Assurance

The Data Integration Platform (DIP) supports key industry data flows. To keep it reliable, secure and compliant, we run a structured assurance and risk management framework.

How we monitor DIP User compliance

This framework helps us:

  • identify and assess risks to DIP and its users
  • plan and track actions to reduce those risks
  • detect and investigate potential non‑compliance or breaches
  • communicate clearly with DIP Users about any issues

The DIP Manager is responsible for operating this framework and working with DIP Users to manage risks and resolve issues.

We monitor DIP User compliance in line with DSD003 – DIP Assurance and Reporting.

What DIP assurance covers

DIP assurance focuses on:

  • Compliance with DIP Rules – making sure DIP Users meet their obligations
  • Quality and reliability of data flows – ensuring data is delivered correctly and on time
  • System and operational risks – monitoring for issues that could affect performance, security or service
  • Follow‑up on issues – investigating potential breaches and making sure they are addressed

We use risk registers, operating plans, monitoring, and defined investigation processes to provide this assurance.

Who does what

DIP Manager

  • runs the assurance and risk management framework
  • maintains the risk register and risk operating plan
  • monitors for potential breaches and investigates issues
  • communicates with DIP Users about risks, findings and actions

DIP Users

  • comply with DIP Rules and related obligations
  • respond to DIP Manager requests and investigations
  • work with the DIP Manager to fix issues and implement improvements
  • manage their own service providers (for example, DIP Connection Providers)

Service providers (such as DIP Connection Providers)

  • support DIP Users in meeting their obligations
  • are managed commercially by the DIP User (the DIP Manager engages with the DIP User, not directly with the service provider)

How the framework is structured

Our approach is organised into three main areas:

Risk management

We identify and assess risks using the DIP Manager Risk Evaluation Document (DM RED) and plan actions to address them in the Risk Operating Plan (DM ROP).

Breach identification and investigation

We use defined reporting methods to identify potential breaches, assess them, and decide what action is needed.

Communication and follow‑up with DIP Users

When an issue is found, we follow a clear process for contacting DIP Users, requesting information, and tracking fixes.