What is a Privacy Impact Assessment (PIA)Information Governance Risk Assessment?
The process can be initiated by any RoS colleague on behalf of the RoS Information Asset Owner (IAO). It allows the IAO to understand the risks arising from a proposal and to agree on any controls they wish put in place to manage that risk.
The IGRA helps RoS colleagues to:
- Understand and manage the risk to their objectives
- Control those risks proportionately and appropriately
- Comply with our legal obligations to protect information
- Evidence that risk has been considered, and that the IAO has given approval
- Ensure risks and control actions are appropriately owned and understood
Proportionality and appropriateness are key principles. We try to ensure that the process is proportionate to risk and in line with the risk appetite for the information / system in question.
More information on the Information Governance Risk Assessment process can be found here.