The ICO exists to empower you through information.

Governance structure

Share

Governance structure defines who is responsible and accountable for FOI within your public authority. The questions are a guide to some of the governance structures which are important for achieving good FOI performance.

Please be aware that each public authority is different and you need to decide what is appropriate for your specific organisation.

It is also important to ensure that the person completing this section has appropriate knowledge so that an accurate picture of the governance structure is gained.

All questions are mandatory.

Criteria

Good:

  • Strategic responsibility for Freedom of Information (FOI) and Environmental Information Regulations (EIR) is assigned to suitable individuals to ensure compliance with legal obligations: reporting structures demonstrate responsibility for overseeing compliance with FOI.
  • Universal understanding of who is responsible and accountable for FOI within the public authority. 
  • FOI compliance is a key consideration in risk and governance systems.
  • Compliance with the statutory timescales for handling requests is a key priority.
  • Leaders and managers routinely set targets for response times in line with statutory and recommended timescales.
  • The public authority actively supports the development of FOI goals, processes and resource allocation.

Adequate:

  • Strategic responsibility for FOI and EIR is assigned but responsibility for overseeing compliance is not demonstrated.
  • General understanding of who is responsible and accountable for FOI within the public authority.
  • FOI compliance is occasionally considered in risk and governance systems. 
  • Compliance with the statutory timescales for handling requests is recognised as important.
  • Leaders and managers occasionally set targets for response times in line with statutory and recommended timescales.
  • The public authority generally supports the development of FOI goals, processes and resource allocation.

Unsatisfactory:

  • Strategic responsibility for FOI and EIR is not assigned to suitable individuals
  • Little or no understanding of who is responsible and accountable for FOI within the public authority.
  • FOI compliance is rarely or never considered in risk and governance systems.
  • Compliance with the statutory timescales for handling requests is not seen as a priority.
  • Little or no setting of targets for response times.
  • Little or no support for FOI and compliance with legal obligations.

 

More information

Without a robust governance process for ensuring the effectiveness of FOI procedures, there is a risk that requests may not be responded to within the statutory timeframe, resulting in regulatory action or reputational damage. Mechanisms such as reporting structures and committees demonstrate responsibility for overseeing compliance with FOI.

More information

The public authority has a strategic owner with responsibility for ensuring it responds to FOI requests and reviews on time. The public authority has an operational owner with responsibility for ensuring FOI requests and reviews are responded to on time and who has support of senior management.

Policies and procedures define who has authority and decision-making accountability for responding to FOI requests and reviews on time.

More information

Decision makers and key people in the public authority demonstrate support for FOI legislation and promote a positive culture of compliance across the public authority.

More information

Senior managers set targets for each stage in the process of responding to a request to achieve response times, drive action and monitor compliance.

More information

Leaders are committed to assigning sufficient resources to the handling of requests for information to ensure responses and reviews are provided within the statutory and recommended timescales.