National Police Information Security practice requires the appointment of a Senior Information Risk Owner (SIRO).
It is accepted that PCCs with access to PNN and other police systems should adopt the convention of appointing a SIRO. This is to take overall responsibility for the management of information risk.
In Cleveland, the OPCC relies on joint corporate arrangements. This is in respect of communications and information technology. It does not operate bespoke hardware or software solutions.
In other words, the IT environment aligns with Cleveland Police. In those circumstances it makes sense to align SIRO arrangements with Cleveland Police.
This Decision Record approves the appointment of Deputy Chief Constable Iain Spittal for the purposes of SIRO responsibilities. This is in respect of the Office of the Police & Crime Commissioner.
In so doing, the PCC recognises that it would be unlawful to seek to effect a specific delegation to the DCC.
The PCC approves the arrangement under which the Chief of Staff (as his delegate on risk management matters and in respect of overall management and leadership of the OPCC) liaises closely.
This will be part of existing meeting structures with the DCC and Steria. It will be in relation to the management of information risk and information security risk.
This decision should be reflected in suitable terms in the appropriate section of the Joint Corporate Governance Framework as part of its next revision.
Decision 66 – 2014. Appointment of Senior Information Risk Owner (application, 90kB)