Information assurance policy

Information assurance framework

We will develop an IA framework that aims to:

  • treat information and information systems as important assets by ensuring their confidentiality, integrity, and availability
  • embed an IA governance structure that sets out roles and responsibilities of key staff
  • apply appropriate information risk management to recognise and manage information risk
  • maintain compliance with relevant legislation, for example, the UK General Data Protection Regulation and Data Protection Act 2018
  • maintain compliance with third party information obligations placed upon us
  • ensure we collect, use, manage, and share information appropriately and legitimately
  • provide IA policies, procedures and controls which support staff in the delivery of our services.
  • ensure that staff are:
    • appropriately trained
    • aware of their responsibilities
    • have access to appropriate support and guidance
Print this document