Information assurance policy

We have the following in place:

• Senior Information Risk Owner (SIRO) - has overall responsibility for information risk ownership at Director level.
• Information Asset Owners - ensures that we handle and manage specific information assets appropriately.  Information Asset Owners own information risk for their assets.
• Head of Information Assurance – manages the IA team and is responsible for developing and implementing the aims of the IA policy.
• Information Governance Manager and Officers – responsible for providing information governance guidance and support to us.
• Records Manager and Officer – responsible for providing support and guidance across all aspects of records management.
• Information Security Officer – responsible for the implementation of information security policy and compliance.
• Data Protection Officer – a statutory role primarily responsible for ensuring the council meets its obligations under data protection law.

In addition to the IA specific roles outlined above:

• Chief Information Officer – acts as the lead on the management and implementation of our technology 
• Head of Cyber Security – acts as the technical lead for all strategic and operational cyber security matters
• Council managers – responsible for ensuring that:
  • the requirements of the IA framework are integrated into service procedures
  • that staff comply with all relevant IA policies in their area of responsibility
• All staff – responsible for ensuring they meet the requirements of the IA framework. This includes complying with individual policy requirements and undertaking mandatory training.