Skip to content
Information Access Request Policy & Procedure

Information Access Request Policy & Procedure

This policy is intended to cover requests for information from external sources about the Nisa organisation and its activities.


This policy is intended to cover requests for information from external sources about the Nisa organisation and its activities. External sources include but are not limited to the general public, all types of media organisations and learning institutions. This policy is not intended to cover information requests which departments within the Nisa organisation give as part of normal day to day business activities such as dealings with suppliers, members (including forum) and government organisations.

If an employee is unsure as to whether the information request falls into one of the above categories then the procedure laid out within this policy must be followed.
If the request possibly falls into the category of a Subject Access Request i.e. information held by Nisa about an individual or an organisation then this is covered by the Subject Access Request Policy.

Sources of Requests

There are a number of ways a request for information may be received:

  • Telephone
  • Social Media e.g. Facebook, Twitter, Instagram, Linkedin
  • Company website
  • By post
  • Face to face conversations

Each request for information however received must be dealt with by the procedure below.

Procedure for Dealing Information Requests

  1. Request received by employee. The employee must state that a form is required and that the request may incur a small fee, if it is a Subject Access Request (£10 in accordance with the Data Protection Act (DPA)) and also the timescales involved. These will be clearly stated on the external website and can to be up to 40 calendar days from receipt of the request. It may be easier to refer the person requesting the information to the external website and the form available for making such requests.
  2. Standard Request Form filled in by the employee outlining (if not using the external website)
    a. Who requested the information?
    b. Contact details
    c. What information is required?
    d. Why the information is required?
    e. When is the information required?
    (In the case of a request from the company website this will already be completed by the person requiring the information.
  3. Completed Standard Request Form is sent to the PR Department. This request is then logged by PR and the information sought. This may then involve other departments who hold the relevant information. In the event of the information not being available or if it is considered not appropriate, the PR department will inform the requester that this is the case and state the reasons why.

The DPA contains a number of exemptions to our duty to disclose information and legal advice should be sought if it is considered that this might apply. An example of exemption is information covered by legal professional privilege.