INFORMATION GOVERNANCE AND SECURITY GROUP. Terms of Reference



Similar documents
Information Security Incident Management Policy September 2013

Data Protection Policy June 2014

Risk & Compliance Committee Charter. HCF Life Insurance Company Pty Ltd (ACN ) (the Company )

Gladstone Ports Corporation Limited

Academic Management Structures at Multiple Campuses Summary

Risk & Compliance Committee Charter. HCF Life Insurance Company Pty Limited (ACN ) (the Company )

REMUNERATION COMMITTEE

INFORMATION GOVERNANCE POLICY

Criminal Injuries Compensation Authority. Data protection audit report

Audit Committee Terms of Reference

Terms of Reference - Board Risk Committee

NHS Lanarkshire Information Governance Committee

CORPORATE GOVERNANCE GUIDELINES

INFORMATION GOVERNANCE POLICY

Rolls Royce s Corporate Governance ADOPTED BY RESOLUTION OF THE BOARD OF ROLLS ROYCE HOLDINGS PLC ON 16 JANUARY 2015

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee

NHS Greater Huddersfield Clinical Commissioning Group. Remuneration Committee. Terms of Reference

CORPORATE GOVERNANCE GUIDELINES OF PERFORMANCE FOOD GROUP COMPANY

Procedures for obtaining informed consent for recordings and images of people to support Data Protection Policy

Intranet Policy. May 2014

The UCD Bachelor of Arts Degree Programme Board Terms of Reference

Audit Committee of the UK Statistics Authority. Terms of Reference - March 2010

GOVERNANCE AND RISK COMMITTEE CHARTER As Amended and Restated by the Board of Directors May 9, 2016

Corporate Governance Principles of Zoetis Inc. (the "Company")

TERMS OF REFERENCE AND COMPOSITION OF THE SENATE AND ITS STANDING COMMITTEES

Northern Ireland Assembly. Applicant Information Booklet INDEPENDENT CHAIR AND MEMBER OF THE NORTHERN IRELAND ASSEMBLY AUDIT AND RISK COMMITTEE

LORD CHANCELLOR S CODE OF PRACTICE ON THE MANAGEMENT OF RECORDS UNDER

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference

CORPORATE GOVERNANCE GUIDELINES (as amended and restated on January 20, 2014)

Business Continuity Management Policy and Framework

GOOD HE GO ERNANCE. Governance Code and Supporting Guidelines for Members of the Governing Bodies of Higher Education Institutions in Scotland

LOBLAW COMPANIES LIMITED ENVIRONMENTAL, HEALTH & SAFETY COMMITTEE CHARTER

Information Governance Framework

CATAMARAN CORPORATION CORPORATE GOVERNANCE GUIDELINES

INVITAE CORPORATION CORPORATE GOVERNANCE GUIDELINES

CCTV PROCEDURES To support Information Security Policy Framework

TERMS OF REFERENCE Electronic Communications Resilience and Response Group (EC RRG)

KUMBA IRON ORE LIMITED (Registration number 2005/015852/06) ( Kumba or the Company )

CODE OF CONDUCT FOR GOVERNORS 1. INTRODUCTION

Information Governance and Data Protection Policy

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

Ayrshire and Arran NHS Board

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

The Audit Committee self-assessment checklist

Terms of Reference. HRA Approval Change Management Project Board. Title:: HRA Approval Change Management Project Board Terms of Reference 2.

Education and Training Committee, 10 March Professional indemnity insurance. Executive summary and recommendations.

Risk Committee Charter

HR & EXECUTIVE SUPPORT MANAGER ROLE PROFILE

INFORMATION GOVERNANCE POLICY

MATTEL, INC. AMENDED AND RESTATED GOVERNANCE AND SOCIAL RESPONSIBILITY COMMITTEE CHARTER

The City of Nottingham and Nottinghamshire Economic Prosperity Committee. Constitution (terms of reference, membership and procedure rules)

Institute of Banking University College Dublin (IOB-UCD) Academic Programme Board Terms of Reference

BOARD OF DIRECTORS MANDATE

Subject Access Request (SAR) Procedure

Audit and risk assurance committee handbook

CONFIGURATION COMMITTEE. Terms of Reference

AUDIT COMMITTEE TERMS OF REFERENCE

Senate. SEN15-P17 11 March Paper Title: Enhancing Information Governance at Loughborough University

Information Governance Policy

INFORMATION GOVERNANCE STRATEGY

Freedom of Information PM&C Business Rules

Highland Council Information Security Policy

INFORMATION GOVERNANCE POLICY

COMPENSATION AND CORPORATE GOVERNANCE COMMITTEE CHARTER

LEUCADIA NATIONAL CORPORATION CORPORATE GOVERNANCE GUIDELINES

Charity Audit Committee performance evaluation Self assessment checklist. October 2014

Student records management policy December 2013

CHARTER TIO Board of Directors

LOCAL AUTHORITY PENSION FUND ANNUAL REPORT AND ACCOUNTS. This Circular replaces Local Government Finance Circular 1/2011.

Corporate governance statement

LAGO DOURADO MINERALS LTD. NOMINATING AND CORPORATE GOVERNANCE COMMITTEE CHARTER. (Effective September 9, 2010)

Board Charter. HCF Life Insurance Company Pty Ltd (ACN ) (the Company )

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT

2.2 Reviewing the company s internal financial controls and the company s internal control and risk management systems;

Students who receive either a means-tested or non means-tested NHS bursary and NHS secondees are eligible to apply to the Fund.

Institute of Public Administration University College Dublin (IPA-UCD) Academic Programme Board Terms of Reference

The Rubicon Project, Inc. Corporate Governance Guidelines

A Delaware corporation (the Company ) Nominating and Corporate Governance Committee Charter Amended as of January 21, 2015

Corporate Governance Guidelines

INTUITIVE SURGICAL, INC. CORPORATE GOVERNANCE GUIDELINES

Information Governance Policy

Audit, Business Risk and Compliance Committee Charter Pact Group Holdings Ltd (Company)

Establishing and operating HEA accredited provision policy

ADOBE CORPORATE GOVERNANCE GUIDELINES

Corporate Governance Statement

OVERSTRAND MUNICIPALITY

COHERENT, INC. Board of Directors. Governance Guidelines

UIL HOLDINGS CORPORATION CORPORATE GOVERNANCE GUIDELINES. Amended March 24, 2015

LOOKSMART, LTD. CORPORATE GOVERNANCE GUIDELINES

PFIZER INC. CORPORATE GOVERNANCE PRINCIPLES

ALIBABA GROUP HOLDING LIMITED NOMINATING AND CORPORATE GOVERNANCE COMMITTEE OF THE BOARD OF DIRECTORS CHARTER

Data Protection Policy

HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE

SCOTLAND EXCEL CHIEF EXECUTIVE OFFICERS MANAGEMENT GROUP PROCEDURES

2.2 Assessors shall not be members of Boards or Joint Boards of Examiners and shall not be entitled unless invited to attend their meetings.

Corporate Governance Guidelines. Cathay General Bancorp. As adopted March 15, 2012, and amended March 20, 2014

CHICO S FAS, INC. CORPORATE GOVERNANCE GUIDELINES. The Board may review and revise these guidelines from time to time as necessary.

Practice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM

CODE GOVERNANCE COMMITTEE CHARTER. 1 Functions and responsibilities of the Code Governance Committee

Transcription:

INFORMATION GOVERNANCE AND SECURITY GROUP 1 Constitution and purpose Terms of Reference 1.1 The purpose of the University Information Governance and Security Group is to 1.2 promote the effective management of University information in all formats throughout its lifecycle, to meet operational, legal and evidential requirements 1.3 support the University in identifying and managing its information needs, risks and responsibilities 1.4 review policies and procedures that comprise the Information Security Management System (ISMS) recommending action where appropriate to strengthen information security controls 1.5 The University Information Security Group reports on risks to the Risk and Project Management Strategy Group and on other aspects of information governance and security management to the Secretary s Board and will also send its minutes to the Strategic Information Systems Group. 2 Remit 2.1 The University Information Governance and Security Group will have oversight of strategy, policies and procedures to promote the effective management of information throughout its lifecycle from planning and development, access and use to controlled disposition, so that it meets the University's needs and provides authentic and reliable records of actions and decisions. 2.2 The Group is responsible for reviewing all relevant policies and procedures that comprise the Information Security Management System (ISMS), monitoring compliance with the ISMS, reviewing incidents and recommending actions where necessary to strengthen information security controls. 2.3 The Group will receive regular reports on information security risks from the Head of Heritage and Information Governance who is responsible for recommending Update: 6 March 2015 ;of TOR approved by the Group on 4 February 2014 Page 1

information governance and security strategy and ISMS to the Director of Governance and Legal Services. 2.4 The University Information Governance and Security Group will review and endorse information security strategy and policy for approval by the Secretary's Board. 2.5 The remit of the Information Governance and Security Group applies to all locations from which University information is created and accessed including home use. As the University operates internationally, through its campuses in Dubai and in Malaysia and through arrangements with partners in other jurisdictions, the remit of the Group shall include such overseas campuses and international activities and shall pay due regard to non UK legislation that might be applicable.

3 Membership 3.1 The Membership of the Group shall include: Director of Governance and Legal Services (Chair) Head of Heritage and Information Governance Director of Information Services or nominee Head of Risk and Audit Management Security and Operations Manager Senior Computing Officer, representing computing officers in Schools and Institutes with devolved IT services Academic Registrar or nominee Director of Human Resources or nominee Director of Student Recruitment Director of Marketing and Communications or nominee/s Director of Administration representing the Directors of Administration in Schools and Institutes * Director of Research representing the Directors of Research in Schools and Institutes* Director of Learning and Teaching representing the Directors of Learning and Teaching in Schools and Institutes* 3.2 The Group may co-opt members who they consider have particular skills and experience which would assist the work of the Group 3.3 The current membership of the Group is as follows: Chair: Sue Collier, Director of Governance and Legal Services Ann Jones: Head of Heritage and Information Governance Mike Roch, Director of Information Services Mark Cockshoot, Head of Infrastructure Services, information Services Lorraine Loy, Head of Risk and Audit Management Mike Bates, Director of Student Recruitment Bill Taylor, Security and Operations Manager Reza Mohammadi, Computing Systems Manager, School of Engineering and Physical Sciences Ian Chisholm, Director of Information Technology, Institute of Petroleum Engineering Paul Travill, Academic Registrar Elizabeth Canon, PR Officer, Internal Communications Helen Hymers, Head of Human Resources Services/Ed Bibby, HR Systems Manager *Currently unfilled 4 Group-Chair 4.1 The Chair of the Group shall be the Director of Governance and Legal Services 4.2 In the absence of the Chair of the Group the Director of Governance and Legal Services will nominate an alternate Chair.

5 Frequency 5.1 The Group usually meets four times a year, linked to the formal meetings of the Risk and Project Management Strategy Group. 5.2 Additional meetings may be held in order to meet business requirements at the request of the Chair of the Group 6 Attendance at meetings 6.1 In addition to the members, and associated with agenda business, other members of staff and external participants may be invited to attend on an ad-hoc basis for particular agenda items. 6.2 The Group will maintain a record of attendance at each of its meetings and will include this information in its annual report to the Risk Management Strategy Group. 7 Reserved business 7.1 There may be occasions when the Group's business is designated reserved (confidential). On occasion, with the approval of the Chair, any member of the Group may be asked to withdraw from the meeting during consideration of a reserved item of business. 7.2 The record of matters which the Chair and the Group are satisfied should be dealt with on a reserved basis will be recorded separately. 8 Reporting procedures 8.1 The Chair and Clerk of the Information Governance and Security Group will make an annual report to the Risk and Project Management Strategy Group on compliance with the ISMS, recommending any actions needed to address risks and issues. 8.2 The Chair is responsible for escalating major risks arising from a breach of information security, or other major issues that affect strategic and operational risks, promptly to the Risk and Project Management Strategy Group and the Secretary of the University. 8.3 The Chair and Clerk will report as necessary to the Secretary s Board and also to the Strategic Information Systems Group as part of a wider communications strategy to promote a culture of effective and responsible information governance and security management across the University. 8.4 The Chair will approve the content of reports before release including the

redaction of any information deemed necessary for reasons of confidentiality. 8.5 The Group's records (agenda, papers, minutes) are not included in the University s Freedom of Information Publication Scheme. Requests for access to information in accordance with Section 1 of the Freedom of Information (Scotland) Act (FOI(S)A will be considered and managed in accordance with the public right of access to information under the Act, where appropriate applying relevant exemptions under the Act to protect confidential information. 8.6 Minutes and reports of the Group will denote those areas of reported business which are deemed to fall within the designation of information which is exempt from disclosure under the FOI(S) A at the time of writing. 9 Forward Planning 9.1 The Group will review its Terms of Reference and submit recommendations on these to the Secretary's Board and Risk and Project Management Strategy Group annually for approval. 9.2 The Group will set its meeting dates one year in advance, aligned to the schedule of meetings of the Risk and Project Management Strategy Group and will maintain an annual workload plan for the Group Supporting Information Groups feeding into the Information Security Group The Group will receive minutes of IT Officers' Groups Effectiveness and lifespan Lifespan ongoing. Actions that may be taken by the Group The Information Governance and Security Group may: Note Approve Receive Recommend Consider Reject Endorse Most appropriate minuting style Traditional / formal minutes in accordance with internal University guidance. Resources

Clerk Meetings Mariette Naud-Betteridge Four times per academic year

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information