The place to find the answer to commonly asked questions. What is 'Information Governance'? Information Governance describes the arrangements an organisation has in place to: a) safeguard a valuable asset, i.e., its information; and b) provide assurance that it is complying with the legal, regulatory and moral responsibilities that accompany the handling of information. It spans how information is created, recorded, stored, used, shared, archived, and destroyed. It covers the activities of information security, data protection, freedom of information, records management, risk management and legal and regulatory compliance. FAQ's What is an ‘Information Governance Framework’? It is a document that pulls together the individual, but inter-related strands of Information Governance. It provides a holistic view of an organisation’s approach to Information Governance and how it meets its legal obligations.It describes Information Governance related activities and services, policies and procedures, roles, accountabilities and responsibilities, reporting and oversight arrangements.It enables everyone to see – in one place/one document - how information is protected by the University. FAQ's Why does the University need a Framework when it already has Information Governance arrangements in place? Leadership of Information Governance activities[1] and ownership of supporting policies sit in different parts of the University; they are described and found on different parts of our website and approved/monitored by different groups/committees.A Framework makes it easier to see how they fit together and collectively form our approach to Information Governance. Increasingly, other UK universities have published a framework. Having all of our arrangements similarly documented in ‘one place’ will facilitate benchmarking and continuous improvement. The absence of a Framework was highlighted by Internal Audit in its 2022 review of the University’s Information Governance arrangements (as was the absence of an oversight group). [1] For example: Information Security sits within ISG; Information Compliance within USG; Risk Management within CSG. FAQ's Who has been involved in pulling the Framework together? Initial work to take forward Internal Audit’s recommendations was undertaken by a Short Life Working Group in 2023. A dedicated project was set up in 2024 to pull together a ‘baseline’ framework for discussion by the newly formed oversight group. This ‘baseline’ was informed through discussions with staff with Information Governance related responsibilities in Colleges/Professional Services Groups and with Information Governance specialist leads. It was also informed by a desk-based review of the contents of the frameworks recently published by the Universities of Bristol and Dundee. Information Governance Group members invited College/PSG feedback on the framework as it evolved. FAQ's Which Groups/Committees have been consulted? The Framework pulls together and describes the arrangements the University already has in place. Information Governance related policies have already been consulted on and approved. No new policy, or revisions to existing policies are being proposed. The Framework was approved by University Executive at its meeting on 21 January 2025. The Risk Management Committee approved the Terms of Reference for the Information Governance Group. FAQ's Who is the Framework for? Essentially anyone who has an interest in how the University handles and protects the information it collects and creates. It will be a public document. Internally, it should be used and applied throughout the University. It applies to anyone who processes (creates, saves, uses, shares etc) information on the University’s behalf: staff (however contracted), students, visitors, third parties etc. Individual activities and policies may be undertaken by and apply to specified groups, but the overarching framework applies to all. FAQ's What will change by having a published Framework? All of our Information Governance arrangements will be described in one place.As the Framework will describe existing activities and policies, i.e., what we do, and signpost to the detail (e.g., policies), Heads of College/Professional Services Groups will need to ensure all the arrangements are in place throughout their Schools/Departments; they’ll need a reporting mechanism to reassure themselves of this. FAQ's When will the Framework be published? Publication will likely be in April 2025. Colleges/Professional Services Groups will be given time to prepare for its publication. FAQ's What is the role of the Information Governance Group (IGG)? The Information Governance Group has been set up in response to the governance weakness identified by Internal Audit. It will oversee and drive continuous improvement in information governance, recognising that responsibility for individual strands (e.g., information security, information compliance) sits with respective areas. It will provide assurance to the Risk Management Committee regarding the effectiveness of the University’s Information Governance arrangements. FAQ's How will the Information Governance Group provide such assurance to the Risk Management Committee? In first instance the Information Governance Group will work with whatever reporting mechanisms are already in place at University, College and Professional Services Group level and Information Governance Group members can readily collate and feedback to the Risk Management Committee. In line with the staged/continuous improvement approach, over time Information Governance Group will look to recommend a more consistent approach, particularly regarding risk reporting. FAQ's This article was published on 2025-02-06
