Document Name: RISM02b-Information_Governance_Lead

Classification: Public

Author: Tim Machin

version: Version: 1.0

Created: 02/02/2025

Last Review date: 04/04/2025

Last Reviewed by: Preeti Matharu

Approved by: OMG

Approved date: 12/03/2025

Review Period: 3 Years

Review: Review aligned to RISM02-Roles_and_Responsibilities

Information Governance Lead (IG Lead) #

The Information Governance (IG) Lead develops and manages the strategy of the Information Governance Framework. The role has overall responsibility for providing assurances to the Senior Information Risk Owner (SIRO) that UCL is meeting its legal, regulatory and contractual obligations to keep research data safe.

The Information Governance Lead

1. Must take a strategic lead in the maintenance of the ISMS.
2. Must provide information security assurances to the Senior Information Risk Owner (SIRO).
3. Must be responsible for the maintenance of ISMS information security policies.
4. Must be responsible for the annual Data Security & Protection Toolkit submission to NHS England.
5. Must act as a point of liaison with organisations working with UCL on information governance-related issues.
6. Must be responsible for setting standards of data handling within research teams that are adequate for the ISMS.
7. Must be accountable for monitoring the performance of the ISMS.
8. Must be accountable for the maintenance of a programme of internal audit and response for the ISMS.
9. Must ensure that the ISMS organisation’s approach to information security is communicated to all users.
10. Must be accountable for the record of information security assurances provided by research teams for the ISMS.
11. Must be a point of contact for visits from external bodies for audit and other types of monitoring.