What is the difference between the role of Caldicott Guardian and the Senior Information Risk Owner (SIRO) role?
The Caldicott Guardian and SIRO are both concerned with ensuring NHS data is protected and is not stored, accessed or used inappropriately, However, in practice both roles are different – the Caldicott Guardian (ideally a Board member who is a senior professional) is primarily concerned with the protection of patient and service user information by ensuring it is shared only with those who have a justified need for it; and only shared through appropriately safeguarded routes. The SIRO role is proposed for a Board member or relevant equivalent, who is concerned with identifying and managing the information risks to the organisation and with its business partners. This will include oversight of the organisation’s information security incident reporting and response arrangements. The SIRO will be supported in their role by one or more Information Asset Owners who have assigned responsibility for the information assets of the organisation. Please note that in some smaller organisations the
