Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

Agreed by the Board: January 2020; Next Review: January 2021

The Terms of Reference for the Information Risk Advisory Group (IRAG) were agreed by the Medical Sciences Divisional Board as follows:


The Membership of the IRAG should reflect the range of stakeholders in the Division and central University functions, including departmental and divisional staff in information governance-related roles, academic stakeholders, relevant representatives working in central University functions (such as Research Services, Information Security, Information Compliance), a representative of the Divisional IT Committee.

  • The Membership should also include up to two external members with relevant expertise.
  • The Advisory Group will select one of their number to act as Chair.
  • The Information Risk Management Group (IRMG) will arrange secretarial support.
  • Members of the Information Risk Management Group will attend meetings of the IRAG but will not be members. 

Rotation of Membership

The IRAG is not a formal committee, with terms of office. However in order to reflect good practice members will not normally serve for more than two terms of 3 years each.

Frequency of meetings

The IRAG shall meet normally on a termly basis.


The IRAG shall support the enhancement of information governance across the Division by advising the IRMG on current and anticipated risks relating to information governance; advising on prioritisation of risks; and supporting implementation and improvement activities. In particular the IRAG shall: 

  • Advise the IRMG of current and emerging risks relating to information governance and on their relative prioritisation;
  • Support the development and implementation of relevant University and Divisional policies and procedures across the Division;
  • Work with the IRMG to disseminate key guidance and information on threats and risks;
  • Support the development and implementation of appropriate training programmes;
  • Support the identification of risks and improvement projects related to Information Governance across the Division;
  • Raise awareness of Information Governance policies and procedures in units and departments, and promote good information governance and security behaviours; and
  • Support the operation of the IRMG within the Divisional Office.


The terms of reference of the IRAG will be reviewed on an annual basis.