[Skip to content]


Information Governance Roles

The Senior Information Risk Officer (SIRO)

The SIRO is expected to understand how the strategic business goals of the CCG may be impacted by information risks and will report on these to the Information Governance Steering Group and Governing Body of the CCG, as appropriate.

The SIRO acts as an advocate for the appropriate management of information risks for the Governing Body and in internal discussions, and will provide written advice to the Chief Officer on the content of the Annual Governance Statement in regard to information risks.

The SIRO provides an essential role in ensuring that information risks are identified and actions taken to address them. They must also ensure that a framework for managing information incidents and risk are in place, used and understood. They will provide leadership and guidance to the organisations Information Asset Owners (IAO).

The Senior Information Risk Owner (SIRO) for NHS Ashford CCG is the Deputy Company Secretary.

The Caldicott Guardian

All NHS organisations are required to appoint a Caldicott Guardian to ensure compliance with patient data confidentiality. NHS Ashford CCG's Caldicott Guardian is Dr Navin Kumta, a GP member of the CCG's Governing Body, who is responsible for protecting the confidentiality of patients’ and service-users’ information and enabling appropriate information-sharing.

The Caldicott Guardian plays a key role in ensuring that NHS, Councils with Social Services responsibilities, and partner organisations, satisfy the highest practical standards for handling patient identifiable information. 

Acting as the 'conscience' of an organisation, the Guardian actively supports work to enable information sharing where it is appropriate to share, and advises on options for lawful and ethical processing of information.

The Data Protection Officer (DPO)

The Data Protection Officer (DPO) is responsible for ensuring that the CCG and its constituent business areas remain compliant at all times with data protection legislation, Privacy & Electronic Communications Regulations, Freedom of Information Act and the Environmental Information Regulations (information rights legislation).  

The DPO shall: lead on the provision of expert advice to the organisation on all matters concerning the information rights law, compliance, best practice and setting and maintaining standards. Provide a central point of contact for the information rights legislation both internally and with external stakeholders (including the office of the Information Commissioner).

The DPO reports to the highest level of management within the CCG. This ensures the DPO can act independently and without a conflict of interest.