IAR Year End Assurance 24-25

By submitting this form, I confirm the following:

I have performed the following relating to the above IARNs:
• Reviewed the access list to the asset(s) and removed any user who no longer required access
• Assessed the data on the Information Asset Register and checked it for accuracy
• Reviewed all information flows, data flows and updated where appropriate
• Reviewed the Information Asset Risk Assessment, and where appropriate developed actions plans and updated risk registers

The following are in place relating to the above IARNs:

Physical Security
• The work area protected by appropriate entry controls (including sign-in procedures) to ensure that only authorised personnel are allowed access
• Appropriate security (including locking doors, cabinets, etc., use of a lock box) is in place for the work area
• BSO’s clear desk and clear screen policy is fully implemented and monitored (refer to Sections 3 and 4 of this policy for further details)
• Where applicable, confidential waste disposal facilities are in place

Records Management (where applicable)
• All records (electronic and manual) are stored securely and access to them is controlled
• Processes are in place for referencing/titling/indexing and storing records
• A process is in place for the management of records in line with ‘GMGR’
• A register of records held securely offsite is maintained, if applicable