Information Asset Owners - Find a freedom of information request

I’d like to make a Freedom Of Information  request  please  in relation  to the Council’s  Information Asset Owners (IAO’s).

I appreciate that not all Council’s use the title of Information Asset  Owners,  however  most  will appoint persons in a similar role and have a similar structure,  can the  FOI request  therefore be applied to these roles if you do not use the title Information Asset Owner (obviously substituting the phrase ‘IAO’  in the questions for the Councils own name for the  role.)

For clarity of what I would define as a similar role, the Cabinet Office guidance entitled ‘ The role of Information Asset Owners (IAOs) in government’ defines an IAO as:  “Information  Asset  Owners (IAOs) must be senior/responsible individuals involved  in running the relevant  business. Their  role  is to understand what information is held, what is added and what is  removed,  how  information is moved, and who has access and why. As a result they are able to understand and address risks to the information, and ensure that information is fully used within the law for the public good.  They provide a written judgement of the security and use of their asset annually to support  the audit process.”

FOI Questions:

1. Has the Council appointed, or does the Council plan on appointing IAO’s?

2. Whom is responsible for the leading IAO structure, I.E. the SIRO/’Lead’ IAO/Head of Governance/Head of Corporate Services etc.

3. What is the IAO structure in terms of how the role is allocated (e.g. is it only given to heads of departments), and what are the job titles of the IAO’s?

4. Whom is responsible for reviewing and implementing any training needs for the IAO’s? (A  job title is fine)

5. Spend on IAO training over the past 5 years, per year (if not able to be broken down year by year, an average per year is fine).

1. Has the Council appointed, or does the Council plan on appointing IAO’s? The council has appointed IAO's.
2. Whom is responsible for the leading IAO structure, I.E. the SIRO/’Lead’ IAO/Head of Governance/Head of Corporate Services etc.

The council IAO structure is based on defined information assets and council functions. It is supported on a daily basis by the Information Assurance Team,  led  by  the  Head  of Information  Assurance.    The Head of Information  Assurance reports to the SIRO.

3. What is the IAO structure in terms of how the role is allocated (e.g. is it only given to heads of departments), and what are the job titles of the IAO’s?

The following  criteria is used to determine allocation  of the IAO  role:

• When identifying an IAO consideration will be given to the sensitivity and criticality of the asset rather than the size of the asset. An asset that consists of sensitive data for example should have a more senior IAO assigned to it e.g. Assistant Director, Head of Service.

• IAO's must have enough seniority to take strategic decisions about the asset.

• An IAO does not need to be a User of the asset  but  must understand  the business needs of the asset and have the authority to manage it accordingly.

• The task of an IAO is not designed to be onerous. It is necessary however that the IAO understands their responsibilities and ensures those responsibilities are carried out effectively and in a way which adds value to the overall process.

The attached spreadsheet lists the job titles of current  IAO's.

4. Whom is responsible for reviewing and implementing any training needs for the IAO’s? (A  job title is fine)

The Information  Assurance Team