Week 2 - Information Governance Flashcards
Define Information Governance
- IG is about taking control of your information
Information Governance is the effective use and
management of information assets to
derive maximum value while minimising risk.
It encompasses all of the rules, regulations, legislation,
standards, and policies an organisation needs to comply
with (information)
Why do companies need information governance?
- They must comply with growing regulations
- They want to gain maximum value from business information to drive innovation, sales and customer service
- Getting IG wrong results in huge costs to business
What are the volumes and data types every company is exposed to?
- Structured and unstructured data
- ELectronic and paper documents
- Internal and External Data
- Digital, Video and Audio Data
What distinguishes structured and unstructured data?
• Structured data – Resides in fixed data fields. – It is held within systems such as corporate databases, ERPs, eCommerce and Online Transaction Processing (OLTP) applications.
• Unstructured data – Doesn’t follow a specified data format – Makes up the vast volume of data found in most companies, usually in documents such as presentations and emails.
What is BYOD and why does it affect companies?
Bring Your Own Device
Organisations have little control over corporate information so policies have to be introduced to control data
Data Vs Information
Data is a collection of facts and values which can be public, confidential or restricted whereas information is processed data and therefore is “knowledge”.
Name the three types of data
Public - eg policy details
Confidential - eg customer details
Restricted or private - Extra sensitive data eg passwords
What forms successful information governance? (Long answer)
• Control the information lifecycle]
• policies and procedures for information usage
• Know what/where information is held and in what format
• Know the quality of the information and its exact value
• Know how the information is stored and what is required to use it
• Know when the information can be archived and when it can be
‘defensibly’ be deleted
• Ensure information is available when and where it is required
• Ensure information is secure
• Compliance communication and training
• Be flexible and able to evolve
• continuous improvement
What constitutes information gov councils?
It should include direction from cross functional senior level staff (any areas affected by particular stages of the programme)
Rotating membership
Define Risk Management
“Risk management is a scientific approach to dealing with pure risks by anticipating possible accidental losses and designing and implementing procedures that minimize the occurrence of loss or the financial impact of the losses that do occur.” (Fundamentals of Risk and Insurance, Vaughan and Vaughan)
Who should the risk function work with?
Legal: mitigate info risk in terms of ligitation, regulation and damage to reputation
IT: disaster recovery and business continuity
Will also require visibility of how and where info is stored and how it is destroyed
How should Compliance be involved?
Compliance should be involved in determining how information is stored and accessed as well as the establishment of internal measurements and controls on information.
• It should manage enterprise audit processes as well as being equipped to deal with requests from regulators and auditors.
What is Records Management responsible for?
- How paper and electronic documents are categorised, managed and stored
Sets in place policies for capturing and managing new information.
Works closely with compliance to determine how info should be handled
How should IT be involved in IG?
- Effectively manage the volume of data affecting the organisation
- Optimising the use of IT and storage as well as removing redundant systems
What questions should any IG programme answer?
What information does the organisation have? • Why is the information needed? • Who should access and use the information? • How, when and where can they use the information? • What can they do with the information? • Where is the information stored? • How can the information be share with employees, partners and suppliers
What roles should an IG council inclue?
- Legal Officer
- Discovery/Litigation Officer
- Records Manager
- CIO
- Compliance Officer
- Impacted Line of Business Managers
- Chief Data Officer
- IT Security
Summarise the benefits of IG
By clearly understanding the value of the information you have and setting in place the processes and procedures to securely access it when and where required, an organisation can unlock the potential of their information in areas such as business analytics and collaboration.
Click here for all the benefits:
• https://www.infogovbasics.com/benefits/
Summarise the challenges of IG
- Every org is faced with an ever growing amount of information
- Have to comply with gov, finance and industry regs.
Click here for challenges:
https://www.infogovbasics.com/challenges/
Key areas of Regulation and Compliance to consider:
Archiving:
IG enables consistent archiving strategies. Content can be searchable from a single system.
Retention Management:
A retention policy should dictate how long info must be retained for and what to do with that information when the period expires. Generally remove ASAP.
Define Big Data
Exponential growth and availability of structured and unstructured data, data so large it can be difficult to process traditionally
What must companies consider when combining IG and Big Data?
Ensure that only meaningful information resides in corporate systems.
What are key questions to consider with Information Governance for Big Data
- How will information be stored, identified, collected and reviews?
- Which communication channels are used within the organisation ?
- How is this info created and communcated?
- What is the business value of the data?
- How does it operate in compliance with regulations and eDiscovery responsibilities?
- What info can be removed and the process for disposal?
What are the key areas of information governance for Big Data?
Retention Management Records Management Defensible Disposal Information Storage Social Media
What is a retention policy?
A retention policy dictates how long information must be retained anw hat to do when that period expires
Define Records Management
Records Management establishes records policy and practices that are applied according to the business value of the content to the organisation.
Why is Defensible Disposal helpful?
- Helps curb storage growth and costs and ensure regulatory compliance.
- Reduces duplication/redundancy
