Information Risk Advisory Group - Terms of Reference
Agreed by the Board: January 2020; Next Review: January 2021
The Terms of Reference for the Information Risk Advisory Group (IRAG) were agreed by the Medical Sciences Divisional Board as follows:
The Membership of the IRAG should reflect the range of stakeholders in the Division and central University functions, including departmental and divisional staff in information governance-related roles, academic stakeholders, relevant representatives working in central University functions (such as Research Services, Information Security, Information Compliance), a representative of the Divisional IT Committee.
- The Membership should also include up to two external members with relevant expertise.
- The Advisory Group will select one of their number to act as Chair.
- The Information Risk Management Group (IRMG) will arrange secretarial support.
- Members of the Information Risk Management Group will attend meetings of the IRAG but will not be members.
Rotation of Membership
The IRAG is not a formal committee, with terms of office. However in order to reflect good practice members will not normally serve for more than two terms of 3 years each.
Frequency of meetings
The IRAG shall meet normally on a termly basis.
The IRAG shall support the enhancement of information governance across the Division by advising the IRMG on current and anticipated risks relating to information governance; advising on prioritisation of risks; and supporting implementation and improvement activities. In particular the IRAG shall:
- Advise the IRMG of current and emerging risks relating to information governance and on their relative prioritisation;
- Support the development and implementation of relevant University and Divisional policies and procedures across the Division;
- Work with the IRMG to disseminate key guidance and information on threats and risks;
- Support the development and implementation of appropriate training programmes;
- Support the identification of risks and improvement projects related to Information Governance across the Division;
- Raise awareness of Information Governance policies and procedures in units and departments, and promote good information governance and security behaviours; and
- Support the operation of the IRMG within the Divisional Office.
The terms of reference of the IRAG will be reviewed on an annual basis.