- Request
-
I would like to make an FOI request please for the Fire Service only.
1. Who is the SIRO / Senior Information Risk Owner, or equivalent. A name and job title, or if they are below the disclosable level just a job title is fine, could you also provide a contact email for this person. If you do not have a nominated SIRO could you please answer Q1 with the person(s) with responsibilities equivalent to a SIRO. 'A Senior Information Risk Owner (SIRO) is an Executive Director or member of the Senior Management Board of an organisation with overall responsibility for an organisation's information risk policy. The SIRO is accountable and responsible for information risk across the organisation. They ensure that everyone is aware of their personal responsibility to exercise good judgement, and to safeguard and share information appropriately.'
2. Do you have, or are you planning to have, appointed Information Asset Owner's (IAO's) (or a similar role such as data stewards, data owner, etc) ''Information Asset Owners (IAOs) must be senior/responsible individuals involved in running the relevant business. Their role is to understand what information is held, what is added and what is removed, how information is moved, and who has access and why. As a result they are able to understand and address risks to the information, and ensure that information is fully used within the law for the public good. They provide a written judgement of the security and use of their asset annually to support the audit process.'
3. If the answer to Q2 is yes, how often are they trained and who is responsible for organising the training? (as in, the person).
4. Are you or have you considered becoming ISO 27001 compliant or certified? If so whom is responsible for the project? (as in, the person).
5. When did you last conduct a Physical Security risk assessment of the Services building(s)/estate(s), and who is responsible for managing risk in this area? (as in, the person).
6. Who is your DPO (Data Protection Officer) or responsible person for DPO duties?
- Decision
-
Lincolnshire Fire and Rescue are part of Lincolnshire County Council and therefore falls within the same governance structure, policy, and processes as the wider council.
1. Andrew Crookham, Executive Director of Resources. Andrew.Crookham@lincolnshire.gov.uk
2. The Council has appointed Information Asset Owners.
3. Information Asset Owners are provided directly with written guidance on an annual basis. This guidance is made permanently available via an internal Information Assurance Hub. Ad hoc training and guidance is also provided on an ongoing basis based on individual needs. The Information Assurance Team are responsible for providing the training.
4. Lincolnshire County Council has a strategic partnership with Serco who are responsible for providing a number of services to the council including the provision and management of ICT services. These services are independently certified to ISO 27001. Certification is informed by a number of policies, roles, and processes owned by the council.
5. No information held regarding physical security risk assessments. The council does have a physical security policy, which is published on Lincolnshire County Council's website: Physical security policy
6. Amy Jaines. They can be contacted by email at DPO@lincolnshire.gov.uk.
- Reference number
- 3202709
- Date request received
- 18 January 2022
- Date of decision
- 14 February 2022