Our Information Governance Framework
ARU must have robust measures in place for ensuring that information is managed in a safe and secure environment. Our information governance framework must:
The framework will assist ARU to comply with legislation and relevant regulations. ARU requires information to be handled in the most effective and efficient way to meet the changing needs of the people who learn or work in The University along with the wider community of partners and the public. Our information governance arrangements ensure that we maintain an effective framework for managing information, enabling business needs to be met within an agile and flexible environment and allowing us to work closely with our partners, exchanging information legally, safely and securely.
We assure the public, partners and regulators that ARU is maintaining standards and is a trustworthy body to be processing personal data and data of other sensitivity types.
We have clarity for staff in all roles about their responsibilities, and arrangements that can be evidenced to the public, partners and regulators to provide assurance that information policy and other decision making is done consistently and through due process.
This information governance framework supports the implementation of our policies and strategies for the way we handle information and the provision of advice and guidance to our staff to help them understand and meet the legislative and regulatory requirements and promote good information management practice.
Our policies, strategies and standards are reviewed annually and whenever legislation changes to ensure they continue to deliver legislative and regulatory compliance and meet business needs. Our procedures and operational guidance are reviewed whenever relevant policies, strategies or standards are revised and when an operational need arises. Our project and technology governance mechanisms include appropriate checkpoints to ensure compliance with our information management framework, including the implementation of privacy impact assessments when information about people is involved.
The following describes the relevant boards and roles with associated responsibilities:
Complaints about the way we handle information, particularly those relating to compliance with the Data Protection Act or the Freedom of Information Act, are managed by ICT, and involve staff at all levels in investigating matters and in approving formal responses, agreeing appropriate remedial actions and in identifying and discussing lessons learned.
Please see our governance pages for more information about ARU’s governance controls.