Information Governance Committee

Information Governance Committee

Date of Establishment: Replaces the Information Strategy Committee which was established in September 2014

Converner and Administrative Support Area:

  • Convener: University Secretary and Chief Operating Officer
  • Clerk: Information Compliance Officer, Digital & Information Services


To ensure effective oversight, clear strategic direction and visible senior management support for information governance, information risk management, data protection and information security policies, initiatives and compliance across the University.

The remit of this Committee extends to all information assets generated, collected and held by the University, including those maintained by the University Library, Special Collections, and Museums.


(To be reviewed annually at first meeting of committee cycle)

Responsible for:

  • Approving policies, strategies and recommendations that affect information governance, information risk management, data protection and information security;

  • Determining the risk appetite for activities and projects that involve elevated levels of information security or information governance risk to the University;

  • Recommending any action, appropriate risk mitigation or resource prioritisation required to be undertaken by directorates, schools, projects or working groups in response to issues or risks affecting the University’s information assets;

  • Monitoring progress on actions related to information risk mitigation: including the results of penetration tests, audits and adherence to relevant accreditation standards and policies.

  • Escalating any significant issues affecting information governance, risk and security, for onward consideration or approval by SMT or other appropriate committees.

  • Reporting on the status of information security and information governance risks to the Audit & Risk Committee.

  • Promoting awareness of information governance and security responsibilities amongst all members of the University and other third parties acting on behalf of the University.

Composition and Quorum

Convener: University Secretary and Chief Operating Officer


  • Vice-Principal, Regional Engagement and Regional Recovery
  • Vice-Principal, Research
  • Chief Financial Officer, or nominee
  • Director of Advancement
  • Director of Digital and Information Services
  • Director of People
  • Director of Planning
  • Director of Research and Innovation
  • Director of Interdisciplinary Centre for Data and Artifical Intelligence
  • Director of Academic Services and Online Education, or nominee
  • University Librarian
  • One Heads of School
  • One School Administration Manager
  • Head of Data and Business Intelligence, Directorate of Planning
  • Deputy Director of Student Recruitment
  • Dean of International Stakeholder Engagement (vacant)
  • Student Association President, or nominee

In attendance:

  • Information Security Manager
  • University Data Protection Officer
  • Information Compliance Officer
  • Information Governance Officer
  • Chief Information Security Officer, HEFESTIS
  • Assistant Director, Applications Management, Digital & Information Services
  • Other officers, as appropriate

Quorum: 50% of formal membership (including Convener)

Reporting Line and Interface with Other Committee

Formal reporting line: Senior Management Team (SMT), providing routine reports to Audit & Risk Committee

Interface with other Committees:

  • Digital Strategy Committee on digital strategy and projects.
  • Research Policy Committee on research data issues.
  • International Partnerships Committee on data security and governance issue.
  • Grampian Data SafeHaven (DaSH) Steering Group on data security and governance risks.

Working groups:

  • Information Risk Working Group
  • Operational Security Group
  • Short-term working groups may be set up when required.

Frequency and Timing of  Meetings

  • Five times per year.
  • Meetings scheduled between 09:30 – 12:30 and 13:30 – 16:30 in accordance with University policy.

Publication of Papers

Committee papers will not be published routinely to avoid information security vulnerabilities being exposed. Papers may be shared internally and with interfacing committees and groups where appropriate

Date of Establishment of Committee Approved/ Recorded by UMG: 27 August 2017.