What is an Information Asset Register?
An information asset register is a catalogue of the information held by an organisation; including storage location, retention periods, asset owners, internal and external data flows. It functions as a tool to help identify, manage and mitigate risk relating to these assets. Assigning ownership to assets ensures appropriate accountability, and a risk register should be implemented to define actions to take in response to the risk. The register must be continually under review to maintain its integrity, by identifying any new assets and removing expired ones.
Under the recommendations of the University wide GDPR Working Group, each University department is required to maintain an Information Asset Register. These are then collated and reviewed by the Information Compliance Unit. A template and guidelines on how to complete it are available on request.
- Does my department need an IAR?
Each department across the University is required to maintain and update its own IAR, with new information assets being added in line with any relevant change within the department. The IAR should be returned annually to the QUB Information Compliance Unit for review.
- Where can I find a IAR template?
The IAR template is currently operational within all departments. If you work in Student Services and Systems and require a template, please contact Qsis Governance directly.