HertsOne Ltd meets its information protection obligation to provide key leads for information risk management, information confidentiality, data protection and asset management.

Key Lead information is also published and publically available on the ODS Portal register at https://odsportal.hscic.gov.uk.

At HertsOne, Director Dr Mark Bevis is the Senior Information Risk Owner (SIRO).

NHS Digital guidelines say that the Senior Information Risk Owner (SIRO) should be an Executive Director or member of the Senior Management Board of an organisation with overall responsibility for an organisation's information risk policy.

The SIRO is accountable and responsible for information risk across the organisation. They ensure that everyone is aware of their personal responsibility to exercise good judgement, and to safeguard and share information appropriately.

At HertsOne, Director Dr Pani Sissou is the Caldicott Guardian.

NHS Digital guidelines say that the Caldicott Guardian should be a senior person responsible for protecting the confidentiality of people's health and care information and making sure it is used properly.

All NHS organisations and local authorities providing social services must have a Caldicott Guardian. 

At HertsOne, Georgina Smith is the Data Protection Officer (DPO).

NHS England guidelines say that the Data Protection Officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data protection officers are responsible for overseeing data protection strategy and implementation to advise on compliance with GDPR requirements.