What is an information asset register?
An Information Asset Register is a catalogue of the information the University holds and processes. It records where information assets are stored, how data moves in and out of the University and who it is shared with, so that we can understand its value and ensure that it is appropriately protected.
The Information Governance Office use the Information Asset Register to undertake risk assessments from an information security and data protection legislation perspective, and advise staff on the best approach to ensure the information is protected in relation to its confidentiality, integrity and availability and to check that that personal data is being processed lawfully.
A new tool is being investigated to enable the Information Asset Register to be regularly updated.
What is an information asset?
An information asset is any data stored in any manner that has some value either to you or the University such that if it was lost/inaccessible or inaccurate it would be difficult to replace without cost, skill, time or resource.
Information assets include, for example, databases, data files, contracts and agreements, system documentation, user manuals, training materials, operational/support procedure, business continuity plans, back up plans, audit trails, archived information.
What do you need to consider?
All information should be protected in accordance with its security classification. Further information can be found in the Information Security, Ownership and Secure Information Handling Standard Operating Procedure or by contacting the Information Governance Office.