Report Summary
Issued 28 July 2025, this FOI response provides information on information asset ownership and data governance roles in the Authority.
To access the full document please open the PDF document above.
To view as accessible content please use the sections below. (Note that some tables and appendixes are not available as accessible content).
Request
I’d like to request the following information please for each organisation that operates under this FOI email (if the answers are different for each organisation/there are multiple organisations).
Name of organisation SIRO (Senior Information Risk Owner) or similar post (Chief Information Governance Officer etc), or responsible person for SIRO duties.
Contact email of person named in request No. 1.
Name of organisation DPO (Data Protection Officer) or responsible person for DPO duties.
Contact email of DPO.
Nominated Caldicott Guardian.
Contact email of Caldicott Guardian.
Have you appointed, or do you plan on appointing or delegating the position of IAO to any employees?
Who is responsible for the leading IAO structure, I.E. the SIRO/’Lead’ IAO/Head of Governance/Head of Corporate Services etc?
Who is responsible for reviewing and implementing any training needs for the IAO’s?
Spend on external IAO training over the past 5 years, per year (financial year), or is the training delivered internally (if at all)?
Are you or have you considered becoming ISO 27001 compliant or certified?
Following on from Q11, if so whom is/would be responsible for implementation or exploration of ISO 27001? (as in, the person/job title)
If possible, please also include the date this information was last updated or reviewed.
