SIRO – Senior Information Risk Owner

SIRO is a role used in Government Information Assurance and is particularly prominent in the NHS and where health data is handled, often combined with other job roles.

The SIRO should be a senior member of the company who takes responsibility for managing risks associated with the service(s) being provided by the company [often] into public sector organisations.

The SIRO should show strong governance of information security issues, having a comprehensive risk management programme covering the principles of:

– Confidentiality

– Integrity

– Availability

It’s also important to address physical threats such as access to the organisation’s offices & facilities and staff training, along side technical IT controls such as encryption which all protect information in the organisation’s control.

This can often be achieved by implementing an ISO 27001 management system, which can be independently certified be a UKAS Accredited Body.

However, it should be noted that ISO 27001 on its own will not always satisfy the purchasing body, and the organisation may need to meet additional requirements such as the NHS IG Toolkit or on-site verification audits.

More Information:

ISO 27001 Information Security – www.assentriskmanagement.co.uk/iso27001

Choosing a Certification Body – www.certbodies.co.uk

ISO 27001 to NHS IG Toolkit Mapping – www.assentriskmanagement.co.uk/healthcare

 

 

The post SIRO – Senior Information Risk Owner appeared first on Assent People.

Source: Assent People