Information Governance Framework

The Information Governance framework comprises people, principles, policies, technical and organisational controls to help protect information, promoting openness but mindful of the needs and rights of individuals who entrust their personal data to the University and the requirements of other interested parties, funding and regulatory bodies.

Through a network of Information Governance Guardians, we provide training, support and guidance to enable staff to ensure that information is created, used, archived and disposed of appropriately and in accordance with records retention requirements.

There are ten Information Governance Framework Principles that must be embedded into all working practices that involve information, along with a set of established policies and standard operating procedures that must be followed in order to minimise the risk to information.

We risk assess new initiatives which indicate high levels of risk to information or to the University’s network and other IT systems and/or facilities, and make recommendations to mitigate risks. Where personal data is involved, we ensure that data protection impact assessments are completed as appropriate.

We facilitate the creation of the University’s Information Asset Register and undertake reviews to ensure that the assets are being lawfully used and are appropriately protected.

If incidents are reported which jeopardise the confidentiality, integrity or availability of this information, we ensure that appropriate action is taken to minimise any harm or distress to individuals or impact on the University, and require that arrangements are put in place to prevent the incident reoccurring.