Is there a definition of the responsibilities of a Senior Information Risk Owner at all please? Or is the definition as per the Accountability criteria on the ico Accountability Framework?
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
There is an explanation within the NHS Data Security and Protection Toolkit (DSPT) “Data Security Standard 1: Personal Confidential Data” guidance. Is too long to copy in here, but happy to share PDF document if you can get me your email address. Of course the Cabinet Office doesn’t mandate SIROs anymore, not since 2018.
Here’s the DSPT guide: https://www.dataguidance.com/legal-research/big-picture-guide-data-security-standard-1
This is where it says SIRO no longer mandated: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/758358/20180919_GovernmentSecurityRolesAndResponsibilities.pdf
It will depend on your industry, for example there is a defined one for health and social care as per the NHS DP toolkit requirements. They are. the ones I am most familiar with. I’ve not seen the ICO define it.
I’ve just found this post and its coincidentally been valuable for me. Thank you.