- Request
-
I’d like to make a Freedom Of Information request please in relation to the Council’s Information Asset Owners (IAO’s).
I appreciate that not all Council’s use the title of Information Asset Owners, however most will appoint persons in a similar role and have a similar structure, can the FOI request therefore be applied to these roles if you do not use the title Information Asset Owner (obviously substituting the phrase ‘IAO’ in the questions for the Councils own name for the role.)
For clarity of what I would define as a similar role, the Cabinet Office guidance entitled ‘ The role of Information Asset Owners (IAOs) in government’ defines an IAO as: “Information Asset Owners (IAOs) must be senior/responsible individuals involved in running the relevant business. Their role is to understand what information is held, what is added and what is removed, how information is moved, and who has access and why. As a result they are able to understand and address risks to the information, and ensure that information is fully used within the law for the public good. They provide a written judgement of the security and use of their asset annually to support the audit process.”
FOI Questions:
- Has the Council appointed, or does the Council plan on appointing IAO’s?
- Whom is responsible for the leading IAO structure, I.E. the SIRO/’Lead’ IAO/Head of Governance/Head of Corporate Services etc.
- What is the IAO structure in terms of how the role is allocated (e.g. is it only given to heads of departments), and what are the job titles of the IAO’s?
- Whom is responsible for reviewing and implementing any training needs for the IAO’s? (A job title is fine)
- Spend on IAO training over the past 5 years, per year (if not able to be broken down year by year, an average per year is fine).
- Decision
-
- Has the Council appointed, or does the Council plan on appointing IAO’s? The council has appointed IAO's.
- Whom is responsible for the leading IAO structure, I.E. the SIRO/’Lead’ IAO/Head of Governance/Head of Corporate Services etc.
The council IAO structure is based on defined information assets and council functions. It is supported on a daily basis by the Information Assurance Team, led by the Head of Information Assurance. The Head of Information Assurance reports to the SIRO.
- What is the IAO structure in terms of how the role is allocated (e.g. is it only given to heads of departments), and what are the job titles of the IAO’s?
The following criteria is used to determine allocation of the IAO role:
- When identifying an IAO consideration will be given to the sensitivity and criticality of the asset rather than the size of the asset. An asset that consists of sensitive data for example should have a more senior IAO assigned to it e.g. Assistant Director, Head of Service.
- IAO's must have enough seniority to take strategic decisions about the asset.
- An IAO does not need to be a User of the asset but must understand the business needs of the asset and have the authority to manage it accordingly.
- The task of an IAO is not designed to be onerous. It is necessary however that the IAO understands their responsibilities and ensures those responsibilities are carried out effectively and in a way which adds value to the overall process.
The attached spreadsheet lists the job titles of current IAO's.
- Whom is responsible for reviewing and implementing any training needs for the IAO’s? (A job title is fine)
The Information Assurance Team
5. Spend on IAO training over the past 5 years, per year (if not able to be broken down year by year, an average per year is fine).
No records held. IAO training is delivered internally by the Information Assurance Team.
- Reference number
- FOI1006
- Date request received
- 20 December 2019
- Date of decision
- 14 January 2020