Typically, there will be a core team that is focused on delivery. SAVVI does not recommend a Project Management methodology, but we do recommend that some key roles are represented within the core team. Some people may take on more than one role.
a sponsor who owns the delivery of outcomes
a project manager who can plan, direct, and monitor
a practitioner who is knowledgeable about the vulnerability
an Information Governance expert
a data scientist who can manipulate data
a business analyst who can propose improvements to business processes
a stakeholder manager who can manage relationships with partners
administrative support
The core team is likely to need to engage with a set of wider stakeholders such as
Information Asset Owners - those that control access to data assets
Support Services - those that provide services that can be offered as support
The core team should be able to report to an Accountable Governance Group, so that key decisions and definitions can be approved and adopted on behalf of the organisation.
This may be an existing group, such as a Management Team, or a group set up for this purpose. Either way, it should be empowered to represent the organisation.
It is particularly important that some key Information Governance roles are noted and communicated with, to ensure that they are able to contribute. These are likely to include
Senior information risk owner (SIRO)
Caldicott Guardian
Data Protection Office
Steps
1
Capture the Team Structure
This should include
the core team
stakeholders
an accountable governance group
Information Governance roles
using the SAVVI Project Structure Template, or a template that fits with the chosen project methodology. See