Information Governance Committee

(To be reviewed annually at first meeting of committee cycle)

Responsible for:

• Approving policies, strategies and recommendations that affect information governance, information risk management, data protection and information security;

• Determining the risk appetite for activities and projects that involve elevated levels of information security or information governance risk to the University;

• Recommending any action, appropriate risk mitigation or resource prioritisation required to be undertaken by directorates, schools, projects or working groups in response to issues or risks affecting the University’s information assets;

• Monitoring progress on actions related to information risk mitigation: including the results of penetration tests, audits and adherence to relevant accreditation standards and policies.

• Escalating any significant issues affecting information governance, risk and security, for onward consideration or approval by SMT or other appropriate committees.

• Reporting on the status of information security and information governance risks to the Audit & Risk Committee.

• Promoting awareness of information governance and security responsibilities amongst all members of the University and other third parties acting on behalf of the University.

Convener: University Secretary and Chief Operating Officer

Membership:

• Vice-Principal, Regional Engagement
• Vice-Principal, Research
• Chief Financial Officer, or nominee
• Interim Director of Advancement
• Interim Director of Digital and Information Services
• Director of People
• Director of Strategic Planning, Project and Corporate Governance
• Director of Research and Innovation
• Director of Interdisciplinary Centre for Data and Artifical Intelligence
• Academic Registrar, or nominee
• University Librarian
• One Heads of School
• One School Administration Manager
• Head of Data and Business Intelligence, Directorate of Planning
• Deputy Director of Student Recruitment
• Dean of International Student Recruitment
• Student Association President, or nominee

In attendance:

• Interim Head of Information Governance and Security
• Chief Information Security Officer, HEFESTIS
• Other officers, as appropriate

Quorum: 50% of formal membership (including Convener)

Formal reporting line: Senior Management Team (SMT), providing routine reports to Audit & Risk Committee

Interface with other Committees:

• Digital Strategy Committee on digital strategy and projects.
• Research Policy Committee on research data issues.
• International Partnerships Committee on data security and governance issue.
• Grampian Data SafeHaven (DaSH) Steering Group on data security and governance risks.

Working groups:

• Information Risk Working Group
• Operational Security Group
• Short-term working groups may be set up when required.