Category: Strategy and architecture

Subcategory: Security and privacy

Information and data compliance - PEDP

Implementing and promoting compliance with information and data management legislation.

Levels:

Level 4:
Description: Supports the implementation of policy, standards and guidelines related to information and data legislation and compliance requirements. Monitors the implementation of effective controls for internal delegation, audit and control relating to information management. Reports on the consolidated status of information controls to inform effective decision-making. Identifies risks around the use of information and data that is subject to specific legislation. Recommends remediation actions as required.

Level 5:
Description: Contributes to policies, standards and guidelines for information and data compliance. Provides authoritative advice on implementing compliance controls in products, services and systems. Investigates breaches and recommends control improvements. Maintains an inventory of legislated data, conducts risk assessments and specifies necessary changes. Ensures formal requests and complaints are handled following procedures. Prepares and submits reports to relevant authorities, ensuring all compliance requirements are met.

Level 6:
Description: Develops strategies for compliance with information and data legislation. Ensures that the policy and standards for compliance with information and data legislation are fit for purpose, current and correctly implemented. Acts as the organisation's contact for the regulatory authorities. Operates as a focus for information and data legislation for the organisation, working with specialists to provide authoritative advice and guidance.