Scottish Government information management strategy

'I know how to protect information and manage it appropriately'

It is vital then that the Scottish Government holds, shares and processes our information assets appropriately at all times, and that we identify and manage any associated risks.

All Scottish Government employees have a part to play in making sure that the information that they work with daily is processed appropriately and securely.

Information Asset Owners (IAOs) have a specific role in protecting the information assets in their care. In recognition of the importance of that responsibility in 2009, the Strategic Board agreed that the IAO role should be held at Deputy Director level. This role has the responsibility of managing the information assets in their business area, to ensure that information is used within the law for the public good, and to report on information risk management through a Statement on Internal Control.

We must:

• have meaningful, appropriate and consistent controls and information governance arrangements in place at all levels of the organisation;
• ensure our information management is managed annually and links to and supports our strategic priorities and objectives;
• ensure we have effective measures in place to evaluate, encourage and drive our performance around information management; and
• meet our own high standards, policies and ethical responsibilities and fully comply with our information management legal and regulatory obligations.