In 2007 a substantial information risk management failure lead to the resignation of Whitehall grandee Sir Paul Gray the then Chief Executive of Her Majesty’s Revenue & Customs, when a CD containing the confidential data (including names, addresses, National Insurance numbers and bank details) of 25 million people was lost in the internal post system that was managed by a third party supplier.
This embarrassing scandal lead to a Cabinet Office review of data handling. One of the key recommendations of the report resulting from the review was that organisations appoint a Senior Information Risk Owner. A role which in the public sector in the UK (and increasingly in the private sector) now bears the responsibility of assuring the Board that all information risks are adequately managed.
The role of SIRO is normally assigned to an Executive Director (whom may or may not have asked for the additional responsibility – and whom will almost certainly already be stretched to capacity). Without adequate support and subject matter expertise SIROs will invariably feel as though they have been handed a ticking time-bomb, and may frequently wonder whether it will be their head on the block in the event of a major data breach. A complex and evolving information risk landscape and scarcity of resource, only serve to compound the fear.
Being armed with the right knowledge, equipped with the right tools and supported by the right people are the only ways to not only alleviate any potential fears and to turn what would otherwise be a threat into what can be a great opportunity, not only in terms of career progression, but also in terms of acting as a lynchpin for driving organisational transformation.
Information is central to everything that every organisations does. Information risk management is about putting carefully measured people-based, organisational and technological controls in place to mitigate risks to the quality, security and privacy of information.
The result of a well-executed information risk management strategy (IRMS) can go far beyond reducing the likelihood of embarrassing and increasingly costly data breaches (whilst organisations can at present be fined by the Information Commissioners Office up to £500,000 per data breach, the new EU data protection regulation will give enforcement agencies the power to levy fines of up to 5% of an organisations global annual turnover).
Our information risk management training provides SIROs, Information Asset Owners, and Information Governance Managers with a robust understanding of tried and tested methodologies for identifying and mitigating actual and potential information risks,
We tailor our training to suit the needs of each organisation in order to ensure that the training is delivered and understood in context and use real-world scenarios to help you to learn how to readily apply best practice standards.