Skip to site content Skip to main menu

Tell us whether you accept cookies

Published: 07 August 2025

FOI 2025/26-046 - Information asset ownership and data governance roles

Report Summary

Issued 28 July 2025, this FOI response provides information on information asset ownership and data governance roles in the Authority.

To access the full document please open the PDF document above.

To view as accessible content please use the sections below. (Note that some tables and appendixes are not available as accessible content). 


Response

The Scottish Police Authority (SPA) has considered your request under the Freedom of Information (Scotland) Act (FOISA).

Our response to each of your questions is provided below.

 

  1. Name of organisation SIRO (Senior Information Risk Owner)
  • Chris Brown, Deputy Chief Executive

 

  1. Contact email of person named in request No. 1.

 

  1. Name of organisation DPO (Data Protection Officer) or responsible person for DPO duties.
  • Lindsey Davie, Information Management Lead

 

  1. Contact email of DPO.

 

  1. Nominated Caldicott Guardian.
  • Not applicable
  1. Contact email of Caldicott Guardian.
  • Not applicable

 

  1. Have you appointed, or do you plan on appointing or delegating the position of IAO to any employees?
  • Information Asset Owners are in place.

 

  1. Who is responsible for the leading IAO structure, I.E. the SIRO/’Lead’ IAO/Head of Governance/Head of Corporate Services etc?
  • Information Management Lead

 

  1. Who is responsible for reviewing and implementing any training needs for the IAO’s?
  • Information Management Lead

 

10.Spend on external IAO training over the past 5 years, per year (financial year), or is the training delivered internally (if at all)?

-   Prior to 2020, formal certified training was delivered by

    Advent IM. Thereafter training has been in-house.

 

11.Are you or have you considered becoming ISO 27001 compliant or certified?

-   SPA do not hold ISO 27001 accreditation, but work to the principles of the standard. Our Forensic Services have ISO 17025 certification.

 

12.Following on from Q11, if so whom is/would be responsible for implementation or exploration of ISO 27001? (as in, the person/job title)

-   SPA does not intend to seek certification to ISO 27001.


Related Publications

The documents below are related by Topic and are the most recently published

Green icon showing weighing scales.

Annual Procurement Report 2024/25 - 13 August 2025

Published: 08 August 2025

Green icon showing weighing scales.

Q1 Transformation Report - 13 August 2025

Published: 08 August 2025

Green icon with 2 arrows moving in different horizontal directions.

FOI 2025/26-040 - Police Scotland compliance with GDPR legislation

Published: 06 August 2025

Green icon with 2 arrows moving in different horizontal directions.

FOI 2025/26-032 - Information and communications related to non-UK data processing over the past 12 months

Published: 25 July 2025