Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Information Asset Owner Hub

Author: Government Security Group

Information Asset Owner Hub

This page is designed for Information Asset Owners (and those who work with them) providing essential guidance and support to help you carry out your responsibilities and core activities. It includes the new IAO training course and other resources which we hope you find useful

Your leadership will help your organisation understand the information that it holds, principally to ensure accountability for both personal and business-critical information. Additionally, you will play a key role in ensuring compliance with information management and legal obligations, such as data protection.

Your role is vital in identifying and understanding business-critical information assets. By ensuring these assets are used safely and managed responsibly, you will enable better, risk-based, business-led decisions that protect and maximize the value of the information assets within your organisation.

Overview

Download Quick read covering key areas of an IAO responsibilities

Learning outcomes

On completion of this course, you will be able to:

  • Understand and describe the requirements of your role and daily tasks as an Information Asset Owner
  • Manage your information assets to ensure that an accurate Information Asset Register is maintained and reviewed on a regular basis
  • Describe your role in relation to the wider information management functions within your organisation
  • Recognise the importance of your role in contributing to Knowledge and IM governance, data protection, cyber and information security, and legal obligations
  • Describe the evolving threat and risk landscape, identify risk to information and how to prevent breaches
  • Apply knowledge to help improve culture and instil good information handling practices within individual teams
  • Provide assurance that information is managed appropriately and make key decisions on sharing, retention, and disposal of information

Course content

  1. Information Asset Owners (Powerpoint)
    The Information Asset Owner is a senior responsible for managing and protecting information assets to maximise their value and support organisational success and resilience. This includes core activities that are essential.
  2. Information Asset Managers (Powerpoint)
    An IAM is a delegated role that assists the IAO with managing information assets in their business area, usually performed alongside their main role or responsibilities.
  3. Information Assets (Powerpoint)
    Information assets are data or information of differing value within an organisation that, if lost, stolen, altered, corrupted, or made unavailable, may negatively affect the organisation’s reputation and operational performance.
  4. Information Asset Registers (Powerpoint)
    The Information Asset Register (IAR) is a useful tool providing an IAO with a comprehensive overview of the organisation’s information assets.
  5. Legal and Policy Requirement (Powerpoint)
    An IAO must ensure that your area of responsibility complies with relevant legal, regulatory and policy requirements covering information governance. ​
  6. Security (Powerpoint)
    Effective information security relies on a comprehensive, holistic approach that ensures all security controls are appropriately and proportionately implemented in line with the associated risks.​
  7. Information Risk Management (Powerpoint)
    Managing information risk to minimise the likelihood of staff errors or intentional misuse is a crucial responsibility for an IAO.
  8. Security Incidents and Data Breaches (Powerpoint)
    An IAO should be informed of all incidents and breached, especially involving information compromise for information assets within your area of responsibility.
  9. Leading and fostering a culture that values, protects and uses information ethically (Powerpoint)
    The IAO works closely with subject matter experts and multifunctional teams to promote a culture that values, protects, and ethically uses information.
  10. Governance
    An IAO will usually work to the Accounting Officer, the Permanent Secretary or Chief Executive of the department/organisation, and will work closely with the Departmental Records Officer (DRO), the Senior Information Risk Owner (SIRO), the Data Protection Officer (DPO) and Data Owners to ensure that duties are properly coordinated and assurances are provided to the relevant internal information governance boards (or equivalent). ​

Complete course

IAO Training Handbook (Word)(PDF version)
Word version of the 10 Chapters of the course. It has been created for learners who are unable to access the PowerPoint tutorials. It can also be used as reference material.

Knowledge checker

Knowledge checker
An assessment to check what you have learnt. You must answer at least 80% of the questions correctly to pass.

IAO responsibilities and activities

IAO Core Activities (Word)/ (PDF version)
A quick guide to IAO key responsibilities and activities.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now