Accountability for Information Security and Governance

Within the Medical Sciences Division, 16 departments utilize healthcare data daily to support their world-leading research. Recognizing the importance of this data as critical infrastructure, the Heads of Department prioritize information governance and security as a key pillar of their research strategy.

The departments receive support and guidance from the University CISO and Information Security team, who define the overall University Information Security Strategy. However, Heads of Department are responsible for implementing and complying with the strategy. Assurances, whether internal or external, must be obtained from the Head of Department or, if delegated, from the Department's Senior Information Risk Owner.

Heads of Department may implement the University strategy as they see fit. While many opt to procure IT services from the Divisional IT Service, this is not always the case. Each department is responsible for ensuring that the Divisional service, any externally supplied IT, or local IT solutions, and their use of these technologies comply with the University's security requirements and also external requirements outlined in collaboration, data sharing/access, funding agreements, or formal certifications. To achieve this, departments may hire their own experts or seek assistance from the highly qualified University Information Security Team.

More Information on the University's Information Security Strategic Framework

Links to the Departments, their Heads of Departments and Senior Information Risk Owners