Week 2 - Information Governance Flashcards

1
Q

Define Information Governance

A
  • IG is about taking control of your information

Information Governance is the effective use and
management of information assets to
derive maximum value while minimising risk.
It encompasses all of the rules, regulations, legislation,
standards, and policies an organisation needs to comply
with (information)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why do companies need information governance?

A
  • They must comply with growing regulations
  • They want to gain maximum value from business information to drive innovation, sales and customer service
  • Getting IG wrong results in huge costs to business
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the volumes and data types every company is exposed to?

A
  • Structured and unstructured data
  • ELectronic and paper documents
  • Internal and External Data
  • Digital, Video and Audio Data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What distinguishes structured and unstructured data?

A
• Structured data
– Resides in fixed data fields.
– It is held within systems such as corporate databases,
ERPs, eCommerce and Online Transaction
Processing (OLTP) applications.
• Unstructured data
– Doesn’t follow a specified data format
– Makes up the vast volume of data found in most
companies, usually in documents such as
presentations and emails.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is BYOD and why does it affect companies?

A

Bring Your Own Device

Organisations have little control over corporate information so policies have to be introduced to control data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data Vs Information

A

Data is a collection of facts and values which can be public, confidential or restricted whereas information is processed data and therefore is “knowledge”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Name the three types of data

A

Public - eg policy details

Confidential - eg customer details

Restricted or private - Extra sensitive data eg passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What forms successful information governance? (Long answer)

A

• Control the information lifecycle]
• policies and procedures for information usage
• Know what/where information is held and in what format
• Know the quality of the information and its exact value
• Know how the information is stored and what is required to use it
• Know when the information can be archived and when it can be
‘defensibly’ be deleted
• Ensure information is available when and where it is required
• Ensure information is secure
• Compliance communication and training
• Be flexible and able to evolve
• continuous improvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What constitutes information gov councils?

A

It should include direction from cross functional senior level staff (any areas affected by particular stages of the programme)

Rotating membership

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define Risk Management

A

“Risk management is a scientific approach to dealing with pure risks by anticipating possible accidental losses and designing and implementing procedures that minimize the occurrence of loss or the financial impact of the losses that do occur.” (Fundamentals of Risk and Insurance, Vaughan and Vaughan)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Who should the risk function work with?

A

Legal: mitigate info risk in terms of ligitation, regulation and damage to reputation

IT: disaster recovery and business continuity

Will also require visibility of how and where info is stored and how it is destroyed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How should Compliance be involved?

A

Compliance should be involved in determining how information is stored and accessed as well as the establishment of internal measurements and controls on information.
• It should manage enterprise audit processes as well as being equipped to deal with requests from regulators and auditors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Records Management responsible for?

A
  • How paper and electronic documents are categorised, managed and stored

Sets in place policies for capturing and managing new information.

Works closely with compliance to determine how info should be handled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How should IT be involved in IG?

A
  • Effectively manage the volume of data affecting the organisation
  • Optimising the use of IT and storage as well as removing redundant systems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What questions should any IG programme answer?

A
What information does the organisation
have?
• Why is the information needed?
• Who should access and use the
information?
• How, when and where can they use the
information?
• What can they do with the information?
• Where is the information stored?
• How can the information be share with
employees, partners and suppliers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What roles should an IG council inclue?

A
  • Legal Officer
  • Discovery/Litigation Officer
  • Records Manager
  • CIO
  • Compliance Officer
  • Impacted Line of Business Managers
  • Chief Data Officer
  • IT Security
17
Q

Summarise the benefits of IG

A

By clearly understanding the value of the information you have and setting in place the processes and procedures to securely access it when and where required, an organisation can unlock the potential of their information in areas such as business analytics and collaboration.

Click here for all the benefits:
• https://www.infogovbasics.com/benefits/

18
Q

Summarise the challenges of IG

A
  • Every org is faced with an ever growing amount of information
  • Have to comply with gov, finance and industry regs.

Click here for challenges:
https://www.infogovbasics.com/challenges/

19
Q

Key areas of Regulation and Compliance to consider:

A

Archiving:
IG enables consistent archiving strategies. Content can be searchable from a single system.

Retention Management:
A retention policy should dictate how long info must be retained for and what to do with that information when the period expires. Generally remove ASAP.

20
Q

Define Big Data

A

Exponential growth and availability of structured and unstructured data, data so large it can be difficult to process traditionally

21
Q

What must companies consider when combining IG and Big Data?

A

Ensure that only meaningful information resides in corporate systems.

22
Q

What are key questions to consider with Information Governance for Big Data

A
  • How will information be stored, identified, collected and reviews?
  • Which communication channels are used within the organisation ?
  • How is this info created and communcated?
  • What is the business value of the data?
  • How does it operate in compliance with regulations and eDiscovery responsibilities?
  • What info can be removed and the process for disposal?
23
Q

What are the key areas of information governance for Big Data?

A
Retention Management
Records Management
Defensible Disposal
Information Storage
Social Media
24
Q

What is a retention policy?

A

A retention policy dictates how long information must be retained anw hat to do when that period expires

25
Q

Define Records Management

A

Records Management establishes records policy and practices that are applied according to the business value of the content to the organisation.

26
Q

Why is Defensible Disposal helpful?

A
  • Helps curb storage growth and costs and ensure regulatory compliance.
  • Reduces duplication/redundancy