Please upgrade your browser

For the best experience, you should upgrade your browser. Visit our accessibility page to view a list of supported browsers along with links to download the latest version.

Information Security Working Group (ISWG)

The Information Security Working Group is accountable for information risk, reviewing and approving policies and compliance matters such as ensuring the College meets legislative and regulatory requirements.

This Committee reports to the Senior Management Team


  • Chief Operating Officer (Chair);
  • Head of ICT;
  • Head of Digital Delivery;
  • Data Protection Officer;
  • Information Security Manager;
  • Registrar
  • HR Business Partner;
  • Head of Financial Accounting.

Terms of reference


  • To personally and collectively demonstrate a commitment to and visible leadership for information security;
  • Review and approve updated information security and policies and processes;
  • Raise awareness and promote practical tools to increase individual and organisational awareness and good practice in handling and securing information - including via remote access and non-RCA devices
  • Ensure the RCA has an effective and appropriate information security program in place by reviewing implemented and planned changes and projects;
  • Review quarterly and annual reports (e.g. significant data security breaches and effectiveness of remediation actions);
  • Oversee risk register by reviewing information security and data protection risks (demonstrating current cyber and data security exposure of the RCA);
  • Provide appropriate levels of support and advocacy  for information security initiatives;
  • Assist in the review and response to information security audits and track progress on actions.


The group is accountable to the SMT. Issues and risks deemed significant that cannot be addressed by the group will be escalated by the chair.


The group will review progress and, as necessary these the terms of reference, termly with the objective of securing rapid progress on policies, tools and compliance to enable the group to move from supporting delivery towards governance and oversight.


This committee approves and reviews Information Security Policies


  • The group will meet regularly until the programme of work is delivered;
  • An agenda will be supplied prior to every meeting;
  • Actions will be recorded and distributed after the meeting;
  • The group will use Basecamp to rapidly iterate and improve documents and resources and engage the groups and other stakeholders;
  • The group will actively promote and consider ways to highlight and build engagement with new policies and resources - including on the intranet - both as a group and within the functions each member represents.

For more information or to provide feedback please email 

[email protected]

This page was last updated on 

21 May 2020

This page is reviewed and updated every 6 months.