Information Governance Policy Writers

What are Information Governance Policies?

Information governance policies set out how organisations manage information securely, lawfully and effectively throughout its lifecycle.

Good information governance ensures that data is accurate, accessible, and protected from unauthorised use or loss. A clear policy supports compliance with legal obligations, reduces risk, and promotes responsible handling of both personal and organisational information.

What Do Information Governance Policies Cover?

An information governance policy typically includes:

• A framework for managing information in line with legal and regulatory requirements

• Roles and responsibilities of staff, managers and information governance leads

• Procedures for creating, storing, using, sharing and disposing of information

• Data quality standards to ensure accuracy and reliability

• Access control measures and permissions management

• Compliance with data protection legislation, including UK GDPR and the Data Protection Act 2018

• Information security measures to protect confidentiality, integrity and availability

• Training and awareness requirements for staff handling information

• Links to data protection, confidentiality, records management and IT security policies

A clear policy helps ensure that information is handled in a consistent, secure and transparent way, and that staff understand their responsibilities when working with data.

It also demonstrates compliance with UK data protection legislation, NHS Digital Data Security and Protection Toolkit requirements (for health organisations), and industry best practice standards such as ISO/IEC 27001.

By embedding strong information governance practices, organisations can build trust, improve efficiency, and safeguard sensitive information, while supporting operational and strategic decision-making.

Policy and Procedure Development
Creation of clear, practical policies that reflect current legislation, best practice, and your organisation’s values.

Review and Gap Analysis
A thorough review of your existing policies to identify areas for improvement and ensure they remain compliant and effective.

Tailored Solutions
All documents are written in accessible language and adapted to suit your company’s size, culture, and ways of working.

Implementation Support
Guidance to help you introduce and embed policies across your organisation so they are understood and applied confidently by all staff.

Legal Basis and Standards

Information governance is the umbrella discipline covering data protection, records management, information security, freedom of information (where applicable) and information sharing.

It draws on UK GDPR, the Data Protection Act 2018, the Freedom of Information Act 2000 (public bodies), the Public Records Act 1958, the NHS Records Management Code 2023, the Caldicott Principles in healthcare, and ISO 27001:2022 / ISO 30300 series for records.

Common Compliance Pitfalls

• Roles undefined across the SIRO, Caldicott Guardian, DPO and records manager functions.
• Information Asset Register absent or out of date.
• Information sharing agreements not in place for routine partner exchanges.
• No documented retention schedule, leading to indefinite retention and over-disclosure.
• FOI handling procedures absent in newly designated public-functions providers.

What Policy Pros Delivers

Our Information Governance Policy package includes the main policy, an Information Asset Register template, role descriptions for SIRO / Caldicott Guardian / DPO / records manager, an information sharing agreement template, a category-by-category retention schedule, an FOI procedure where applicable, and integration with data protection, security and records policies.