Week 2 - Information Governance

Question 1

Define Information Governance

Answer 1

• IG is about taking control of your information

Information Governance is the effective use and
management of information assets to
derive maximum value while minimising risk.
It encompasses all of the rules, regulations, legislation,
standards, and policies an organisation needs to comply
with (information)

Question 2

Why do companies need information governance?

Answer 2

• They must comply with growing regulations
• They want to gain maximum value from business information to drive innovation, sales and customer service
• Getting IG wrong results in huge costs to business

Question 3

What are the volumes and data types every company is exposed to?

Answer 3

• Structured and unstructured data
• ELectronic and paper documents
• Internal and External Data
• Digital, Video and Audio Data

Question 4

What distinguishes structured and unstructured data?

Answer 4

• Structured data
– Resides in fixed data fields.
– It is held within systems such as corporate databases,
ERPs, eCommerce and Online Transaction
Processing (OLTP) applications.

• Unstructured data
– Doesn’t follow a specified data format
– Makes up the vast volume of data found in most
companies, usually in documents such as
presentations and emails.

Question 5

What is BYOD and why does it affect companies?

Answer 5

Bring Your Own Device

Organisations have little control over corporate information so policies have to be introduced to control data

Question 6

Data Vs Information

Answer 6

Data is a collection of facts and values which can be public, confidential or restricted whereas information is processed data and therefore is “knowledge”.

Question 7

Name the three types of data

Answer 7

Public - eg policy details

Confidential - eg customer details

Restricted or private - Extra sensitive data eg passwords

Question 8

What forms successful information governance? (Long answer)

Answer 8

• Control the information lifecycle]
• policies and procedures for information usage
• Know what/where information is held and in what format
• Know the quality of the information and its exact value
• Know how the information is stored and what is required to use it
• Know when the information can be archived and when it can be
‘defensibly’ be deleted
• Ensure information is available when and where it is required
• Ensure information is secure
• Compliance communication and training
• Be flexible and able to evolve
• continuous improvement

Question 9

What constitutes information gov councils?

Answer 9

It should include direction from cross functional senior level staff (any areas affected by particular stages of the programme)

Rotating membership

Question 10

Define Risk Management

Answer 10

“Risk management is a scientific approach to dealing with pure risks by anticipating possible accidental losses and designing and implementing procedures that minimize the occurrence of loss or the financial impact of the losses that do occur.” (Fundamentals of Risk and Insurance, Vaughan and Vaughan)

Question 11

Who should the risk function work with?

Answer 11

Legal: mitigate info risk in terms of ligitation, regulation and damage to reputation

IT: disaster recovery and business continuity

Will also require visibility of how and where info is stored and how it is destroyed

Question 12

How should Compliance be involved?

Answer 12

Compliance should be involved in determining how information is stored and accessed as well as the establishment of internal measurements and controls on information.
• It should manage enterprise audit processes as well as being equipped to deal with requests from regulators and auditors.

Question 13

What is Records Management responsible for?

Answer 13

• How paper and electronic documents are categorised, managed and stored

Sets in place policies for capturing and managing new information.

Works closely with compliance to determine how info should be handled

Question 14

How should IT be involved in IG?

Answer 14

• Effectively manage the volume of data affecting the organisation
• Optimising the use of IT and storage as well as removing redundant systems

Question 15

What questions should any IG programme answer?

Answer 15

What information does the organisation
have?
• Why is the information needed?
• Who should access and use the
information?
• How, when and where can they use the
information?
• What can they do with the information?
• Where is the information stored?
• How can the information be share with
employees, partners and suppliers

Question 16

What roles should an IG council inclue?

Answer 16

• Legal Officer
• Discovery/Litigation Officer
• Records Manager
• CIO
• Compliance Officer
• Impacted Line of Business Managers
• Chief Data Officer
• IT Security

Question 17

Summarise the benefits of IG

Answer 17

By clearly understanding the value of the information you have and setting in place the processes and procedures to securely access it when and where required, an organisation can unlock the potential of their information in areas such as business analytics and collaboration.

Click here for all the benefits:
• https://www.infogovbasics.com/benefits/

Question 18

Summarise the challenges of IG

Answer 18

• Every org is faced with an ever growing amount of information
• Have to comply with gov, finance and industry regs.

Click here for challenges:
https://www.infogovbasics.com/challenges/

Question 19

Key areas of Regulation and Compliance to consider:

Answer 19

Archiving:
IG enables consistent archiving strategies. Content can be searchable from a single system.

Retention Management:
A retention policy should dictate how long info must be retained for and what to do with that information when the period expires. Generally remove ASAP.

Question 20

Define Big Data

Answer 20

Exponential growth and availability of structured and unstructured data, data so large it can be difficult to process traditionally

Question 21

What must companies consider when combining IG and Big Data?

Answer 21

Ensure that only meaningful information resides in corporate systems.

Question 22

What are key questions to consider with Information Governance for Big Data

Answer 22

• How will information be stored, identified, collected and reviews?
• Which communication channels are used within the organisation ?
• How is this info created and communcated?
• What is the business value of the data?
• How does it operate in compliance with regulations and eDiscovery responsibilities?
• What info can be removed and the process for disposal?

Question 23

What are the key areas of information governance for Big Data?

Answer 23

Retention Management
Records Management
Defensible Disposal
Information Storage
Social Media

Question 24

What is a retention policy?

Answer 24

A retention policy dictates how long information must be retained anw hat to do when that period expires

Question 25

Define Records Management

Answer 25

Records Management establishes records policy and practices that are applied according to the business value of the content to the organisation.

Question 26

Why is Defensible Disposal helpful?

Answer 26

• Helps curb storage growth and costs and ensure regulatory compliance.
• Reduces duplication/redundancy