Information governance
The faculty has appointed Information Governance Guardians (IGGs) and Information Governance Co-ordinators (IGCs) across the Schools and Faculty Function offices. These roles replace the Data Protection Guardian role and you can find the name of the IGG or IGC covering your Division/Office in the tables below.
Faculty Office and PS
| Faculty Office /PS | IGG | IGC |
| Compliance and Risk | Fiona Marriage | |
| Faculty Office/NHS Liaison | Fiona Fraser Matthew Hughes |
|
| Research, PGR and Business Services | Fiona Marriage | Lynne Macrae |
| Student Experience | Fiona Fraser Matthew Hughes |
Annmarie Entwistle |
| Communications,Marketing and Student Recruitment | Fiona Fraser Matthew Hughes |
Stephanie Shaw |
| Technical Services/Core Facilities | Fiona Marriage | |
| Imaging Facilities | Denise Ogden | |
| NIHR Clinical Research Facility | Fiona Fraser Matthew Hughes |
Jian Wu |
| The Royal College of Surgeons | Fiona Fraser Matthew Hughes |
|
| MAHSC Clinical Trials Unit | TBC |
School of Biological Sciences
| Division/Area | IGG | IGC |
| SBS lead and School Operations | Helen Haslam Mousawi Julie Teague |
|
| Student operations | Kerry Mycock | |
| Musculoskeletal & Dermatological Sciences | Helen Haslam Mousawi Julie Teague |
Linsey Nelson |
| Cell Matrix Biology & Regenerative Medicine | Helen Haslam Mousawi Julie Teague |
|
| Evolution, Infection & Genomics | Helen Haslam Mousawi Julie Teague |
Helena Collins |
| Immunology, Immunity to Infection & Respiratory Medicine | Helen Haslam Mousawi Julie Teague |
Kirsty Heydon |
| Molecular & Cellular Function | Helen Haslam Mousawi Julie Teague |
Debbie Smith |
| Neuroscience | Helen Haslam Mousawi Julie Teague |
Debbie Smith |
| Education (PGT) | Kerry Mycock | Kelly Salimian |
| Education (Assessment and Progression) | Kerry Mycock | Shelley Bass |
| Education (Placements, Distance Learning, Careers) | Kerry Mycock | Anne Pinkerton |
| Education (Student Support, DASS) | Kerry Mycock | Louise Stewart |
| Education (Curriculum Management) | Kerry Mycock | Shelley Bass |
School of Medical Sciences
| Division/Area | IGG | IGC |
| SMS lead and School Operations | Michelle Fox | |
| Teaching, Learning and Student Experience | Diane Simmons Michelle Fox |
Laura Watson |
| SMS Admin (including PG) | Diane Simmons Michelle Fox |
Lynne Greenhough |
| Medical Education & CHSTM | Diane Simmons Michelle Fox |
Lynne Greenhough |
| Cardiovascular Sciences | Diane Simmons Michelle Fox |
TBC |
| Dentistry | Diane Simmons Michelle Fox |
Paula O'Grady |
| Developmental Biology & Medicine | Diane Simmons Michelle Fox |
Catherine Doyle |
| Diabetes, Endocrinology & Gastroenterology | Diane Simmons Michelle Fox |
Catherine Doyle |
| Cancer Sciences | Diane Simmons Michelle Fox |
Will Venton |
School of Health Sciences
| Division/Area | IGG | IGC |
| SHS lead and School Operations | Karen Goodson | |
| SHS Teaching, Learning & Student Experience | Chris Bamford | TBC |
| Health Informatics (within IIDS) | Vacant - TBC | |
|
Pharmacy & Optometry |
Victoria O'Reilly | |
|
The Centre for Pharmacy Postgraduate Education (CPPE) in the Division of Pharmacy & Optometry |
Gareth Cosens | |
| Psychology & Mental Health | Grant Boyle | |
| Psychology, Communication and Human Neuroscience | Grant Boyle | |
| Informatics, Imaging & Data Sciences | Rajeshree Rana | |
| Nursing, Midwifery & Social Work | Sarah Moxon and Cacia Percival | |
| Population Health, Health Services Res & Primary Care | Rajeshree Rana |
CRUKMI
| Area | IGG | IGC |
| CRUKMI | Caroline Wilkinson | David Stanier |
Information Security & Data Protection online training
We are all responsible for protecting the personal data that individuals have entrusted to the University. Failure to do so can result in significant harm and distress to the individuals whose data we hold, lead to reputational damage to the University and regulatory fines.
There is an ever-present risk that any one of us could become the victim of a cyber-attack. There are many simple but important steps outlined in the training that you can take to help keep your information, and University systems, safe and secure.
The mandatory Data Protection & Cyber Security course (LAOD152) (refreshed and launched on the 11th October 2022) is available on Blackboard. All staff are required to complete this training.
New Starters are automatically enrolled to a bundle of essential courses which includes Data Protection & Cyber Security course, information on accessing this course and other frequently asked questions can be found on the Information Governance Office Training and Support page.
Working securely while abroad
The Research Security Hub has been developed to help academics and PS staff keep themselves and their work safe as we face a complex international environment and therefore new and changing potential risks.
The hub contains all the information, guidance and support colleagues will need as they carry out their work, whether it’s collaborating on research, managing data, information governance, welcoming visitors, ATAS requirements or managing Export Controls.
It also includes Government guidance from the National Protective Security Authority (NPSA), such as its Countries and Conferences Guide, part of its Trusted Research campaign to support the UK’s research community.
And it offers colleagues lots of other support for travelling and working abroad – useful if you’re attending conferences abroad or meeting up with your international collaborators.
Further information and risk assessment templates for travel can be found on the FBMH risk assessment pages.
Local Housekeeping Checklist
Description |
What to look for |
|
Clear desk/clear screen |
Check desks/working areas are clear of any documentation or removable media that may contain restricted information and are all screens locked when unattended? Devices should be logged-off in-line with relevant policies/SOPs. NOTE: DO NOT confuse clear-desk and tidy-desk. |
|
Shared devices |
If shared devices, i.e. desktop computers, are in use, e.g. in lecture/meeting rooms, check local storage, i.e. the local hard-drive, is cleared after each session or at cease-work or periodically; whichever is appropriate. Where restricted information is discovered, escalate to IGO. |
|
Access points |
Check uncontrolled doors and ground-floor windows are secured when necessary, i.e. when workspaces are unoccupied or at the end of the working day. |
|
Printers/fax machines |
Check that printing has not been left on printer trays. If it has, and it appears to contain restricted information, escalate accordingly. |
|
Paper waste |
Paper waste containing restricted information and electronic media is to be disposed of in-line with the relevant policy. Check waste paper consoles are not overflowing. Check paper waste is not stacked beside consoles. Paper waste pending disposal is to be secured under lock and key until it can be properly disposed of. |
|
Removable media |
Removable media, i.e. USB devices (flash drives, external hard disk-drives, etc.) should be secured under lock and key when not in use. Check workspaces for unsecured items. |
|
Noticeboards/whiteboards |
Ensure whiteboards/noticeboards in meeting rooms, communal or public areas are clear of any restricted information or personal data. Preferably, they are to be cleared after all use, especially at the end of a working day. Where restricted information cannot be cleared, they should be secured in a locked room. |
|
Laptops left in-situ |
Laptops or other portable hardware should be secured when not in use. Check for laptops that have been left in offices/workspaces overnight. Laptops left in-situ are to be kept under lock and key, i.e. in a locked desk drawer or cupboard/cabinet. Kensington locks may be used (on docks or devices) if they are secured solidly, but docking stations are not secure even when locked as they can be easily disconnected and removed. |
|
Filing cabinets/desk drawers |
Check contents of all unlocked drawers/cupboards/cabinets, etc. Any restricted information found is to be reported accordingly. |
|
Loose hard-copies |
Unattended loose documents containing restricted information should be stored securely. If discovered during a check, loose papers should be secured as best as possible at the time and ownership determined where possible. |
|
ID cards |
This should be considered as guidance rather than an action, but the general principle should be encouraged in the workplace. Staff should at least carry ID cards on their person and be prepared produce them when required/on demand. Ideally they should be worn visibly at all times when on UoM premises (especially in access-controlled or other restricted areas) as this will reduce the possibility of being challenged. Staff should be made aware that spot-checks may be carried out. ID cards that are found (and clearly appear to have been lost) should be handed to security. |
|
Restricted areas |
Check all access points to restricted areas are secure. Are there any restricted areas? If so, are they subject to access restrictions such as the following:
|
|
Visible passwords i.e. WiFi, logins, etc. |
Check for log-in credentials that have been written in notebooks, on sticky notes, etc. These can commonly be found under keyboards, on desktop monitors, on desk-planners, etc. Is the password policy being followed to the best of your knowledge? |
|
Keys, smartcards, tokens, etc. |
Check for any unsecured keys, especially what appears to be desk/drawer/filing cabinet keys, or keys/access cards to restricted areas such as document stores, server rooms, etc. Also check for authentication tokens, i.e. RSA fobs, Duo tokens, etc., that have not been locked away. Secure as per loose documents. |
|
IT security |
Check that there are no obvious signs of a security incident and consider the following to the best of your knowledge:
|