informu solutions

informu logo

from information
to innovation

Informu Solutions Limited,
10 Evelyn Road,
Bath, BA1 1DA
[email protected]

Registered in England
#06972796
VAT #986636165

ROPA and Information Asset Register


Picture of box files on a shelf

We provide both a ROPA system (for maintaining Records of Processing Activities to support GDPR Article 30 compliance) and an Information Asset Register (IAR).

ROPA System

The cloud-based ROPA system allows you to:

  • Maintain your contact and other details as a data controller and (where relevant) data processor via Role descriptions.
  • Complete a Security questionnaire to describe the technical and organisational security measures in place.
  • Catalogue your processing Activities, including a record of purposes of the processing, categories of data subjects and categories of personal data, data sharing arrangements, envisaged time limits for erasure, and more.

You can go to this link to create an account - you get 2 weeks of trial use - then pricing starts at just £15 per month.

Further information on the ROPA system is here.

IAR System

The IAR system typically has a broader scope that just personal data and would catalogue information at a more detailed level (i.e. at the asset rather than activity level). There could be a number of assets that support an individual business activity.

Assets could be physical records, electronic content or system data, as well as for example details about applications and equipment. Each asset type might be profiled in different ways. We also have the concept of asset collections that group together related sets of information.
Informu IAR examples of Asset Types
The IAR can be used to maintain an audit trail over time of business events relating to assets. Within our Information Asset Register system you can establish a Business Classification Scheme, apply rules for retention periods, then tag your information assets to this scheme, with retention policies inherited.

The system can generate notifications of actions due for assets, based upon the retention policy to which they are tagged. The actions (such as disposition, scanning, data sharing or system migration events) can be recorded as "transactions" against an asset. Optional workflows could be used as well to seek approval and/or provide instructions to others involved in the process.

Informu IAR Asset Transaction screen

The system is essentially a framework for information asset management and can be configured to meet your needs. This includes the business classification scheme, retention policies, asset types, field names and lists, transaction types and reports. One typical use case is for the system to act as a retention policy console. More information can be read here.

The IAR is available on either a cloud basis or for installation within your own IT infrastructure.

Within the NHS, our services and software can help you meet the requirements of NHS IG Toolkit standard 604. It can also be deployed as an ISO 27001 Asset Register and inventory system.

Contact [email protected] to discuss options and pricing.

If you need help in determining information policies, procedures and retention rules (on a UK or international basis), we can also help.