Information Governance Committee

(To be reviewed annually at first meeting of committee cycle)

Responsible for:

• Approving policies, strategies and recommendations that affect information governance, information risk management, data protection and information security;

• Determining the risk appetite for activities and projects that involve elevated levels of information security or information governance risk to the University;

• Recommending any action, appropriate risk mitigation or resource prioritisation required to be undertaken by directorates, schools, projects or working groups in response to issues or risks affecting the University’s information assets;

• Monitoring progress on actions related to information risk mitigation: including the results of penetration tests, audits and adherence to relevant accreditation standards and policies.

• Escalating any significant issues affecting information governance, risk and security, for onward consideration or approval by SMT or other appropriate committees.

• Reporting on the status of information security and information governance risks to the Audit & Risk Committee.

• Promoting awareness of information governance and security responsibilities amongst all members of the University and other third parties acting on behalf of the University.

Convener: University Secretary and Chief Operating Officer

Membership:

• Vice-Principal, Regional Engagement and Regional Recovery
• Vice-Principal, Research
• Chief Financial Officer, or nominee
• Director of Advancement
• Director of Digital and Information Services
• Director of People
• Director of Planning
• Director of Research and Innovation
• Director of Interdisciplinary Centre for Data and Artifical Intelligence
• Director of Academic Services and Online Education, or nominee
• University Librarian
• One Heads of School
• One School Administration Manager
• Head of Data and Business Intelligence, Directorate of Planning
• Deputy Director of Student Recruitment
• Dean of International Stakeholder Engagement (vacant)
• Student Association President, or nominee

In attendance:

• Information Security Manager
• University Data Protection Officer
• Information Compliance Officer
• Information Governance Officer
• Chief Information Security Officer, HEFESTIS
• Assistant Director, Applications Management, Digital & Information Services
• Other officers, as appropriate

Quorum: 50% of formal membership (including Convener)

Formal reporting line: Senior Management Team (SMT), providing routine reports to Audit & Risk Committee

Interface with other Committees:

• Digital Strategy Committee on digital strategy and projects.
• Research Policy Committee on research data issues.
• International Partnerships Committee on data security and governance issue.
• Grampian Data SafeHaven (DaSH) Steering Group on data security and governance risks.

Working groups:

• Information Risk Working Group
• Operational Security Group
• Short-term working groups may be set up when required.