Week 2 - Information Governance Flashcards
Define Information Governance
- IG is about taking control of your information
Information Governance is the effective use and
management of information assets to
derive maximum value while minimising risk.
It encompasses all of the rules, regulations, legislation,
standards, and policies an organisation needs to comply
with (information)
Why do companies need information governance?
- They must comply with growing regulations
- They want to gain maximum value from business information to drive innovation, sales and customer service
- Getting IG wrong results in huge costs to business
What are the volumes and data types every company is exposed to?
- Structured and unstructured data
- ELectronic and paper documents
- Internal and External Data
- Digital, Video and Audio Data
What distinguishes structured and unstructured data?
• Structured data – Resides in fixed data fields. – It is held within systems such as corporate databases, ERPs, eCommerce and Online Transaction Processing (OLTP) applications.
• Unstructured data – Doesn’t follow a specified data format – Makes up the vast volume of data found in most companies, usually in documents such as presentations and emails.
What is BYOD and why does it affect companies?
Bring Your Own Device
Organisations have little control over corporate information so policies have to be introduced to control data
Data Vs Information
Data is a collection of facts and values which can be public, confidential or restricted whereas information is processed data and therefore is “knowledge”.
Name the three types of data
Public - eg policy details
Confidential - eg customer details
Restricted or private - Extra sensitive data eg passwords
What forms successful information governance? (Long answer)
• Control the information lifecycle]
• policies and procedures for information usage
• Know what/where information is held and in what format
• Know the quality of the information and its exact value
• Know how the information is stored and what is required to use it
• Know when the information can be archived and when it can be
‘defensibly’ be deleted
• Ensure information is available when and where it is required
• Ensure information is secure
• Compliance communication and training
• Be flexible and able to evolve
• continuous improvement
What constitutes information gov councils?
It should include direction from cross functional senior level staff (any areas affected by particular stages of the programme)
Rotating membership
Define Risk Management
“Risk management is a scientific approach to dealing with pure risks by anticipating possible accidental losses and designing and implementing procedures that minimize the occurrence of loss or the financial impact of the losses that do occur.” (Fundamentals of Risk and Insurance, Vaughan and Vaughan)
Who should the risk function work with?
Legal: mitigate info risk in terms of ligitation, regulation and damage to reputation
IT: disaster recovery and business continuity
Will also require visibility of how and where info is stored and how it is destroyed
How should Compliance be involved?
Compliance should be involved in determining how information is stored and accessed as well as the establishment of internal measurements and controls on information.
• It should manage enterprise audit processes as well as being equipped to deal with requests from regulators and auditors.
What is Records Management responsible for?
- How paper and electronic documents are categorised, managed and stored
Sets in place policies for capturing and managing new information.
Works closely with compliance to determine how info should be handled
How should IT be involved in IG?
- Effectively manage the volume of data affecting the organisation
- Optimising the use of IT and storage as well as removing redundant systems
What questions should any IG programme answer?
What information does the organisation have? • Why is the information needed? • Who should access and use the information? • How, when and where can they use the information? • What can they do with the information? • Where is the information stored? • How can the information be share with employees, partners and suppliers