1.1 Information Governance - What the organisation does to ensure information risk is measured and managed to an acceptable level. Information governance requirements are defined by top management within the TRE implementing organisation. These will be draw from the context of the organisation, the work it performs and the nature of the data it processes. Gathering and monitoring these requirements is a key process for ensuring the TRE aligns with the requirements. This requirements processes will trigger the control process which decides actions taken to control risk. Control implementation requires prioritisation and resourcing, resources are allocated through the resource allocation process. The TRE top management must have control of adequate resources to control risk and suitable authority to act. Quality data is a key input to measuring and improving the effectiveness of the TRE in relation to governance, risk and compliance.