U Assure |

Information is one of the most valuable assets of any organisation, but equally poses one of the greatest risks. Midlands and Lancashire Commissioning Support Unit (MLCSU) has developed the U Assure tool to bring together complex processes in a user-friendly system for addressing information risks.

As the Information Commissioner now has the power to fine organisations up to £500,000, it is essential to ensure your information risk management is robust and your organisation understands:

What information it holds
The purpose for which it is held
How it is stored
Whether it is shared with anyone
Your legal basis for having access to and sharing that information
Any associated risks

U Assure is an automated process for assessing information assets and providing robust risk assessments, saving valuable staff time. Our product provides a sophisticated tool to record what information is held, and automatically assess the risk, and whether that information is processed and any associated controls.

The system helps to ensure that Information Asset Owners take responsibility for identifying the significance of each asset and managing their risk scores on an ongoing basis.

The recorded information feeds into an overall report for the Senior Information Risk Owner (SIRO), providing an overview of the criticality of assets and information risk across your organisation.

Information assets are most vulnerable to data breaches when in transit. Our product provides a joined-up approach to asset management by helping you to identify an information asset, whether it is shared and why, and the method(s) by which it is shared or received, in an easy to follow, step-by-step process.

Going hand-in-hand with the system is our Information Risk Management training. This gives an overview of why good information security practice is so essential and also provides users with full system training. The training is tailored to your organisation’s needs and the team will work with you to ensure that the system and information risk work programme are implemented in a practical and concise way.

We also offer integrated modules for:

Supporting excellent business continuity – Assessing which of your information assets and systems are business-critical and therefore need to be afforded additional protection
Systems and software register – Understanding what systems and software are in use by your organisation and ensuring that the required controls are in place to secure the assets within. This is essential in light of the increasing threat of cyber security attacks
Contracts and agreements register – Where information goes outside of your organisation it is essential to have the right agreements in place and ensure that all governance requirements are included
Information security audits – Testing the information that you have recorded in the system about how your physical assets are kept. This will also take into account the potential threats to those assets, such as the security of the area where information is held
Confidentiality audits – Where assets are held electronically, or in a system, it is essential that audits are carried out to ensure the continued confidentiality of the information within. This will include looking at failed log-in attempts, user access and penetration testing
Future system development – U Assure is also in the process of being expanded to include equality impact assessments, business continuity, health and safety and risk management frameworks, providing you with a full corporate affairs solution