Advises on restricted transfers including any additional safeguards and ensures copies of safeguards are available to persons whose data is to be or has been transferred overseas.
SFIA Skills: Information Governance (IG)
A new addition to SFIA
Control and owners (PEDP) (Level 6)
Maintains an overview of the organisation’s information assets, identifies the information asset owners and implements internal audits including controls on storing, security, maintaining records of processing activities, data protection impact assessments, transfers, contracts and handling access to personal data.
Regulatory compliance (Level 7) (IG)
Responsible for business strategy compliance with information governance policies. Takes steps to ensure the organisation complies with all relevant data security regulations including UK GDPR and confidentiality. Identifies the impact of any relevant statutory, internal or external regulations on the organisation’s use of personal information and develops approaches for compliance. Leads and plans activities to communicate and implement information management and privacy strategies. Oversees privacy notices, ROPAs and supports the DPO with the applicability of DPIAs as appropriate.
Information governance culture (IG) (Level 7)
Obtains organisational commitment to information governance at the highest level. Establishes a culture where information governance is the responsibility of every employee.
Influencing partners (IG)(Level 7)
Influences key partner organisations to maintain information governance policies and practices in line with those of own organisation.
Business plans (IG)(Level 7)
Has significant input to development of business plans, ensuring that information governance is integrated into business strategy and policies.
Implementation and processes (IG)(Level 7)
Ensures that the organisation implements processes to take forward the information governance strategy and policies and complies with DSPT.
Strategy (IG)(Level 7)
Takes overall responsibility for establishing and managing information governance strategy and policies in accordance with external and internal legislation and guidance relevant to the organisation.
Advice and guidance (IG) (Level 7)
Leads and guides provision of information governance requirements across all the organisation’s information and information systems.
Risk assessment (IG)(Level 4)
Carries out risk assessments as directed, using standard processes for identifying potential information governance risks.
Policies (IG)(Level 4)
Interprets and applies approaches for the assessment of complex information artefacts and data flows against information governance policies and business objectives.
Advice and guidance (IG) (Level 4)
Provides information governance advice and guidance, sometimes complex, to colleagues and suppliers to ensure they effectively, legally and safely manage and share records and information. Encourages and coaches less experienced information governance colleagues.
Threats and breaches (IG) (Level 5)
Responds to major data security breaches in line with security and information governance policies and recommends appropriate control improvements. Supports any investigation that takes place as a result of a breach. Supports action to categorise and limit damage, according to the organisation’s security policy, which may include escalation and reporting the incident to the Information Commissioner’s Office, and records the incident and action taken.
Threats and breaches (IG) (Level 6)
Ensures the identification and monitoring of data security and data protection trends and proactively assesses impact on business strategies, benefits and risks. Manages assessment of threats to confidentiality, integrity, availability and relevant compliance. Contributes to data security control reviews, business risk assessments and reviews that follow significant breaches of data security controls.
Implementation and processes (IG)(Level 6)
Supports the development, implementation and monitoring of organisational policies and processes relating to information governance.
Performance measures(IG)(Level 6)
Determines appropriate and practical performance measures to ensure that information governance priorities set by the business can be effectively monitored.
Risk assessment (IG)(Level 5)
Maintains oversight of complex data protection and confidentiality risk assessments and develops mitigating strategies for highly complex or strategic scenarios. Oversees application of the principles of risk assessment, risk management processes and decision making as they relate to information governance.
Threats and breaches (IG) (Level 3)
Responds to data security breaches in line with security and information governance policies. Supports any investigation that takes place as a result of a breach. Supports action to categorise and limit damage, according to the organisation’s security policy, which may include escalation and reporting the incident to the Information Commissioner’s Office, and records the incident and action taken.
Risk assessment (IG)(Level 2)
Supports risk assessment following standard procedures. Maintains and monitors risk assessment documentation.
Incident Response (Level 6)(IG)
Cooperates with the supervisory authority. Acts as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36. Consults, where appropriate, with regard to any other matter. Advises the organisation on risk mitigations and required actions.
Restricted Transfers (IG)(Level 4)
Advises on restricted transfers including any additional safeguards and ensures copies of safeguards are available to persons whose data is to be or has been transferred overseas.
Incident response (PEDP) (Level 6) (IG)
Assesses and manages the risk for any potential personal data breaches and cyber incidents. Sets in motion the agreed procedures to identify breach, including with third parties, works within statutory timeline, mitigates risk, and maintains communications with Data Protection Officer (DPO), or equivalent when not required, to comply with statutory notification to the regulatory authority (Commissioner) if breach confirmed.
IG Cyber Threat Understanding (IG)(Level 6)
Provides an IG perspective on cyber threats.
Information governance culture (IG) (Level 6)
Champions organisational commitment to positive information governance culture. Promotes and supports a culture where information governance is a responsibility of every employee.
Policies (IG)(Level 3)
Follows standard approaches for the assessment of information artefacts and data flows against information governance policies and business objectives.
Advice and guidance (Level 3)(IG)
Provides straight forward information governance advice and guidance to colleagues and suppliers to ensure they effectively manage information.
Data security and protection toolkit (IG)(Level 4)
Uses the Data Security & Protection Toolkit (DSPT) to provide assurance that information assets are secure and handling personal information correctly.