in this Protocol acts as an independent data controller for the personal data it contributes to, receives, and uses under the ISP. 
  • Each controller is responsible for ensuring compliance with UK GDPR and the Data Protection Act 2018, including handling subject access requests, managing data accuracy, reporting personal data breaches, and applying appropriate safeguards when sharing or retaining information. 

NWADCS will act as the lead to co-ordinate the operation of the ISP. This role includes: 

  • Updating mailing lists when mailboxes or member agencies change.
  • Dealing with proposed changes to the Protocol. 
  • Circulating the ISP notifications. 
  • Saving the ISP in the provider folder of the regional SharePoint. These will be held in line with Stockport Council information governance procedures as the host authority for the Sharepoint site. ISP notifications will be retained while active and under review. Once an ISP is rescinded or closed, records will be retained in accordance with the host authority’s approved retention schedule for safeguarding and commissioning records, after which they will be securely disposed of. 
  • Retention decisions will reflect the need to evidence safeguarding decision making while ensuring compliance with the UK GDPR principle of storage limitation. 
  • Following up on ISP notifications that are awaiting review. 
  • Escalating concerns about practice of issuing authorities in relation to the protocol as appropriate.

Frequently asked questions

Who raises ISP notifications? ISP notifications can be raised by any partner. ISP notification should be issued by the most appropriate agency which would usually be the host agency for the service or a placing agency. It may be that agencies need to liaise to agree who is the most appropriate. Where there is risk created by an ISP being linked back to a specific local authority the ISP may be issued by NWADCS who will hold the information relevant to those enquiring about the provider. 

Who rescinds ISP notifications? ISPs can only be rescinded by the agency that raised it. In some circumstances where NWADCS have not been able to contact the issuing officer or agency to rescind an ISP notification they may be closed due to time passed. 

How does an agency decide to rescind a notification? A decision to rescind a notification is made when the risk has been mitigated or passed. This may include satisfactory completion of remedial actions or an action plan. 

Does a provider have to be on the NW regional purchasing systems or other contracts to be issued with a notification? No, notifications can be issued for any organisation working with our children. 

When should an ISP be used in relation to an Ofsted inspection outcome? The ISP process should not duplicate the regulatory role. However, if visits or checks are made after an agency receives notice of an inspection outcome and additional concerns are identified, or there are significant concerns and a delay in the publishing of an inspection report use of the ISP should be considered. In these cases it may be that the ISP can be rescinded once an inspection report is in the public domain. 

How long does an ISP notification remain in place for? A review date is set for a maximum of three months following the date of the original ISP notification. An ISP may be extended if required, for example pending outcomes of investigations or action plans. In some instances it may be relevant to share the rationale for extending with the provider. 

Does a provider have to complete the comments section of the ISP? There is no requirement for a provider to comment but the issuing agency must give the provider an opportunity to do so unless there is a clear rationale otherwise. 

What happens if two ISP notifications are issued by the same agency for the same provider? If the ISPs are issued for the same concern the first notification received will be logged on the ISP spreadsheet. If subsequent ISPs contain additional information they will be circulated for information only. The issuing agency for the first ISP notification will be responsible for rescinding. NWADCS will consider if an organisational ISP is required where there are multiple ISPs issued for the same provider by multiple agencies.

How often is the ISP spreadsheet sent out? NWADCS will circulate the spreadsheet monthly to all partners. 

Are providers or settings that receive an ISP notification removed from the regional purchasing systems? No, an ISP does not automatically result in suspension from regional purchasing arrangements. In some cases this may be linked, for example where there is an Ofsted rating that means the providers does not meet the contract criteria. 

What is the process relating to ISPs for off contract providers? ISPs for providers not on the regional purchasing systems should be raised and rescinded in the same way.