The SIRO is responsible for managing information risks and should be expected to understand how the strategic business goals of the organisation may be impacted by information risks.  The SIRO will act as an advocate for information risk and is an essential role in ensuring that identified information security risks are followed up and incidents managed and should have ownership of the Information Risk Policy and associated risk management strategy and processes. He / she will provide leadership and guidance to a number of Information Asset Owners.

The key responsibilities of the SIRO are to:

• Oversee the development of an Information Risk Policy, and a strategy for implementing the policy within the existing Information Governance framework.
• Take ownership of the risk assessment process for information and cyber security risk, including review of an annual information risk
• Review and agree action in respect of identified information risks.
• Ensure that the organisation’s approach to information risk is effective in terms of resource, commitment and execution and that this is communicated to all staff.
• Provide a focal point for the resolution and / or discussion of information risk issues. f. Ensure the board is adequately briefed on information risk issues.
• Ensure that all care systems