Recent legislation has presented the Division with new challenges in data privacy and information security. We are being asked to provide greater assurance to our funders and data providers, and must demonstrate compliance with regulations such as the DPA 2018.
Last month the Board agreed some enhancements to our information security and governance procedures, including a Divisional information governance policy, an information risk register and three new strategic and operational groups.
These enhancements are designed to ensure that departments and the divisional office can work together effectively to address information risks, ensure our requirements and concerns around information governance are taken into account in University initiatives, and build on the excellent, existing IG expertise in our departments.
An Information Risk Management Group (IRMG) will meet to review the information risk register and submit proposals to the Board to prioritise and treat risks. A larger Advisory Group will meet regularly with the IRMG to raise concerns, receive reports on ongoing projects and report back to departments and units on progress. An IG Community of Practice will work together to embed best practice and nuture and develop our IG professionals.
You can read the policy on our web pages, where we will also report, over the next few months, on convening the groups and developing a programme of work.