Information Governance Committee

Committee description

Secretary: Kirsty Rothwell, Email:

Terms of Reference

The Committee’s responsibilities and decision-making powers are as follows:

1. Ensuring effective oversight, clear strategic direction and senior management support for information governance and compliance across the University.

  • Ensure that an appropriate and comprehensive information governance framework is in place and being developed throughout the University in line with national standards and the strategic direction of the University.
  • Establish accountability, responsibility and authority. IGC sets the roles, responsibilities and the authorities for the protection of the organisation's information assets throughout its lifecycle.
  • Monitor reviews and audits relating to information governance and adherence / development to relevant national standards.
  • Provide assurance that effective information governance and information security best practice mechanisms are in place within the University.

2. Determining the risk appetite for activities and projects that involve elevated levels of information security or information governance risk to the University.

  • Act as a point of escalation for issues relating to security and information risk management.
  • Make recommendations on escalated exceptions which require the University’s risk appetite to be exceeded.

3. Promoting information governance and security responsibilities amongst all members of the University and other third parties acting on behalf of the University.

  • Coordinate the activities of staff with data protection, confidentiality, information security, information quality, information and records management, Freedom of Information and Subject Access responsibilities.
  • Monitor completion rates of mandatory data protection and information security training by university staff (permanent, temporary & honorary).
  • Ensure that University staff are aware of and are complying with the information governance policies and procedures that affect them.
  • Ensure that the University’s approach to information handling is reflective of national standards.
  • Promote best practice and a culture of information governance across the University.

4. Monitoring compliance with legislation and adherence/development to relevant standards.

  • Monitor the University’s requests for information the Freedom of Information Act, Environmental Information Regulations and UK GDPR (General Data Protection Regulation) to ensure compliance with law.
  • Receive and consider reports on information security breaches and make recommendations regarding high-risk data security risks or issues to SLT (Senior Leadership Team) for possible further action.
  • Monitor compliance with the NHS Data Security and Protection Toolkit requirements to enable University use of NHS patient data in research.
  • Review and discuss lessons learnt from information governance incidents to ensure the risk of future incidents is mitigated.

5. Approving and reviewing policies, strategies and recommendations that affect information governance, information risk management, data protection and information security.

6. Reviewing the terms of reference (TOR) at least annually and update them as needed to respond to changes in the organization or to external drivers or requirements

Reporting Relationship

The Information Governance Committee reports to the Senior Leadership Team, referring matters to Audit Committee as appropriate.

Frequency of Meetings

The Information Governance Committee usually meets on four occasions during the academic year.


The quorum for meetings of the Information Governance Committee shall be five members of the Committee and include at least two Directors.


Members or key people

University Secretary and General Counsel

K Ryan (Chair)

Assistant Director, Legal & Insurance Services

J Fox 

Chief Digital Information Officer

D Lawrence 

Assistant Director, Research Partnerships & Innovation

L Keig

Director of Strategic Planning

P Hopwood 

Associate Director- IT Service, Security & Infrastructure

M Hilditch

Faculty Information Governance Representatives

V Reynolds (SEG)
Dr Judi Turner (HSS)
Dr Neil French (HLS)

University Information & Records Manager

M Alexander 

Data Protection & Freedom of Information Manager

D Howarth

Information Security Officer

C Price

Research Data Services Manager

J Vigilanti

Head of HR Systems and Data

P Mcloughlin

Associate Director - Research IT

J Gannon

Other members may be co-opted or invited to attend specific meetings at the discretion of the Committee. The Committee may establish time-limited groups as necessary to deal with pertinent issues.

Invited to Attend

Alternatives to be nominated by Committee members.

If non-University staff or University staff who are not members of the Committee wish to attend, then a formal written request must be made to the Chair who will then decide whether the attendance at the meeting is appropriate.

A deputy should attend the Committee if a committee member is unavailable.

Meeting dates

  • 11 October 2023, 10.00 am
  • 31 January 2024, 10.00 am
  • 20 March 2024, 10.00 am
  • 5 June 2024, 10.00 am