Responsibility delegation#

This task is the responsibility of Project Team.

Now we know who the emergency contacts are for your project, you may want to consider whether they are happy to delegate classification responsibilities to other members of the project.

Background#

There are a number of different responsibilities that come with the different roles for a Turing project using a TRE. One of the key responsibilities for the Data Provider Representative (DPR), Principal Investigator (PI) and Referee concern data ingress and data egress - determining the sensitivity of data coming in to, and leaving, the environment. For each project we require Project classification for all ingress and egress.

Depending on the nature of what is being ingressed and egressed, and how frequently this is happening, the project team may want to consider whether the PI, DPR, or Referee want to delegate responsibility for these decisions to another named person. Whilst this may make the ingress/egress process more efficient, project teams should carefully consider whether this is the right course of action - delegation of important responsibilities like this can reduce the security of the project. For instance, delegating classification responsibilities to a single person may all possible security concerns are not fully considered during the classification process.

If the project team determines that some form of delegation would be appropriate, these instructions lay out how to assign the delegation to a named person.

Warning

  • Delegating project responsibilities in no way changes the underlying data handling responsibilities, for instance who is the controller and processor of the data.

  • Delegating these responsibilities relates to carrying out ingress and egress classification only.

Process#

  1. In your SharePoint folder, go to project-initiation -> Turing TRE Project Initialisation

  2. Update the Data Ingress and Data Egress tables, and add or delete rows as required. For each row of the table determine:

    • Category: The nature of what will be ingressed or egressed - for instance datasets, code, images or more.

    • Person to delegate classification to: For each role, fill in the information of who they are delegating classification responsibility to

      • If they are not delegating, write Not delegating classification responsibility

      • If they are delegating to a different role as laid out in the Emergency contacts (for instance PI to DPR, PM or Referee), write the name of the role, for instance Principal Investigator

      • If they are delegating to an as yet unnamed person, write:

        • Name: The name of the person

        • Role: The role of the person

        • Email: The contact email of the person

  3. Add or delete as many table rows as required.