Information Governance Committee

Committee description

Secretary: Kirsty Rothwell, Email:

Terms of Reference

The Committee’s responsibilities and decision-making powers are as follows:

1.    To be accountable for the University’s Information Governance related policies and management arrangements to ensure they are compatible with the strategic direction of the organisation in handling and protecting information throughout its lifecycle.
2.    To establish and regularly review an information risk register and information governance policies to ensure alignment with information governance priorities within relevant faculty, school or departmental plans and changes within the organization.
3.    To monitor and oversee compliance with Information Governance Policies across the University, through KPI’s, progress updates and reports from the Information Governance Practitioners Group.
4.    To receive and consider reports into data loss or data security incidents and where appropriate to undertake or recommend remedial action.
5.    To receive progress updates on the annual data security accreditation standards such as NHS Data Security and Protection Toolkit (DSPT), Cyber Essentials and PCI DSS.
6.    To monitor, annually review and where necessary update policies and procedures relating to information security and governance
7.    To take an overview of annual statutory returns including the assurance process and data quality issues, and where appropriate recommend remedial action.
8.    To promote best practice and encourage consistency in matters of information governance across the University.
9.    To review the terms of reference (TOR) at least annually and update them as needed to respond to changes in the organization or to external drivers or requirements.

Reporting Relationship

The Information Governance Committee reports to the Senior Leadership Team, referring matters to Audit Committee as appropriate.

Frequency of Meetings

The Information Governance Committee usually meets on four occasions during the academic year.


The quorum for meetings of the Information Governance Committee shall be three members of the Committee and include at least two Directors.

Members or key people

Director of Legal & Governance

K Ryan (Chair)

Director of IT Services

D Lawrence

Director of Research Partnerships & Innovation (or representative)

L Keig

Director of Student Enhancement & Engagement (or representative)

P Leonard

Director of Strategic Planning

P Hopwood

Director of Libraries, Museums and Galleries

P Sykes

Faculty Director of Operations

Dr L Lightfoot/V Reynolds, S Readey or N Sandman

University Records Manager

Ms M Alexander

Data Protection & Freedom of Information Manager

D Howarth

Information Security Officer

C Price

Research Data Manager

J Carr

Head of HR Systems and Data

A Hitchen

APVC Research Environment and Postgraduate Research

Professor S Yates

Business Intelligence Manager

C Wathen

Professor in Applied Public Health Research

Professor B Barr

Invited to Attend

Alternatives to be nominated by Committee members.

If non-University staff or University staff who are not members of the Committee wish to attend, then a formal written request must be made to the Chair who will then decide whether the attendance at the meeting is appropriate.

A deputy should attend the Committee in the event that a Committee member is unavailable.

Meeting dates

  • 14 October 2022, 10.00 am
  • 27 January 2023, 10.00 am
  • 10 March 2023, 10.00 am
  • 23 June 2023, 10.00 am