OfS aspires to provide a consistently high quality service to its stakeholders across all that it does. This requires our approach to the management of IT and communication to be supported by robust and secure systems and processes that protect information and, in particular, personal data.
We seek to protect our information assets, which include large quantities of personal data concerned with our policy analysis and funding roles, wherever, however, and whenever they are created, processed, transmitted, shared or stored.
Our intention is to protect our information assets from misuse of any type, including unauthorised disclosure, modification and destruction. We manage the development and continuous improvement of our information security processes through drawing on UK government and international standards.
This is achieved through:
- utilising cross-council groups with oversight of this work
- assigning senior and other roles with specific responsibilities in this work
- using regularly reviewed policies, procedures, guidance and technical responses to issues arising
- all staff completing required training packages
- regular independent review by internal audit
- assessing and responding to information incidents that arise
- reporting annually to our Audit Committee and incorporating a statement about information security in the Governance Statement in our annual accounts
- assessing our standing in this work and making annual returns to our sponsoring department in government (the Department for Education) about our information security arrangements.