News & Views
plus
Home > Products > U Assure

Information is one of the most valuable assets of any organisation, but equally poses one of the greatest risks. Midlands and Lancashire Commissioning Support Unit (MLCSU) has developed the U Assure tool to bring together complex processes in a user-friendly system for addressing information risks.

As the Information Commissioner now has the power to fine organisations up to £500,000, it is essential to ensure your information risk management is robust and your organisation understands:

  • What information it holds
  • The purpose for which it is held
  • How it is stored
  • Whether it is shared with anyone
  • Your legal basis for having access to and sharing that information
  • Any associated risks

U Assure is an automated process for assessing information assets and providing robust risk assessments, saving valuable staff time. Our product provides a sophisticated tool to record what information is held, and automatically assess the risk, and whether that information is processed and any associated controls.

The system helps to ensure that Information Asset Owners take responsibility for identifying the significance of each asset and managing their risk scores on an ongoing basis.

The recorded information feeds into an overall report for the Senior Information Risk Owner (SIRO), providing an overview of the criticality of assets and information risk across your organisation.

Information assets are most vulnerable to data breaches when in transit. Our product provides a joined-up approach to asset management by helping you to identify an information asset, whether it is shared and why, and the method(s) by which it is shared or received, in an easy to follow, step-by-step process.

Going hand-in-hand with the system is our Information Risk Management training. This gives an overview of why good information security practice is so essential and also provides users with full system training. The training is tailored to your organisation’s needs and the team will work with you to ensure that the system and information risk work programme are implemented in a practical and concise way.

We also offer integrated modules for:

  • Supporting excellent business continuity – Assessing which of your information assets and systems are business-critical and therefore need to be afforded additional protection
  • Systems and software register – Understanding what systems and software are in use by your organisation and ensuring that the required controls are in place to secure the assets within. This is essential in light of the increasing threat of cyber security attacks
  • Contracts and agreements register – Where information goes outside of your organisation it is essential to have the right agreements in place and ensure that all governance requirements are included
  • Information security audits – Testing the information that you have recorded in the system about how your physical assets are kept. This will also take into account the potential threats to those assets, such as the security of the area where information is held
  • Confidentiality audits – Where assets are held electronically, or in a system, it is essential that audits are carried out to ensure the continued confidentiality of the information within. This will include looking at failed log-in attempts, user access and penetration testing
  • Future system development – U Assure is also in the process of being expanded to include equality impact assessments, business continuity, health and safety and risk management frameworks, providing you with a full corporate affairs solution