Information risk management roles
We have in place the following roles to support IRM:
- Senior Information Risk Owner (SIRO) - the owner of information risk management at Director level. The SIRO has overall responsibility for:
- information risk ownership within the council
- shared risks with delivery partners and third-party suppliers
- Information Asset Owners (IAO) - an IAO is an individual appointed to ensure that specific information assets are handled and managed appropriately. IAO's are key risk decision makers across assets they own.
- Head of Information Assurance, responsible for:
- the development and implementation of information assurance policy
- the identification, management and review of information risks
- supporting the implementation of controls designed to mitigate risk
- Information Governance Manager – responsible for providing information governance guidance and support to the council. This includes supporting service areas who are sharing information. The role will assist in the identification of information risk.
- Information Security Officer – provides support to the Head of Information Assurance to develop and implement information security policy and compliance. The Information Security Officer:
- manages, on a day-to-day basis
- risk balance cases
- assists in the identification and mitigation of information risk
Data Protection Officer – a statutory role that provides advice to the council on data protection legislation. This includes guidance on the identification and mitigation of privacy risks.