Information Governance Committee (IGC) Report on Revised Information Governance Arrangements

Information Management Forum - Highlights of the meeting held on 24 January 2017

Information Governance Committee (IGC) Report on revised information governance arrangements

The Committee considered the operation of the Information Governance Committee over the past year and the establishment of the new Information Management Forum which would operate additionally with cross University Senior Managers representing most areas of the University with its main role being university-wide communication.

Matters Arising from the Minutes of 27 June 2016

It was noted that a number of the matters arising from the previous minutes had been superseded either by changes in portfolio or changes in the remit of the two committees.

EY Internal Audit Report on Cyber Security and Risk Register Update

With the changes to portfolio, the EY Report and the Risk Register now came under the remit of the Deputy Vice-Chancellor (Strategy) and therefore the new Information Governance Committee would receive reports on progress.

Data Asset Mapping

The initial work is now complete and will become part of an Information Services project.

Risk Register Update

The Director of IT and Deputy Director, People Services had discussed the relevant timescales and this would be taken up as a project with the Operations Group.

Policy Framework

An updated framework would be submitted to the next meeting of the Forum for information.

Information and Cyber Security Training Plan

The Director of IT and Director of SWEBE would arrange to discuss the specific cyber security issues which faced those working in Trans National Education and travelled extensively .

General Data Protection Regulation (GDPR)

The Forum considered a paper presented by the Head of Information Compliance on the implications of the introduction of the new GDPR.

Information Security Training Update including progression statistics on uptake by Department

The Director of IT spoke to the above paper which showed that 64% of staff had not yet attempted the Information Security Training. The figures could be slightly misleading as they included those on maternity leave or other leave of absence who could not be expected to have done the training.

The Director of IT and Deputy Director, People Services would, through the Operations Group, consider the best way to produce departmental listings of training uptake.

Information Security Champions

The Director of IT gave a verbal report on the need for Senior Cyber Security Champions which had emerged from the EY Cyber Security Audit. Members of the IMF would act in this capacity as indicated in the Terms of Reference. Aworkshop would be held as part of the next meeting to consider the issues involved.

Schedule of meetings

Dates of meetings 2016/17 IMF meetings would be

• Monday 27 March, 2-4pm CEE4
• Monday 22 May, 2-4pm CEE4

1