skip to content

The University's information asset register is at

A recording of a demonstration session held on 22 March 2018 is available at

Access is limited to certain groups of staff and is controlled using Raven.  The below guidance is aimed principally at Departmental Administrators and others who can view and update the register within individual Institutions.  Instructions on asking to become, and adding, an additional user are supplied below.


Details on how to use the information asset register, which assets to include, and what to record

To help the University comply with the General Data Protection Regulation (GDPR), you’ll need to enter details about information your Institution holds into the information asset register (IAR). You don’t need to upload the data itself.

Each entry you make in the IAR should correspond with an information asset held by the University. This is either:

  • a single set of information (digital or printed)

  • more than one set of information (digital or printed) that is used for the same purpose

For the IAR, ‘the University’ means:

  • Schools, Faculties or Departments

  • Non-School Institutions

  • Research Centres or Units

  • UAS Divisions

You shouldn’t record details of assets held by Colleges or used solely by students.


Selecting which information assets to include

As a minimum, you should record details of assets which both:

  • relate to the operational running of your institution and

  • contain personal data – information that can be used to identify a living person either directly or indirectly

You don’t need to include assets that contain centrally managed information, for example on CamSIS, CUFS or CHRIS, unless you have changed or manipulated the data.

A typical Institution might have information in some or all of the following categories:

  • databases about staff, students or other people

  • student files

  • HR files and folders which include personal data, for example job titles, grades, salaries

  • case files about users of a staff or student service

  • submitted work, exam scripts and other exam records where candidates are identifiable

  • departmental committee records

  • departmental health and safety records about individual staff

  • complaint files

You may have around 10 information assets to start with, but there is no restriction on the number you can include.


Adding details of academic research assets to the IAR

You can also add details about academic research information assets which contain personal data. It’s not compulsory, but it can help ensure the correct data security measures are in place.

You’ll need to add who the Principal Investigator is for that information.


What details to record about an asset

For each asset, record the following in the IAR (many of these can be selected from drop-down menus):

  • what the information is used for - for example teaching, student administration

  • who the personal data belongs to - for example staff and job applicants

  • what kind of personal data it is - for example employment records, financial records, visual images

  • who the information is shared with

  • how long the information will be kept for

  • the risks if the information in the asset was lost or compromised

  • where the information is stored and if it is paper, digital or both

  • how the information is kept secure

If you’re adding an asset which covers more than one set of information, record details for either:

  • all the sets of information - in the sections where you can select multiple responses

  • only your most important set of information - where you must give a single response


Request access to add to and view the register

You can request access to the IAR by emailing an IAR administrator in your Institution.

Most IAR administrators are Departmental Administrators (DA) or Heads of Department.


Give a person access to the IAR if you’re an IAR administrator

If you are an IAR administrator, you can add (and remove) additional IAR users within your Institution using Lookup:  

  1. In Lookup, search for the 'IAR' groups

  2. Select 'uis-iar-users'

  3. Go to Members > Edit

  4. Add the user > Save


Making an entry private or public

Register entries are visible to all users of the IAR by default. You can make any of your Institution's entries ‘private’ - only visible to other users within your Institution. The IAR uses Lookup to identify which Institutions a user belongs to.  

Central users of the IAR like the Information Compliance Office or UIS staff can also see private entries.



A recording of a demonstration session held on 22 March 2018 is available at



If you have any questions, email the UIS service desk.