News Article

NHS Information Risk Management: Good Practice Guidance (28/01/2009)

The Digital Information Policy team has published guidance aimed at those responsible for managing information risk within NHS organisations, including Senior Information Risk Owners and Information Asset Owners. It reflects Government guidelines and is consistent with the Cabinet Office data handling report.

The GPG contains:

  • Detailed guidance on the SIRO and IAO roles
  • Guidance on the development of an Information Risk Policy
  • Guidance on the development of a Forensic Readiness Policy
  • Guidance on IG security accreditation

Additional resources within the GPG are:

  • Example SIRO job description
  • Example IAO job description
  • Training materials for SIROs and IAOs - PowerPoint presentation
  • Information Classification guidelines
  • Example Information Risk Policy
  • Example Forensic Readiness Policy
  • Information Asset Register Tool
  • Guidance for use of Information Asset Register Tool

Please visit: NHS Information Risk Management -

Page Processing Time: 0.06 seconds
Page Render Time:  seconds
Supported By: SOCITM society logo SOCITM Local CIO Council logo Directors of adult social services logo