Date of Request
06/08/25
Request
Dear Sir/Madam,
I am writing to you under the Freedom of Information Act 2000 to request the following information:
Question/s to be Answered Under the FOIA
I’d like to request the following information please for each organisation that operates under this FOI email (if the answers are different for each organisation/there are multiple organisations).
1. Name of organisation SIRO (Senior Information Risk Owner) or similar post (Chief Information Governance Officer etc), or responsible person for SIRO duties. There may be more than one SIRO.
2. Contact email of person or persons named in question 1.
3. Name of organisation DPO (Data Protection Officer) or responsible person for DPO duties.
4. Contact email of DPO.
5. Have you appointed, or do you plan on appointing or delegating the position of IAO to any employees?
6. Who is responsible for the leading IAO structure, I.E. the SIRO/’Lead’ IAO/Head of Governance/Head of Corporate Services etc?
7. Who is responsible for reviewing and implementing any training needs for the IAO’s?
8. In relation to questions 6 and 7, can we please be provided with the contact email address of the appropriate person?
9. Is IAO training delivered by an external third party or internally?
10.Are you or have you considered becoming ISO 27001 compliant or certified? If so when?
11.Following on from Q10, If so whom is/would be responsible for implementation or exploration of ISO 27001? (as in, the person/job title/email address)
12. Who is the person responsible for the physical security controls in your estate e.g. CCTV, Lighting, barriers, intrusion detection and fencing.
13. In relation to question 12 when was the effectiveness of these controls last reviewed?
14. In relation to question 12 can we please be provided with the name/job title and email address of this person?
15. Who would be the person responsible for the organisation of external training within your organisation. E.g. Head of learning and development / HR Manager.
16. Can you please provide the name/job title and email address for the person in question 15?
I would prefer to receive this information in electronic format (e.g. Word or Excel), if available.
If you require any clarification in order to process this request, please let me know as soon as possible. I understand that under the Act, I am entitled to a response within 20 working days of your receipt of this request.
Thank you for your time and assistance.
Yours faithfully
Response
Good Afternoon
Thank you for your request for incident information which has been received by Hereford and Worcester Fire and Rescue Service (the Service) and considered under the Freedom of Information Act (FOIA) 2000.
The Service can advise that the information is held and is as below:
1. Name of organisation SIRO (Senior Information Risk Owner) or similar post (Chief Information Governance Officer etc), or responsible person for SIRO duties. There may be more than one SIRO. Our Assistant Chief Fire Officer has SIRO responsibilities.
2. Contact email of person or persons named in question 1. The Service does not provide individual names or emails.
3. Name of organisation DPO (Data Protection Officer) or responsible person for DPO duties. We have appointed an external company, Aristi Ltd. as the DPO. info@aristi.co.uk
4. Contact email of DPO. info@aristi.co.uk
5. Have you appointed, or do you plan on appointing or delegating the position of IAO to any employees? The relevant heads of Depts are the Information Asset Owners.
6. Who is responsible for the leading IAO structure, I.E. the SIRO/’Lead’ IAO/Head of Governance/Head of Corporate Services etc? Our SIRO holds this responsibility.
7. Who is responsible for reviewing and implementing any training needs for the IAO’s? Information Governance Officer
8. In relation to questions 6 and 7, can we please be provided with the contact email address of the appropriate person? The Service does not provide individual names or emails.
9. Is IAO training delivered by an external third party or internally? Training is delivered internally.
10.Are you or have you considered becoming ISO 27001 compliant or certified? If so when? No
11.Following on from Q10, If so whom is/would be responsible for implementation or exploration of ISO 27001? (as in, the person/job title/email address) This post is held by our Information Governance Officer.
12. Who is the person responsible for the physical security controls in your estate e.g. CCTV, Lighting, barriers, intrusion detection and fencing. The day to day management falls under the OPCC Facilities Team remit who place and manage all routine servicing, inspections and reactive maintenance when necessary, aided by the Access Maintain system.
13. In relation to question 12 when was the effectiveness of these controls last reviewed? This is reviewed on a regular basis via regular service inspections managed by OPCC Facilities.
14. In relation to question 12 can we please be provided with the name/job title and email address of this person? The Service does not provide individual names or emails.
15. Who would be the person responsible for the organisation of external training within your organisation. E.g. Head of learning and development / HR Manager. The Service does not provide individual names or emails.
16. Can you please provide the name/job title and email address for the person in question 15? The Service does not provide individual names or emails.
If you have any questions regarding your request, please contact Information Governance and Committee Services on tel: 0345 122 4454 or by e-mail informationrequests@hwfire.org.uk
In any such communication please include the reference number assigned (see above).
Should you have any queries regarding the management of your request and wish to make either a complaint or request a review of the information disclosed to you, please do so by using Hereford & Worcester Fire and Rescue Service’s complaints system: Comments and Complaints.
Further information on Hereford & Worcester Fire and Rescue Service may be viewed at the Service’s website: www.hwfire.org.uk
Kind regards,
Information Governance Team