Compliance Domain

The Compliance domain covers the policies and frameworks that ensure NCI meets its statutory, regulatory, and contractual obligations across academic and institutional operations. 

It supports a culture of integrity, transparency, and accountability by embedding compliance requirements into institutional practices and systems. 

Policies in this domain provide the governance infrastructure for legal compliance, information governance, data protection, and institutional risk management. They also ensure that learners and staff operate in a safe, secure, and lawful environment.

Policies

Core Data Protection & Privacy

• Data Protection Policy
• Privacy Statement Policy
• NCI Staff Data Processing Notice
• Staff Covid Privacy Statement
• Data Protection by Design and Default Policy
• Data Protection Impact Assessment Threshold Policy
• Data Subject Rights Procedure
• Personal Data Risk Classification Scheme
• Guidance on Third Party Requests for Personal Data
• Covert Recording Policy
• Student Terms of Use

Data Breach & Incident Handling

• Personal Data Breach Handling Procedure
• Data Breach Incident Procedure
• Critical Incident Policy

Records & Retention

• What is a record?
• What is Records Management?
• Legal Records Retention Schedule
• Payroll Records Retention Schedule
• HR Records Retention Schedule
• Finance Records Retention Schedule
• Student Records Retention Schedule
• Governance and Company Records Retention Schedule

Information & Data Governance

• Data Governance Classification and Handling Policy
• User Security Policy
• Operations Security Policy
• Change Management Policy
• Portable Storage Device Policy
• Bring Your Own Device Policy
• Vendor Risk Management Policy
• NCI Third Party Security Policy

Training, Guidance & Tips

• Data Protection Training
• Guide to GDPR Terminology
• Tips – GDPR and Video Conferencing
• Tips – GDPR and Working from Home
• Information on Phishing
• Instructions on How to Recall Emails in Outlook

HR / Staff Related Compliance

• Joiners Movers Leavers Procedure
• NCI Employee Media and Social Media Policy

Legacy QAES Content

The following chapters of the 2019 QA Handbook remain in effect and are accessible through this domain until formally reviewed and replaced:

• Chapter 9: Information Governance and Compliance
• Chapter 10: Public Information

Note: A substantial number of standalone policies, procedures, and operational documents now govern areas previously covered in Chapters 9 and 10. A full cross-referencing and mapping exercise is underway as part of the QAES Refresh Project. Until this is complete, both chapters remain active in their entirety and should be consulted alongside relevant institutional policies.