SAVVI is about using data to find and support vulnerable people. This SAVVI Information Governance Framework picks out the steps to ensure that the use of personal data, in the UK, is lawful, ethical and transparent.
This Framework is a companion to the . Throughout the , there are activities which refer to the reuse and sharing or personal data. The details of how to handle these activities then point into this Framework.
We have written this Framework to
inform non IG professionals about the steps that they should be taking as they use data for a vulnerability initiative
support IG professionals to engage, and take part.
We hope that it encourages an early dialogue about IG issues and opportunities. We’ll keep this Framework up to date as Information Governance guidance in the UK evolves.

Applying Information Governance to the SAVVI Process

SAVVI is about the smart use of data to find, assess and support vulnerable people. Throughout each of these phases, we need to handle data lawfully, ethically, and transparently.
During the phase, we establish the remit to carry out a vulnerability initiative.
During the
phase, existing personal data from many sources is reused and matched, to generate a prioritised Cohort of people with potential Needs. The original data may have been collected for a different Purpose, and we can't ask for people's consent to use their data until we have found them.
The phase collects new data from those at risk, and other professionals, and combines that with existing operational data to give a 'single-view' and arrive at a set of assessed Needs and Circumstances.
The phase engages with support services across partner organisations. Here, necessary data is shared with partners, and Actions and Outcomes can be tracked.
The phase brings data into Dashboards and populates Outcomes Frameworks
The phase reviews the future use of data by analysing the success of Risk Models and Referrals


This SAVVI Information Governance Framework builds on the :
Data protection law is an enabler for fair and proportionate data sharing, rather than a blocker.
The accountability principle means that Controllers / Processors are responsible for compliance, and must be able to demonstrate that compliance.
Controllers / Processors must share personal data fairly and transparently.
Controllers / Processor must identify at least one lawful basis for sharing data before they start any sharing
Controllers must process personal data securely, with appropriate organisational and technical measures in place

A Consistent Approach

We've built this framework by referring to definitive sources from authoritative organisations. For each step, we give a link to where we found the guidance, and where you can find out more.
The SAVVI IG Framework refers to ...

How to use the SAVVI IG Framework

The SAVVI IG Framework can either be read from start to finish, or parts can be reviewed as linked from the .


The Framework contains Activities for

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
) instead.