Who is the training for?


Knowledge Exchange Sessions

We run small roundtable discussions supported by experts from Cabinet Office, CESG and CPNI. They aim to provide those with a role in managing information and cyber risk at the most senior level with the knowledge and understanding to challenge their organisations’ approach to information risk. They are also a valuable opportunity to gain new insights from colleagues and experts and share best practices and experiences. Book your place.


Training workshops

The workshops are designed for larger groups of IAOs from a range of organisations and cover a variety of topics including: understanding the legal context, the roles and responsibilities of an IAO, the characteristics of an information asset, an information asset register, awareness of risks and threats and how to mitigate them, and managing an information loss incident. Book your place.

Roundtable discussions

We have designed the roundtables specifically for those IAOs who have considerable experience in the role and understand its nature, responsibilities and how to fulfil them. The sessions focus on sharing of experiences and best practices and provide a valuable opportunity to gain new insights from colleagues at CPNI, CESG and Cabinet Office. Book your place.

Tailored training workshops

In addition to the above, where numbers permit, we also offer to come to organisations and deliver training to the organisation’s IAOs in house. These workshops are adapted to your organisation’s needs and the content is agreed beforehand. Email us if you are interested in a tailored workshop.

Management board and audit committees

Management board briefings

These short and concise awareness sessions provide practical advice on risk mitigation and how to challenge existing information risk policies. The briefing takes approximately 30 minutes and can be delivered during a regular board and audit committee meeting. Alternatively, we can provide one-to-one training to individual board and audit committee members. Email us if you are interested in a briefing.

All staff

Briefing sessions

Throughout the year we run briefing sessions on hot topics and pertinent subjects within information assurance and cyber security. Previous topics have included: responding to a cyber-attack; fraud; information handling; insider threats; and the threat landscape. We have featured speakers from IBM, CPNI, foreign governments and Facebook.

See what’s coming up.

E-learning courses – Responsible for Information

We have created this package specifically to provide a valuable contextual overview and basic grounding in information assurance, roles and responsibilities, information risk management and the first steps in managing an information loss incident for all roles. The course comes in a variety of formats: for IAOs, SIROs, management board members and general users.

Access the course via Civil Service Learning. For those public and third sector organisations and associated delivery partners who cannot subscribe to CSL, please email us and we will provide further guidance on how to access the RFI e-learning course.

RFI is publicly available for use by SMEs. This course is based on the RFI e-learning course used by central government, with a number of updates to suit the needs of SME employers.


We offer tailored training workshops and management board briefings to private companies who work with government organisations, however there is a fee associated with these sessions dependent on what you require. Email us if you are interested in a workshop or briefing.

What we cover

We are able to cover the following topics in our tailored training sessions:

Information assurance and information governance topics:

Roles and responsibilities (IAO and SIRO)

  • background
  • primary characteristics
  • main responsibilities
  • information asset reporting
  • risk reporting
  • incident management

Information assurance

  • what is information assurance?
  • what are information assets?
  • things to consider

Policy and legal context

Information risk management

  • what is information risk management?
  • what is information risk appetite?
  • identifying risks

Data protection

Information asset registers

Security topics

Cyber security

  • definition
  • crime
  • threats

Technical risks

Insider threat