Information Risk Management

All activities attract risk. However risk isn’t necessarily a bad thing – use of technology clearly has certain risks attached but the benefits of streamlining our way of working can outweigh those risks. Information risk management is concerned with the policies, procedures and technology that a school can adopt in order to reduce the threats, vulnerabilities and consequences that could arise if personal data is not adequately protected.

Categories of risk

Confidentiality: making sure only authorised people have access, and there is adequate security to prevent unauthorised access.

e.g. Make sure confidential paperwork isn’t left unattended on your desk and ensure electronic files only allow access to the appropriate people

Integrity: information is whole, accurate and authentic

e.g. Allergens can be life threatening, which is why we never discourage schools from displaying the information securely, but it MUST be up to date, complete and accurate or the information is worthless and more importantly may result in failing to protect a child

Availability: authorised people can access information when they need to, in the right way

e.g. A poor file plan can make it impossible to retrieve documents when you need them. By having a structured, shared naming convention in place, people can search for documents and be assured they are likely to find what they are looking for