Cookies on this website
We use cookies to ensure that we give you the best experience on our website. If you click 'Continue' we'll assume that you are happy to receive all cookies and you won't see this message again. Click 'Find out more' for information on how to change your cookie settings.

There is no formal requirement for a Service Owner, but it is worth giving responsibility and ownership to someone, bearing in mind the following: 

  • Does the system will require specific configuration or special training of users as part of the mitigation of security or data privacy risks?  
  • TPSAs need to be revisited every few years 
  • DPAs/DPIAs should be revisited if the system changes or your use of the system changes 
  • You should review access and log ins every year to ensure that accounts haven’t been abandoned or people who have left still need access 
  • Are your back-up, retention and deletion schedules working appropriately? 

This role might overlap with that of Information Asset Administrator.