Information risk management roles
We have in place the following roles to support IRM:
- senior information risk owner (SIRO) - the owner of information risk management at director level. The SIRO has overall responsibility for:
- information risk ownership within the council
- shared risks with delivery partners and third-party suppliers
- information asset owners (IAO) - an IAO is an individual appointed to ensure that specific information assets are handled and managed appropriately. IAO's are key risk decision makers across assets they own
- head of information assurance, responsible for:
- the development and implementation of information assurance policy
- the identification, management and review of information risks
- supporting the implementation of controls designed to mitigate risk
- information governance manager - responsible for providing information governance guidance and support to the council. This includes supporting service areas who are sharing information. The role will assist in the identification of information risk
- information security officer – provides support to the head of information assurance to develop and implement information security policy and compliance. The information security officer:
- manages, on a day-to-day basis
- risk balance cases
- assists in the identification and mitigation of information risk
Data protection officer - a statutory role that provides advice to the council on data protection legislation. This includes guidance on the identification and mitigation of privacy risks.