Contents
Summary
Data risk management is the processes, procedures, and controls that DfE puts in place to identify and minimize data risks.
Categories
The categories applicable to this standard are:
- Information and Data Management
-
- Data Protection
- Data Governance
Purpose
The purpose of this standard is to ensure that DfE's data and information risks are identified and monitored.
How to meet this standard
To be compliant, you need to ensure data and information risks are identified and monitored.
What the Information Asset Owner (IAO) / Senior Responsible Owner (SRO) must do
- Ensure the ICO (Information Commissioner's Office) is consulted if the full DPIA (Data Protection Impact Assessment) has a high level of residual risk, or the processing is novel or contentious.
- Ensure risks are scored by likelihood and impact.
- Report and monitor risks until they are resolved.
- Identify an owner and responsible person(s) for each risk.
- Ensure risk response strategies are developed and implemented.
The Accounting Officer (Permanent Secretary) has overall responsibility for ensuring that information risks are assessed and mitigated to an acceptable level within the organisation.
Declaring conformance with this standard
Conformance with the standard must be recorded every 12 months.
Owner and contacts
- Standard owner
-
Saheel
Sankriwala
Chief Technology and Data Officer - Other point of contact
-
DDT
Standards
Team