Information compliance

Information Compliance

The University is a complex organisation holding a very large amount of information across all of its functions and operations. Much of this is personal data, or other confidential information, regarding which there are specific requirements and risks. It is vital that the University is able to obtain, use, manage, disclose and dispose of the information it needs, as appropriate, in a responsible and secure manner that adheres to both operational requirements and the responsibilities imposed by legislation and regulation.

Information Compliance covers everything that an organisation may do with the information it handles, including adherence to legal and compliance requirements, such as those listed below, but also ensuring that it utilises its information assets in the most effective way and maximises value from those assets.

Information Compliance Policies

A suite of policies and guidance documents are in place to address the University's Information Governance requirements:   

Information Compliance Framework

The policies listed above form a central part of the University's Information Compliance Framework, and they are complemented by a structure incorporating roles and responsibilities. This is headed by the Senior Information Risk Owners (SIRO, as below) to ensure that there is ownership and awareness of information risks and issues at a senior level:

The Information Compliance Team in the University Secretary's Office, led by the Information Compliance Manager, is tasked with ensuring that appropriate policies, procedures, practices, guidance and advice are in place and available so that staff and students use the information they need in a way that meets requirements.

Information asset owners are in place within schools, faculties and divisions to ensure information is owned and managed appropriately at a local level.

The Information Governance and Security Advisory Board has membership from across the University and discusses and advises on all matters relating to the handling of information.

A diagram outlining the structure of the University's Information Compliance Framework can be found here:

Information Governance Framework Structure Diagram (PDF, 77kB)

Information Asset Register

The University has produced a comprehensive Information Asset Register detailing the information held by Schools, Faculties and Divisions, though it doesn't include research data. A version of the Information Asset Register listing all information assets and their owners is available to University staff here:

University of Bristol Information Asset Register

Research data

The Research Data Service can offer advice and assistance to those managing research data and the Research Data Storage Facility offers a secure storage option to all University staff. The University also has an Open Access Policy in relation to research publications.