Information Governance Policies

FAQs - about information governance

Frequently Asked Questions header image

Featured FAQ:

What should I do if I become concerned that information is not being handled appropriately?

If you become aware that University information has not been handled correctly or that a data breach has occurred, then you should notify your Line Manager and Data Co-ordinator for your School/Professional service immediately. With the assistance of the Data Co-ordinator, you should report the incident to the Information Governance Team using the University’s Data Breach Reporting Tool. The Management of Information Security Incidents and Review of Policies document provides further information on this.

It is important to note that in the vast majority of cases, data incidents and beaches occur as a result of an accident or due to a lack of knowledge. The University’s main concern in such instances is to minimise the risk to any data, and then following that, identify any process improvements that can be put in place to reduce the likelihood of it happening again.       

Relevant Policy: 10. Management of Information Security Incidents and Review of Policies

Questions we have been asked:

How do I know if it is OK to share information?

Firstly, you need to understand which information category the information you want to share falls into. The Information Categories and Controls Policy will help you to do this, and will explain what measures you should take to ensure that your information is shared appropriately.

If you are planning on sharing 'Confidential' information you will almost certainly need to seek further advice from IT Services to ensure that the information will be kept in a safe and secure environment once the data transaction has taken place.

You may also need to seek advice to ensure that any necessary sharing agreements have been put in place to ensure that the University is complying with all relevant legislation.

Relevant policy: 3. Information Categories and Controls Policy

Is it OK to view University information using my own device (e.g. mobile phone or tablet)?

The University recognises the benefits that using personally owned devices can provide, and understands that we all work more flexibly than ever before. However, it is very important that you read the Mobile Working Policy to ensure you are using your device safely and not putting University information at risk.

The Policy lists a number of measures that you must put in place when setting up your device to access University information, and highlights good working practises that you should be mindful of when doing so.

Remember, that when you open an attachment on a personally owned device, you have created a local copy of it, and must be handled and stored as per the Information Classification and Controls Policy.

Relevant policy: 6. Mobile Working Policy

Where can I find all the policies in one place?

There is an Information Governance Policy Pack available below, which contains all ten policies in one PDF, all held together with a contents page.

PDF icon 32x32Information Governance Policy PackInformation Governance Policy PackInformation Governance Policy Pack (431 KB)

More info...

The microsite currently hosts a comprehensive set of Information Security sub-policies (approved by Council in June 2016), which provide a framework for handling data in a manner that is legally compliant and also ensures that the sensitive data of our students, colleagues and partners is secure.

To complement the policies, a host of ‘How To…’ guides and information documents will be developed which will provide colleagues with the tools to work with data safely. These will be added to the site over the coming months. Further to this, we will add other relevant policies (Data Protection, Freedom of Information etc.), thus ensuring that this microsite becomes the ‘first port of call’ that will enable users to gain a good understanding of a wide range of information governance issues.        

In addition to the Information Security sub-policies; all staff and research students are required to complete the mandatory Information Security training. This was launched in February 2016.

If you have any questions or comments related to the resources found in this microsite, please send them in the first instance to