Assurance helps organisations improve their management of personal data and their compliance with the Data Protection Act. We achieve this by conducting audits, advisory visits and workshops with organisations and by reports providing feedback and recommendations where appropriate. We also summarise the findings and trends from our audit reports in sectoral outcome reports, and publicise these for the benefit of information governance professionals, auditors, representative bodies and others.

Our work

We have a busy programme of work and provide expert advice to a wide variety of organisations from councils, NHS bodies, police forces and large Government departments to charities, finance companies and some of the biggest names in business.

We identify and talk to organisations that we feel would benefit from one of our visits and then hold discussions with the client to plan, schedule and scope out the engagement, taking into consideration such aspects as governance, personal data sharing, training, IT security and records management.

We review an organisation's data protection policies and procedures before spending time at the client site. Here we observe practices, collect evidence and talk to people at every level to review and observe how their processes work first hand.

Once the visit is complete, we write a comprehensive report that outlines areas of good practice, or areas where the organisation can improve data protection practices and make recommendations where necessary. With permission, a summary of the report is then published on the ICO website for all to see.

What skills do we look for?

These are not your typical auditing jobs. Our people have different backgrounds, skills and experiences but they share important skills and qualities. These include:

  • A thorough approach and good attention to detail;
  • The ability to translate legislation into practical application;
  • A good understanding of business processes;
  • Excellent analytical and interpersonal skills;
  • The ability to build good working relationships with a diverse range of people;
  • A passion for ensuring that personal information is handled properly and procedures are followed correctly;
  • The willingness to work towards relevant professional qualifications;
  • Good communication skills and the ability to manage a heavy workload; and
  • An ability to work autonomously using their own initiative to resolve problems, particularly when working away from the office.


Lead Auditors also need a flexible approach and the ability to prioritise work and write high quality reports to tight deadlines. They are required to travel nationally and regularly stay away from home 2/3 nights every 6/8 weeks. 

Managers in Assurance must have the vision to drive improvements, grow our service and co-ordinate a variety of activities.

Owing to the nature of our work, and the organisations we work with, security clearance may be required.

Roles in Assurance 

The department is led by the Head of Assurance .

Group Managers
Our Audit Group Managers work with the Head of Assurance to shape the future direction of the team and programme manage a busy pipeline of work. The role involves directly leading major audits and identifying and working with larger clients, but the main focus is very much on management, setting strategies, inspiring the team and driving quality and improvements.

Team Managers

Assurance Team Managers plan and oversee audits for a variety of clients. This involves developing and managing audit teams to ensure that we meet deadlines and achieve quality standards at every stage; continually improving the way we work and building relationships with clients at an executive level. Team Managers are also expected to be alert to opportunities to promote good practice, such as such as identifying, leading and planning workshops and presentations aimed at key stakeholder groups. Team Managers also quality assure all our reports.

Lead Auditors
Lead Auditors are very much the ‘face’ of the ICO for our stakeholders, their knowledge, experience and credibility are essential in building a successful relationship. These are not 9-5 roles. Lead Auditors spend a third of their time visiting client sites, talking to people at all levels and observing personal data processes in action. They then draft reports and conduct follow up activity to discover how much of a difference their recommendations make. They are also involved in other key activities, such as external workshops and presentations to promote good practice. These roles require occasional early starts, national travel and regular short overnight stays away from home. In return, Lead Auditors have access to flexible working patterns, receive quality training and gain an excellent understanding of information governance processes and procedures, across a range of organisations and sectors.