IAO structure

1. Name of organisation SIRO (Senior Information Risk Owner) or similar post (Chief Information Governance Officer etc), or responsible person for SIRO duties. There may be more than one SIRO.

2. Contact email of person or persons named in question 1.

3. Name of organisation DPO (Data Protection Officer) or responsible person for DPO duties.

4. Contact email of DPO.

5. Have you appointed, or do you plan on appointing or delegating the position of IAO to any employees?

6. Who is responsible for the leading IAO structure, I.E. the SIRO/'Lead' IAO/Head of Governance/Head of Corporate Services etc?

7. Who is responsible for reviewing and implementing any training needs for the IAO's?

8. In relation to questions 6 and 7, can we please be provided with the contact email address of the appropriate person?

9. Is IAO training delivered by an external third party or internally?

10.Are you or have you considered becoming ISO 27001 compliant or certified? If so when?

11.Following on from Q10, If so whom is/would be responsible for implementation or exploration of ISO 27001? (as in, the person/job title/email address)

12. Who is the person responsible for the physical security controls in your estate e.g. CCTV, Lighting, barriers, intrusion detection and fencing.

13. In relation to question 12 when was the effectiveness of these controls last reviewed?

14. In relation to question 12 can we please be provided with the name/job title and email address of this person?

15. Who would be the person responsible for the organisation of external training within your organisation. E.g. Head of learning and development / HR Manager.

16. Can you please provide the name/job title and email address for the person in question 15

I can confirm that the information requested is held by Lincolnshire County Council. I have detailed below the information that is being released to you.

1. Andrew Crookham

2. Andrew.Crookham@lincolnshire.gov.uk

3. Amy Jaines

4. DPO@lincolnshire.gov.uk

5. Employees have been appointed as IAO's.

6. Head of Information Assurance

7. Head of Information Assurance

8. IA@lincolnshire.gov.uk

9. Internally.

10. No, the Council are compliant with NIST Cyber Security Framework (CSF), and have mapped all NIST controls to ISO27001. Therefore, our compliance with NIST means that we are compliant with ISO27001. 11. N/a

12. This varies across the estate. In majority of cases this is up to the responsible person for the site.

13. This is subject to continual review and improvements made when identified

14. There are too many to list, if there are any queries specifically about this, please send those to CorporatePropertyTeam@lincolnshire.gov.uk

15. Abi Rae – Deputy Head of People – Talent and Leadership Development

16. abi.rae@lincolnshire.gov.uk