ScHARR Information Governance


Policy Section 1: IG training and compliance

Version 18/03/31

Background

Each member of ScHARR, whether or not they carry out research, is likely to come into contact with the risk-bearing data. All members of ScHARR will be provided with appropriate IG training which they must complete to register their compliance.

The IG Committee will be responsible for the oversight of training needs with annual review to determine the overall scope and shape of that training.

Each member of ScHARR is required to repeat standard training at least every two years to ensure they are aware of any updated policies and guidelines within ScHARR.


Policy

Training and support

Each member of ScHARR must complete the mandated IG training as advised by the ScHARR IG Committee. This includes both the University-wide training and the ScHARR-specific training module . Where third party workers have access to risk-bearing data under the control of the UoS that is not covered by a separate agreement (see Section 8) they must also complete the ScHARR-specific training module.

The ScHARR IG Committee will maintain a register of IG training completed by members of ScHARR.

Policy enforcement

Failure to undertake appropriate IG training will lead to removal of existing access to shared data storage, and prevention of any new access being granted.

Each member of ScHARR should be aware that failure to abide by ScHARR’s IG policies may result in disciplinary action being taken against them. Repeated or persistent infractions should be referred by the relevant Section IG Lead to the individual’s line manager or supervisor for action. Escalation to more senior management will occur should there be continued failure to comply with the School’s IG policies.

Section 2: Information assets management