The role of Information Asset Owners (IAOs) in government
Responsibilities of an IAO in managing the risks to personal information and business critical information held within a department.
Documents
Details
The Information Asset Owner (IAO) plays a specialist role in securing information in many departments. This guidance sets out the nature and primary responsibilities of an IAO in managing the risks to personal information and business critical information held within a department.
Updates to this page
Last updated 4 December 2023 + show all updates
-
Changes to: - align with Government Security: Roles and Responsibilities 2018 (removing reference to the mandation of positions such as Senior Information Risk Owners and Departmental Security Officers); - align the Role of the Information Asset Owner section with policy text included in Government Security Classifications Policy 2023; - remove out of date staff training and reference the new Security and Data Protection module on Government Campus; - update references to the Data Handling Review; - include reference to departments publishing a list of their IAOs; - update the executive summary; - remove out of date annexes; - make organisational responsibilities clearer under new subheading; and - change references to the Security Policy Framework to GOV007 Functional Standard Crown copyright page updated. Minor changes to formatting and branding.
-
Guidance updated in line with GDPR.
-
First published.