Gloucestershire Health and Care- NHS Trust logo
with you, for you
Responses > Senior Staffing Contact Details

Freedom of Information request Senior Staffing Contact Details

Response published: 13 October 2025
Staff Contact Details

FOI Request

Subject: Freedom of Information Request – Information Asset Ownership and Data Governance Roles Dear Sir/Madam, I am writing to you under the Freedom of Information Act 2000 to request the following information: Question/s to be Answered Under the FOIA I'd like to request the following information please for each organisation that operates under this FOI email (if the answers are different for each organisation/there are multiple organisations). 1. Name of organisation SIRO (Senior Information Risk Owner) or similar post (Chief Information Governance Officer etc), or responsible person for SIRO duties. There may be more than one SIRO. 2. Contact email of person or persons named in question 1. 3. Name of organisation DPO (Data Protection Officer) or responsible person for DPO duties. 4. Contact email of DPO. 5. Have you appointed, or do you plan on appointing or delegating the position of IAO to any employees? 6. Who is responsible for the leading IAO structure, I.E. the SIRO/’Lead’ IAO/Head of Governance/Head of Corporate Services etc? 7. Who is responsible for reviewing and implementing any training needs for the IAO’s? 8. In relation to questions 6 and 7, can we please be provided with the contact email address of the appropriate person? 9. Is IAO training delivered by an external third party or internally? 10.Are you or have you considered becoming ISO 27001 compliant or certified? If so when? 11.Following on from Q10, If so whom is/would be responsible for implementation or exploration of ISO 27001? (as in, the person/job title/email address) 12. Who is the person responsible for the physical security controls in your estate e.g. CCTV, Lighting, barriers, intrusion detection and fencing. 13. In relation to question 12 when was the effectiveness of these controls last reviewed? 14. In relation to question 12 can we please be provided with the name/job title and email address of this person? 15. Who would be the person responsible for the organisation of external training within your organisation. E.g. Head of learning and development / HR Manager. 16. Can you please provide the name/job title and email address for the person in question 15? I would prefer to receive this information in electronic format (e.g. Word or Excel), if available. If you require any clarification to process this request, please let me know as soon as possible. I understand that under the Act, I am entitled to a response within 20 working days of your receipt of this request. Thank you for your time and assistance.

FOI Response

Freedom of Information Request – Ref: GHC-08082025-775161

Thank you for your recent Freedom of Information request. Please find our response below.

You asked:

1. Name of organisation SIRO (Senior Information Risk Owner) or similar post (Chief Information Governance Officer etc), or responsible person for SIRO duties. There may be more than one SIRO.

Our response:

Sandra Betney

You asked:

2. Contact email of person or persons named in question 1.

Our response:

Sandra.betney@ghc.nhs.uk

You asked:

3. Name of organisation DPO (Data Protection Officer) or responsible person for DPO duties.

Our response:

Paul Griffith-Williams

You asked:

4. Contact email of DPO.

Our response:

Infogov@ghc.nhs.uk

You asked:

5. Have you appointed, or do you plan on appointing or delegating the position of IAO to any employees?

Our response:

Yes

You asked:

6. Who is responsible for the leading IAO structure, I.E. the SIRO/’Lead’ IAO/Head of Governance/Head of Corporate Services etc?

Our response:

SIRO / Head of Information Governance and Records

You asked:

7. Who is responsible for reviewing and implementing any training needs for the IAO’s?

Our response:

SIRO / Head of Information Governance and Records

You asked:

8. In relation to questions 6 and 7, can we please be provided with the contact email address of the appropriate person?

Our response:

Infogov@ghc.nhs.uk

You asked:

9. Is IAO training delivered by an external third party or internally?

Our response:

Internally.

You asked:

10.Are you or have you considered becoming ISO 27001 compliant or certified? If so when?

Our response:

No

You asked:

11.Following on from Q10, If so whom is/would be responsible for implementation or exploration of ISO 27001? (as in, the person/job title/email address)

Our response:

Not applicable.

You asked:

12. Who is the person responsible for the physical security controls in your estate e.g. CCTV, Lighting, barriers, intrusion detection and fencing.

Our response:

Head of Estates Operation.

You asked:

13. In relation to question 12 when was the effectiveness of these controls last reviewed?

Our response:

September 2025.

You asked:

14. In relation to question 12 can we please be provided with the name/job title and email address of this person?

Our response:

Chris Williams, Head of Estates and Operations, GHCestates@ghc.nhs.uk

You asked:

15. Who would be the person responsible for the organisation of external training within your organisation. E.g. Head of learning and development / HR Manager.

Our response:

The person to organise external training would be dependant on what was required and by which staff groups.

  • Departments may arrange their own training through department budgets
  • Training which is made available to staff on the learning management system (Care to Learn) may be funded from Trust Training Funds e.g. Trauma Informed Care, Motivational Interviewing  would be authorised by Associate Director Organisational Development & Learning and Development, Rehana Begum, or if for a specific audience (funded by externally received NHSE CPD funding for Nurses and AHP’s) it would be organised by Head of Practice Education and Widening Access, Lucy Blandford
  • External Training funded by externally received NHSE CPD funding for Nurses and AHP’s to meet specific service and / or individual requirements is organised by Head of Practice Education and Widening Access, Lucy Blandford
  • The Trust also secures external training commissioned by NHSE, contacts include Head of Practice Education and Widening Access, Lucy Blandford and Lead for Psychological Therapy, Liz Curtis
  • External training for Medical colleagues would be organised by Medical Education Manager, Rebecca Upton
  • External training is also secured through apprenticeships, this is overseen by the Apprenticeship and Widening Participation Lead, Rachael Bish

You asked:

16. Can you please provide the name/job title and email address for the person in question 15?

Our response:

Provided within the response to question 15.

learning@ghc.nhs.uk

clinicaleducation@ghc.nhs.uk

apprenticeships@ghc.nhs.uk

Next steps:

Should you have any queries in relation to our response, please do not hesitate to contact us. If you are unhappy with the response you have received in relation to your request and wish to ask us to review our response, you should write to:

Louise Moss
Head of Legal Services / Associate Director of Corporate Governance
c/o Gloucestershire Health and Care NHS Foundation Trust
Edward Jenner Court
1010 Pioneer Avenue
Gloucester Business Park
Brockworth, GL3 4AW
E-mail: louise.moss@ghc.nhs.uk

If you are not content with the outcome of any review, you may apply directly to the Information Commissioner’s Office (ICO) for further advice/guidance. Generally, the ICO will not consider your case unless you have exhausted your enquiries with the Trust which should include considering the use of the Trust’s formal complaints procedure. The ICO can be contacted at: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.