Standard
Data and Information Risk Management
Data risk management is the processes, procedures, and controls that DfE puts in place to identify and minimize data risks.
Purpose
The purpose of this standard is to ensure that DfE's data and information risks are identified and monitored.
Categories
Information and Data Management
- Data Governance
- Data Protection
How to meet this standard
To be compliant, you need to ensure data and information risks are identified and monitored.
What the Information Asset Owner (IAO) / Senior Responsible Owner (SRO) must do
- Ensure the ICO (Information Commissioner's Office) is consulted if the full DPIA (Data Protection Impact Assessment) has a high level of residual risk, or the processing is novel or contentious.
- Ensure risks are scored by likelihood and impact.
- Report and monitor risks until they are resolved.
- Identify an owner and responsible person(s) for each risk.
- Ensure risk response strategies are developed and implemented.
The Accounting Officer (Permanent Secretary) has overall responsibility for ensuring that information risks are assessed and mitigated to an acceptable level within the organisation.
Version history
| Version | Date | Details |
|---|---|---|
| – | – | Current version |