Information Asset Manager / Administrators

As an Information Asset Manager, you will have day-to-day control of your specific information asset(s). So for example you may be the IAM for Recruitment Applications, or Research Study datasets, or Student Complaints data. Each asset should have a specified IAM recorded on the Asset Register. 

As an Information Asset Administrator (IAA), you may have been delegated some of the IAM tasks.

Information Asset Manager Responsibilities & Tasks

As an IAM, you are responsible for the following in relation to the Information Assets on your Asset Register:

  • Actively promote information security and privacy considerations reguylarly to all staff
  • Maintain your Information Asset Register up-to-date - including determining and recording purposes, conditions for procesisng and retention schedules
  • Ensure that appropriate transparency information is given to data subjects (e.g. Privacy Notices)
  • Identify when any new processing activity is planned to be undertaken on your asset and follow the 'New Processing Activity' guidance accordingly
  • Conduct Data Protection Impact Assessments and/or Information Risk Assessment as required (see relevant guidance)
  • Manage who has access to your Information Asset as well as giving appropriate access levels.
  • Ensure that the Information Asset is maintained in a secure environment at all times - including both at rest and in transit
  • Manage approvals of any request to share or tranmit data
  • Determine and manage the appropriate retention schedule for each asset and ensure that data is securely destroyed as and when required
  • Propmptly report any potential or actual information security breaches or incidents as per the relevant procedure
  • Produce timely reports to your Information Asset Owner and/or the Data Protection Officer as required

IAA may be delgated one or more of these tasks but it remains the ultimate responsibility of the IAM (who in turn is answerable to their Information Asset Owner)

Guidance