Guidance

The role of Information Asset Owners (IAOs) in government

Responsibilities of an IAO in managing the risks to personal information and business critical information held within a department.

Documents

Guidance on the Information Asset Owner Role (PDF)

Request an accessible format.
If you use assistive technology (such as a screen reader) and need a version of this document in a more accessible format, please email [email protected]. Please tell us what format you need. It will help us if you say what assistive technology you use.

Details

The Information Asset Owner (IAO) plays a specialist role in securing information in many departments. This guidance sets out the nature and primary responsibilities of an IAO in managing the risks to personal information and business critical information held within a department.

Updates to this page

Published 1 October 2013
Last updated 4 December 2023 + show all updates
  1. Changes to: - align with Government Security: Roles and Responsibilities 2018 (removing reference to the mandation of positions such as Senior Information Risk Owners and Departmental Security Officers); - align the Role of the Information Asset Owner section with policy text included in Government Security Classifications Policy 2023; - remove out of date staff training and reference the new Security and Data Protection module on Government Campus; - update references to the Data Handling Review; - include reference to departments publishing a list of their IAOs; - update the executive summary; - remove out of date annexes; - make organisational responsibilities clearer under new subheading; and - change references to the Security Policy Framework to GOV007 Functional Standard Crown copyright page updated. Minor changes to formatting and branding.

  2. Guidance updated in line with GDPR.

  3. First published.

Sign up for emails or print this page