RISM02d SIRO Responsibilities

Document Name: RISM02a-SIRO_Responsibilities

Classification: Public

Author: Tim Machin

version: Version: 1.0

Created: 02/02/2025

Last Review date: 07/04/2025

Last Reviewed by: Preeti Matharu

Approved by: OMG

Approved date: 12/03/2025

Review Period: 3 Years

Review: Review aligned to RISM02-Roles_and_Responsibilities

The Senior Information Risk Owner (SIRO) #

The SIRO is a member of the UCL University Management Committee and chair of the Information Risk and Governance Committee.

The SIRO

  1. Must understand how the strategic goals of the organisation may be impacted by information risks.
  2. Must provide assurance to the Provost with regard to effective management of information risk.
  3. Must work within a governance structure with clear lines of information asset ownership and defined roles and responsibilities.
  4. Must be accountable for the maintenance of ISMS information security policies.
  5. Must review and agree upon actions to mitigate intolerable information risks escalated through the ISMS.
  6. Must undertake suitable information security training regularly.