Printed from CheckTick DSPT Compliance Documentation
Information Governance: Roles & Responsibilities
Version: 1.0 Effective Date: [Insert Date]
1. Statutory Roles
Senior Information Risk Owner (SIRO) - [DPO Name]
- Accountability: Overall ownership of the organizationβs Information Risk Policy.
- Risk Appetite: Decides the organization's response to identified risks.
- Assurance: Signs off the annual DSPT submission.
Caldicott Guardian - [DPO Name]
- Ethics: Ensures patient-identifiable data is processed according to the 8 Caldicott Principles.
- Advocacy: Acts as the "conscience" of the organization regarding patient confidentiality.
Data Protection Officer (DPO) - [DPO Name]
- Compliance: Monitors adherence to UK GDPR and the Data Protection Act 2018.
- Point of Contact: Liaison for the ICO and data subjects (SARs/Objections).
Cyber Security Lead (CTO) - [SIRO Name]
- Implementation: Manages technical controls (MFA, Encryption, Vault, Northflank).
- Incident Response: Leads technical containment during a security event.
2. Shared Responsibilities
- Data Quality: Both founders ensure that system inputs and processing logic maintain data integrity.
- Training: Both founders must maintain 100% completion of mandatory NHS Data Security training.
- Spot Checks: The SIRO and Cyber Lead jointly conduct bi-annual compliance spot checks.