Upload
griselda-hicks
View
223
Download
0
Tags:
Embed Size (px)
Citation preview
Why Information Governance….instead of Records & Information Management?Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM
817.352.4929 or [email protected]
May 12, 2015
Why Information Governance?
Explosive growth of information outside of traditional records and information management venues.
Challenges to maintenance of data integrity, availability, and data control in the face of massive volumes of data.
Technology advances that have culturally changed how we create, capture, use, retrieve, and manage records.
Regulatory requirements that require new measures of security and protection of information.
Regulatory requirements that require production of data rather than just records (information that is not a distinct physical document.
What is Information Governance?
“Security, control, and optimization of information”
Robert Smallwood
“Information governance is the activities and technologies that organizations employ to maximize the value of their information while minimizing associated risks and costs.”
Information Governance Initiative
“Comprehensive, holistic approach to information management that manages information throughout its lifecycle.”
Penny Quirk
Benefits
Retention of information in compliance with regulations, operating needs, and legal hold requirements.
Systematic disposition of information when it has no further legal or business value
Improved access to and preservation of needed information for both business and legal purposes.
Protection of private and sensitive information requiring heightened security controls and oversight.
Overall contribution to the mission and vision of an organization.
Key Components: Information Governance Steering Committee
Executive Leadership
Inclusive Representation
Working Teams
Information Stewards/Coordinators
Key Components: Information Governance Policy
Scope
Purpose
Objectives
Responsibilities
Standards
Key Components: Information Mapping
Retention Schedule
Discovery Data Maps
Application Profiles
Information Security and Data Classification Inventories
Privacy Data Flows
Historical Records Preservation
Vital Records Protection
Definitions
Key Components: Information Governance Strategy
Creating a common language of definitions
Process for management of physical records
Process for management of structured databases
Process for management of unstructured content: Email, collaborative environments, information shares, etc.
Process for risk-based assessments that are aligned with corporate goals and strategies
Key Components:Privacy and Security
Privacy Policy and Program
Data Loss Prevention
Data Minimization
Information Storage Program
Breach Response Program
Key ComponentsEmployee Training & Compliance
New employees
Existing employees
Contractors
Third Parties
Key Components:Discovery Readiness Program
Ensure that the discovery process is managed, executed, and documented in a repeatable and defensible manner.
Establish and communicate roles and responsibilities of each member of the discovery readiness team.
Comply with applicable state and federal laws as well as “best practice” guidelines and recommendations pertaining to discovery.
Reasonably respond to regulatory inquiries, discovery requests, and subpoenas in an efficient, effective, and fiscally responsible way.
Key Components:Measure and Adjust
Risk Assessments
Follow-Up
Monitoring
Controlled Self Assessments
Change Control
Project Team Participation
Key Components:Success Metrics! Number of employees that complete training on privacy and
information management.
Identification and elimination of duplicate, unstructured content on file shares using file analysis software.
Elimination of orphaned content from decommissioned systems, terminated employees, and abandoned projects.
Successful completion of intrusion detection, data leakage, or vulnerability testing.
Employees trained on information privacy, management, and security.
Successful defense against cyber attacks.
Reduced costs for discovery.
Reduction of storage space consumed.
Information Governance: A New Program
Future Challenges
Culture
Poor data quality
Cost
Risk
Privacy
Future Roles
Data Stewards
Information Governance Professionals
Project Managers
Business Analysts
Business Process Engineers
Information Analysts
Information Security Officers and Privacy Officers
Information Technology Auditors
Compliance or Information Officers