The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Review and approval

You have a review and approval process in place to make sure that policies and procedures are consistent and effective.

Ways to meet our expectations:

  • All policies and procedures follow an agreed format and style.
  • An appropriately senior staff member reviews and approves all new and existing policies and procedures.
  • Existing policies and procedures are reviewed in line with documented review dates, are up-to-date and fit for purpose.
  • You update policies and procedures without undue delay when they require changes, eg because of operational change, court or regulatory decisions or changes in regulatory guidance.
  • All policies, procedures and guidelines show document control information, including version number, owner, review date and change history.

Can you answer yes to the following questions?

  • Is the highest level of management aware of the strategic business plan for information governance?
  • Are policies consistent?
  • Is the approval process appropriate?