An Information Asset is any system, application, or asset that processes or stores personal data.
The Information Asset Register is essentially a log of all Information Assets in use throughout the Trust.
There are currently over separate 150 fields of information that can relate to each Information Asset, but some highlights include:
- Asset Name
- Asset Type
- Asset Purpose
- Information Asset Owner
- System Supplier
- Key Contact
- Security Arrangements
It is vital that the Information Asset Register is kept as up to date as possible to ensure robust data protection practices are in place for all assets and information held in the Trust.
There are two key roles recorded against each asset in the Information Asset Register: Information Asset Owners and Information Asset Administrators
Information Asset Owners (IAO): IAOs are responsible for in information held in the asset. They are usually senior managers. They key responsibilities of the IAOs are:
- Promote a culture that values and protects Information
- Know what information the asset holds, what enters and leaves it, and why
- Know who has access, why they have access, and ensure their use of the asset is monitored
- Understand and address risks to the asset and provide assurance to senior leadership
- Ensure appropriate use of the information asset
Information Asset Administrators (IAA): IAAs are usually operational/corporate members of staff who know and use the asset in depth, for example a system administrator or super-user. They are identified and approved by the IAOs and support and provide assurance to the IAO.