ARMA

Question 1

Areas to Monitor

Answer 1

• Assessments or audits of internal patterns and practices
• Changes in the legal and regulatory environment
• Benchmarking the program according to objective standards
• Technology developent

Question 2

Internal Factors (business drivers) Examples

Answer 2

• Specific technology adoption within the organization: BYOD, remote access, IoT,impact on IG
• Internal business requirements that impact how the organization conducts business: It is important to understand how information flows throughout the organization: know and understand business preocesses to id info handling reqs and ensure those req can be met
• Internal information-handling practices: are interal tools for manageing info in various formats, how do different dep. or business entities share, ways to analze business processes to understand the info access needs of each dept.
• Org strategic plans and key initiatives: how info used, what opportunities, gaps, how info stored
• Internal resource allocations or limitations: standard accounting and budgeting methods, elements of cost feasibilities studies, ROI

Question 3

External Business drivers

Answer 3

• Legal and Regulatory req. unique to business
• litigation patterns in an organization
• Regulation or legistlation that results from the industry the org is part of
• Industry standards and codes of conduct
• technolgy trends and impact on org

Question 4

Risk Assessment steps TLPCR

Answer 4

• profile types of risk
• assess level of risk
• assess probability of occurrence
• describe potential consequences
• develop remediation plans and prioritize actions

Question 5

Risk Profile

Answer 5

• Risk Factors
• Levels of Risk
• Potential Consequences
• Records Collections
• acceptable Risk

Question 6

Developing IG Strategic Plan

Answer 6

• Align Resources to Develop the plan
• Analyze Internal and External Drivers
• Develop Strategic Plan

Question 7

Developing IG Framework

Answer 7

• Identify and evaluate applicable standards
• Analyze policies and Procedures
• Establish Enterprise IG policies and Standards
• Develop Communication and Training
• Develop Auditing and Enforcement Mechanisms

Question 8

Analyze policies and procedure

Answer 8

Think can my lawyer defend it.

• Due diligence you followed to id potentally relevant standards, guidelines, req
• critera you used to decide which fo the above organization should follow
• Rationale for establishing the above criteria
• Process you followed to obtain support from upper management
• Communication process you followed to ensure that all relevant parties were able to participate

Question 9

Establishing enterprise IG policies and standards

Answer 9

Based on the gap analysis begin developing policies and standards to be used

• Key part developing internal req. for assigning authority levels, roles, and responsibilities for IG
• Id training and knowldged needed
• be familiar with how job descripitons are develop
• Training should be specific to role

Question 10

Develop auditing and enforcement mechanisms

Answer 10

critera and metrics should be created and audits against those meterics. T
Auditing should be iterative building on itself
Audits are used to effect accountability
keep corporate culter in mind

Question 11

Establishing IG Program

Answer 11

• Establish prog scope, Mandate, reporting
• Assign Accountabilities
• Implement the IG Program
• Manage the IG program

Question 12

Establish program scope, mandate and reporting

Answer 12

• must engage executive leaders to advocate for changes in org. policy and the allocation of resources
• use appropriate methods of communication
• use facts and data to substantial your statements about the program, industry or both
• business case

Question 13

Generally Accepted Recordkeeping principles

AT IP CARD

Answer 13

• accountability
• Transparency
• integrity
• protection
• compliance
• availability
• retention
• disposition

Question 14

BUsiness case for IG

Answer 14

*Id issues you seek to solve
*Description of ho IG is related to the issue and is part of the solution
*quanitifcation of the problem in terms of cost and risk to org
*description of solution
*estimate costs money time equip
ID potential funding sources and methods
*defined accountability for the new process or prog
*metrics by which you will judge success
ROI

Question 15

Factors to modify IG program

Answer 15

• changed or new laws and regulations
• reorganization of the business
• mergers, acquisitions, or divestitures
• New LInes of business
• Employees’ recommendations for improvements
• employees’ resistance to change
• new technology adoption
• Change in competitive landscape

Question 16

Establishing IG governance integration and oversight

Answer 16

• Define the current state (culture, systems, process, req)

* identifying benchmarks

Question 17

Algining Tech with IG framework

Answer 17

• know how tech is used
• evaluate Hardwar, software, and data life cycles
• algign IG with IT strategy and operations

Question 18

Auditing stages 7

Answer 18

• Gain stakeholder support and involvement in the audit process
• establish meterics and will be used to audit for compliance with IG processes
  3. Determine frequency of audits and indiv ivolved
  4. conduct the audits according to the defined schedule
  5. Analyze audit results and determine required follow-up actions
  6. present audit findings and recommendations to stakeholders
  7. Update risk mitigation plans and modify policies and procedures to address needed improvments.