We are determined to actively manage information risks, including those relating to personal and business sensitive data. We have taken active steps to inform our management and staff of their responsibilities and have implemented the appropriate technical and non-technical measures to meet government standards.
We will continue to monitor our risks and resulting security arrangements to ensure that our networks are secure and that information is managed to best practice standards. As a regulator it has always been imperative that we maintain the confidentiality of the information we hold to the highest standards.
Our information assurance framework
This framework has been established to consolidate our risk mitigation measures into one central source. The framework is a baseline for information assurance training and awareness and sets out the policies and procedures all our staff need to understand and apply in the course of their day-to-day work.
Our information charter
Our information charter sets out the standards that you can expect from the Audit Commission when we request or hold personal information. The document provides further information on:
- personal information;
- how to find out what personal information we hold about you;
- when we share information;
- the training and guidance we give to our staff; and
- how to make a complaint.