Information security

Good information management underpins good information security. This is increasingly the case in the digital era. The Government’s Security Policy Framework states:

‘The effective management of information is critical to safeguarding it. Government organisations will consider good information management practice as the basis for their information security arrangements.’

Having good policies, procedures and training in place, as well as the right technical environment, to understand and manage your information and data assets will therefore help you to  manage your security-related information risks. See our information management guidance and standards pages for general information management guidance. For guidance on information security, the following sources of information are useful.


Security Policy Framework, Cabinet Office

Cyber security

Your information can be at risk of cyber-attacks – find out more about the training we offer.

For further guidance on information assurance and cyber security see the following resources:

10 steps to cyber security, BIS

Information Risk Management Guidance, CESG

Security top tips, BCS

Cyber research and guides, CPNI

HoMER tool, CPNI

Cyber security and fraud, FSB

Data protection: principle 7

Risk and information risk guidance

Guidance and tools for assessing risks to your information.

The Orange Book, HM Treasury

Cyber risk management, a board level responsibility, BIS

Cyber risk, The Institute of Risk Management

Risk guides, The Institute of Risk Management

Role specific guidance

SIRO handbook, The National Archives – to request a copy please email

The National Archives is also responsible for delivering a (free) training and engagement programme for Senior Information Risk Owners (SIRO), Information Asset Owners (IAO), non-executive directors, board and audit committee members across the public sector. The programme is sponsored by the Office of Cyber Security and Information Assurance in the Cabinet Office and forms part of the National Cyber Security Programme.  Find out more about Information assurance and cyber security training.