top of page
Self assessment information fitness questionaire
Q1 - Are you confident that you have well defined purpose, vision and strategic objectives that have been communicated organisation wide?
These need to be well defined and communicated to maintain clear focus, alignment, prioritisation, coordination and flexibility across any organisation.
Good information governance relies upon clear strategic objectives to ensure that information assets, activities and opportunites are best used and prioritised to achieve wider organisational goals.
Q2 - Do you have a well defined risk appetite that has been communicated organisation wide and is used as part of your overall risk management framework?
A well defined and communicated risk appetite provides clear, consistent guidance and boundaries for everyone working with an organisation, particularly in terms of options considered and decision making.
Understanding organisation risk appetite is critical for effective information governance as a wider framework for managing risk and making decisions that balance the potential benefits of using information with any associated risks. Good information governance also needs to be fully embedded within overall risk management processes and the wider organisational culture to ensure that everyone understands the importance of information and their responsibilties for using and managing it effectively.
Q3 - Are you confident that you have a good understanding and control of all your information & IT/digital related costs?
Good information governance relies upon having an accurate and complete understanding of all information & IT/digital related costs and how these contribute to overall cost and performance, as well as how these compare to similar organisations locally and globally.
Only then can information fitness improvements be properly and realistically assessed, budgeted and planned for.
Q4 - Do you maintain an up to date Register of Processing Activities (RoPA)?
Having and maintaining an up to date RoPA is a core legal requirement for all UK organisations under UK GDPR and the UK DPA 2018.
A good understanding of all the key datasets used within an organisation is also a core foundation for good information governance.
Q5 - Are you confident that you have an effective Information Security Management System (ISMS), regularly assessed with external, independent experts?
With ever-increasing cyber-threats globally and increasing use and reliance upon 3rd party “cloud” IT/digital services it is more important than ever to fully understand and manage your Information Security key risks and controls effectively, also to ensure that these are regularly & independently reviewed
Q6 - Have you defined and implemented data retention limits across your key datasets, including regular processes that ensure data is properly disposed of when no longer needed?
Having well defined data retention limits and processes not only helps you meet UK GDPR requirements, it also reduces IT /digital costs and helps maintain better IT system performance.
Q7 - Are you confident that you have a consistent basis for prioritising activities, major projects and resources organisation wide that is directly linked back to your strategic priorities?
Any change – and particularly Major Projects - needs to be considered holistically and prioritised effectively alongside wider organisational and strategic objectives, particularly where resources – funding, people, time – are limited.
Q8 - Are you confident that you can get your new starters up and running quickly?
With increasing competition for key talent first impressions count and it’s important that new starters can get going quickly with you, particularly in terms of streamlined IT/HR on-boarding processes.
bottom of page