1 Generally Accepted Recordkeeping Principles Information Governance Maturity Model Information is one of the most vital strategic assets any organization possesses. Organizations depend on information to develop products and services, make critical strategic decisions, protect property rights, propel marketing, manage projects, process transactions, serve customers, and generate revenues. In short, well-governed information is critical to the success of any organization. Despite its importance, there is often uncertainty and disagreement about what constitutes good information governance which Gartner Inc. describes as an accountability framework that includes the processes, roles, standards, and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals and even more uncertainty as to how to achieve it. Yet, this issue gains in importance daily as regulators, shareholders, courts, and constituents are increasingly concerned about organizations business practices and the records which are defined as any recorded information, regardless of medium or characteristics, made or received and retained by an organization in pursuance of legal obligations or in the transaction of business and the non-record information that support and document those practices. In addition, society as a whole is concerned about governmental and business transparency and other information-related issues, such as privacy and security of personal information. These concerns are magnified by ever-growing data volumes and complexity that demand increasingly sophisticated governance and management. To address these needs, ARMA International developed and promulgated the Generally Accepted Recordkeeping Principles (the Principles).
2 An Information Governance Standard The Principles identify the critical hallmarks of information governance and provide both a standard of conduct for governing information and metrics by which to judge that conduct. In doing so, they give assurance to the public and society at large that organizations of every kind are meeting their responsibilities with respect to the governance of information. Because the Principles describe and measure fundamental attributes of information governance, they apply to all sizes of organizations, in all types of industries, and in both the private and public sectors. And, because the Principles are independent of local law and custom, multi-national organizations can use them to establish consistent practices across geographic boundaries. The Principles are essential for: Administrators and executive management in determining how to protect their organizations in the use of information assets Legislators in crafting legislation meant to provide certainty in business and public affairs and to hold organizations accountable to appropriate standards of conduct Information management professionals in designing comprehensive and effective information governance programs Information workers in performing their day-to-day duties A Model for Effective Information Governance The Generally Accepted Recordkeeping Principles (the Principles) create a high-level framework of good practice. However, they do not delve into implementation details, such as specific policies and procedures, job descriptions, or specific technologies. The Information Governance Maturity Model (Maturity Model) which is based on the Principles, as well as the established body of standards, best practices, and legal/regulatory requirements that surround information governance begins to paint a more complete picture of what effective information governance is. The Maturity Model goes beyond a mere restatement of the Principles, defining the characteristics of information governance programs at differing levels of maturity, completeness, and effectiveness. For each of the eight principles, the Maturity Model describes characteristics that are typical for its five levels of maturity: LEVEL 1 (Sub-Standard): This level describes an environment where information governance and recordkeeping concerns are not addressed at all, are addressed minimally, or are addressed in an ad hoc manner. Organizations that identify primarily with these descriptions should be concerned that their programs will not meet legal or regulatory scrutiny and may not effectively serve the business needs of the organization. LEVEL 2 (In Development): This level describes an environment where there is a developing recognition that information governance and prudent recordkeeping have an impact on the organization and that the organization may benefit from a more defined information governance program. However, in Level 2, the organization is still vulnerable to scrutiny of its legal or regulatory and business requirements because its practices are ill-defined, incomplete, nascent, or only marginally effective. LEVEL 3 (Essential): This level describes the essential, or minimum, requirements that must be addressed to meet the organization s legal, regulatory, and business requirements. Level 3 is characterized by defined policies and procedures and the implementation of processes specifically intended to improve information governance and recordkeeping. Organizations that identify primarily with Level 3 descriptions still may be missing significant opportunities for streamlining business and controlling costs, but they have the key basic components of a sound program in place and are likely to be at least minimally compliant with legal, operational, and other responsibilities.
3 LEVEL 4 (Proactive): This level describes an organization that has established a proactive information governance program throughout its operations and has established continuous improvement for it. Information governance issues and considerations are routinely integrated into business decisions. The organization is substantially more than minimally compliant with good practice and easily meets its legal and regulatory requirements. The entity that identifies primarily with these descriptions should begin to pursue the additional business and productivity benefits it could achieve by increasing enterprisewide information availability, mining its information for a better understanding of clients and customers needs, and otherwise transforming itself through increased use of its information. LEVEL 5 (Transformational): This level describes an organization that has integrated information governance into its overall corporate infrastructure and business processes to such an extent that compliance with program requirements and legal, regulatory, and other responsibilities are routine. This organization has recognized that effective information governance plays a critical role in cost containment, competitive advantage, and client service, and it has successfully implemented strategies and tools to achieve these gains on a plenary basis. As a program progresses, the personnel charged with its management will likewise progress through a spectrum of increasing competence and effectiveness. At the transformational level, the information governance professional has a sophisticated skill set that encompasses a broad range of topics, including information theory and practice, technologies, and legal compliance. How to Use the Maturity Model Using the Maturity Model is the first in a series of steps an organization should take to evaluate and improve its information governance programs and practices. An in-depth understanding of the Principles and the Maturity Model levels will help the organization target the optimum level to achieve in relation to each principle. Based on defined business needs and risk assessments, an organization may choose to target different levels of maturity for each of the eight principles and for different areas of the organization. However, no entity should be satisfied with being at a maturity level of 1 or 2 in any area because this presents substantial risk to the overall organization. After deciding whether to evaluate the entire organization or a portion of it (e.g., department, division, or geographic location), the following initial steps are recommended: 1. Based on a thorough understanding of the Principles, the Maturity Model, and the organization s operating needs, target a specific maturity level for each of the principles. 2. Using the Maturity Model, determine the maturity level of current practices and identify the gap between the current practices and the desired maturity level for each principle. 3. Based upon the greatest maturity gaps, most available improvement opportunities, and other relevant information, assess the risk(s) to the organization and the opportunities for greatest benefit. 4. Develop priorities and assign accountability for suitable remediation and improvement strategies and processes. 5. Implement a process to ensure continuous improvement through routine monitoring and periodic assessments. Since referencing the Maturity Model alone is a high-level evaluation, a more in-depth analysis likely will be necessary in order to develop the most effective improvement strategy. Obtaining the desired improvement will require a continuous focus, commitment to an ongoing improvement process, and periodic evaluations of the program against the Maturity Model.
4 Information Governance Maturity Model The Principle LEVEL 1 LEVEL 2 (Sub-Standard) (In Development) Accountability A senior executive (or person of comparable authority) shall oversee the information governance program and delegate responsibility for records and information management to appropriate individuals. The organization adopts policies and procedures to guide personnel and ensure that the program can be audited. No senior executive (or person of comparable authority) is responsible for records or information. The records manager role is largely non-existent, or it is an administrative and/or clerical role distributed among general staff. Information assets are managed in a disparate fashion or not at all. No senior executive (or person of comparable authority) is involved in or responsible for records or information. The records manager role is recognized, although the person in that role is responsible only for tactical operation of the existing records management program, which is concerned primarily with managing records rather than all information assets. In many cases, the existing records management program covers paper records only. The information technology function or department is the de facto lead for storing electronic information, and the records manager is not involved in discussions about electronic systems. Information is not stored in a systematic fashion. The organization is aware that it needs to govern its broader information assets. Transparency An organization s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and the documentation shall be available to all personnel and appropriate interested parties. It is difficult to obtain timely information about the organization, its business, or its records management program. Business and records and information management processes are not well-defined, and no clear documentation regarding these processes is readily available. There is no emphasis on transparency. The organization cannot readily accommodate requests for information, discovery for litigation, regulatory responses, freedom of information, or other requests (e.g., from potential business partners, investors, or buyers). The organization has not established controls to ensure the consistency of information disclosure. The organization realizes that some degree of transparency is important in its business processes and records and information management program for business or regulatory needs. Although a limited amount of transparency exists in areas where regulations demand it, there is no systematic or organization-wide drive to transparency. The organization has begun to document its business and records and information management processes. Integrity An information governance program shall be constructed so the information generated by or managed for the organization has a reasonable and suitable guarantee of authenticity and reliability. There are no systematic audits or defined processes for showing the authenticity of a record or information, meaning that its origin, time of creation or transmission, and content are what they are purported to be. Various organizational functions use ad hoc methods to demonstrate authenticity and chain of custody, as appropriate, but their trustworthiness cannot easily be guaranteed. Some organizational records and information are stored with their respective metadata that demonstrate authenticity; however, no formal process is defined for metadata storage and chain of custody. Metadata storage and chain of custody methods are acknowledged to be important, but they are left to the different departments to handle as they determine is appropriate. Protection An information governance program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, classified, essential to business continuity, or that otherwise require protection. No consideration is given to information protection. Records and information are stored haphazardly, with protection taken by various groups and departments and with no centralized access controls. Access controls, if any, are assigned by the author. Some protection of information assets is exercised. There is a written policy for records and information that require a level of protection (e.g., personnel records). However, the policy does not give clear and definitive guidelines for all information in all media types. Guidance for employees is not universal or uniform. Employee training is not formalized. The policy does not address how to exchange these records and information among internal or external stakeholders. Access controls are implemented by individual content owners. Note: Records management terms used in the Generally Accepted Recordkeeping Principles Information Governance Maturity Model are defined in the Glossary of Records and Information Management Terms, 3rd Edition (ARMA International, 2007).
5 LEVEL 3 LEVEL 4 LEVEL 5 (Essential) (Proactive) (Transformational) The records manager role is recognized within the organization, and the person in that role is responsible for the tactical operation of the established records management program on an organization-wide basis. The organization includes electronic records as part of the records management program. The records manager is actively engaged in strategic information and records management initiatives with other officers of the organization. Senior management is aware of the records management program. The organization envisions establishing a broaderbased information governance program to direct various information-driven processes throughout the enterprise. accountability. The organization has appointed an information governance professional, who also oversees the records management program. The records manager is a senior officer responsible for all tactical and strategic aspects of the records management program, which is an element of an information governance program. A stakeholder committee representing all functional areas meets on a periodic basis to review disposition policy and other records management-related issues. The organization s senior management and its governing board place great emphasis on the importance of information governance. The records manager directs the records management program and reports to an individual in the senior level of management, (e.g., chief information governance officer) The chief information governance officer and the records manager are essential members of the organization s governing body. The organization s initial goals related to accountability ensure its goals for accountability are routinely reviewed and revised. Transparency in business and records and information management is taken seriously, and information is readily and systematically available when needed. There is a written policy regarding transparency in business and records and information management. Employees are educated on the importance of transparency and the specifics of the organization s commitment to transparency. information governance transparency. Business and records and information management processes are documented. The organization can accommodate most requests for information, discovery for litigation, regulatory responses, freedom of information, or other requests (e.g., from potential business partners, investors, or buyers). Transparency is an essential part of the corporate culture and is emphasized in training. The organization monitors compliance on a regular basis. Business and records and information management process documentation is monitored and updated consistently. Requests for information, discovery for litigation, regulatory responses, freedom of information, or other requests (e.g., from potential business partners, investors, or buyers) are managed through routine business processes. The organization s senior management considers transparency as a key component of information governance. The software tools that are in place assist in transparency. Requestors, courts, and other legitimately interested parties are consistently satisfied with the transparency of the processes and the organization s responses. The organization s initial goals related to transparency ensure its goals for transparency are routinely reviewed and revised. The organization has a formal process to ensure that the required level of authenticity and chain of custody can be applied to its systems and processes. Appropriate data elements to demonstrate compliance with the policy are captured. integrity. There is a clear definition of metadata requirements for all systems, business applications, and records that are needed to ensure the authenticity of records and information. Metadata requirements include security and signature requirements and chain of custody as needed to demonstrate authenticity. The metadata definition process is an integral part of the records management practice in the organization. There is a formal, defined process for introducing new record-generating systems, capturing their metadata, and meeting other authenticity requirements, including chain of custody. Integrity controls of records and information are reliably and systematically audited. The organization s initial goals related to integrity have been met, and it has an established process to ensure its goals for integrity are routinely reviewed and revised. The organization has a formal written policy for protecting records and information, as well as centralized access controls. Confidentiality and privacy considerations are well-defined within the organization. The importance of chain of custody is defined, when appropriate. Training for employees is available. Records and information audits are conducted only in regulated areas of the business. Audits in other areas may be conducted, but they are left to the discretion of each functional area. records and information protection. The organization has implemented systems that provide for the protection of the information. Employee training is formalized and well-documented. Auditing of compliance and protection is conducted on a regular basis. Executives and/or senior management and other governing bodies (e.g., board of directors) place great value in the protection of information. Audit information is regularly examined, and continuous improvement is undertaken. Inappropriate or inadvertent information disclosure or loss incidents are rare. The organization s initial goals related to protection ensure its goals for protection are routinely reviewed and revised.
6 Information Governance Maturity Model The Principle LEVEL 1 LEVEL 2 (Sub-Standard) (In Development) Compliance An information governance program shall be constructed to comply with applicable laws and other binding authorities, as well as with the organization s policies. There is no clear understanding or definition of the information or records the organization is obligated to keep. Information is not systematically managed. Groups and units within the organization manage information as they see fit based upon their own understanding of their responsibilities, duties, and what the appropriate requirements are. There is no central oversight or guidance and no consistently defensible position on information governance. There is no formally defined or generally understood process for imposing legal, audit, or other information production processes. The organization has significant exposure to adverse consequences from poor compliance practices. The organization has identified some of the rules and regulations that govern its business and introduced some compliance policies and good information management practices around those policies. Policies are not complete, and there are no structured accountability processes or controls for compliance. There is a hold process, but it is not well-integrated with the organization s information management and discovery processes, and the organization does not have full confidence in it. Availability An organization shall maintain records and information in a manner that ensures timely, efficient, and accurate retrieval of needed information. Records and other information are not readily available when needed, and/or it is unclear who to ask when there is a need for it to be produced. It takes time to find the correct version, the signed version, or the final version of information, if it can be found at all. The records and other information lack finding aids, such as various indices, metadata, and other methodologies. Legal discovery and information requests are difficult because it is not clear where information resides or where the final copy is located. Records and information retrieval mechanisms have been implemented in some parts of the organization. In those areas with retrieval mechanisms, it is possible to distinguish among official records, duplicates, and non-record information. There are some policies on where and how to store official records and information, but a standard is not imposed across the organization. Responding to legal discovery and information requests is complicated and costly due to the inconsistent treatment of information. Retention An organization shall maintain its records and information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements. There is no current, documented records retention schedule or policy. Rules and regulations that should define retention are not identified or centralized. Retention guidelines are haphazard, at best. In the absence of retention schedules and policies, employees either keep everything or dispose of records and information based on their own business needs, rather than organizational needs. A retention schedule and policies are available, but they do not encompass all records and information, did not go through an official review, and are not well known around the organization. The retention schedule and policies are not regularly updated or maintained. Education and training about the retention policies are not available. Disposition An organization shall provide secure and appropriate disposition for records and information that are no longer required to be maintained by applicable laws and the organization s policies. There is no documentation of the processes (if there are any) used to guide the transfer or disposition of records and information. The process for suspending disposition in the event of investigation or litigation is non-existent or is inconsistent across the organization. Preliminary guidelines for disposition are established. There is a realization of the importance of suspending disposition in a consistent manner, when required. There may not be enforcement and auditing of disposition. Note: Records management terms used in the Generally Accepted Recordkeeping Principles Information Governance Maturity Model are defined in the Glossary of Records and Information Management Terms, 3rd Edition (ARMA International, 2007).
7 LEVEL 3 LEVEL 4 LEVEL 5 (Essential) (Proactive) (Transformational) The organization has identified key compliance laws and regulations. Information creation and capture are in most cases systematically carried out in accordance with information management principles. The organization has a code of business conduct that is integrated into its overall information governance structure and policies. Compliance is highly valued and measurable, and suitable records and information demonstrating the organization s compliance are maintained. The hold process is integrated into the organization s information management and discovery processes for the critical systems, and it is generally effective. compliance. The organization s exposure to adverse consequences from poor information management and governance practices is reduced. The organization has implemented systems to capture and protect information for all key repositories and systems. Records are linked with the metadata used to demonstrate and measure compliance. Employees are trained appropriately, and audits are conducted regularly. Lack of compliance is consistently remedied through implementation of defined corrective actions. Records of audits and training are available for review. The legal, audit, and information production processes are well-managed and effective, with defined roles and repeatable processes that are integrated into the organization s information governance program. The organization is at low risk of adverse consequences from poor information management and governance practices. The importance of compliance and the role of records and information in it are clearly recognized at the senior management and governing body levels (e.g., board of directors). Auditing and continuous improvement processes are well-established and monitored by senior management. The roles and processes for information management and discovery are integrated, and those processes are well-developed and effective. The organization suffers few or no adverse consequences based on information governance and compliance failures. The organization s initial goals related to compliance ensure its goals for compliance are routinely reviewed and revised. There is a standard for where and how records and information are stored, protected, and made available. There are clearly defined policies regarding the handling of records and information. Records and information retrieval mechanisms are consistent and contribute to timely retrieval. Most of the time, it is easy to determine where to find the authentic and final version of any information. Legal discovery and information request processes are well-defined and systematic. Systems and infrastructure contribute to the availability of records and information. availability of records and information. Information governance policies have been clearly communicated to all employees and other parties. There are clear guidelines and an inventory that identify and define the systems and their information assets. Records and information are consistently and readily available when needed. Appropriate systems and controls are in place for legal discovery and information requests. Automation is adopted to facilitate the consistent implementation of the hold and information request processes. The senior management and governing body (e.g., board of directors) provide support to continually upgrade the processes that affect records and information availability. There is an organized training and continuous improvement program across the organization. There is a measurable return on investment to the organization as a result of records and information availability. The organization s initial goals related to availability ensure its goals for availability are routinely reviewed and revised. The organization has instituted a policy for records and information retention. A formal retention schedule that is tied to rules and regulations is consistently applied throughout the organization. The organization s employees are knowledgeable about the retention policy, and they understand their personal responsibilities for records and information retention. retention. Employees understand how to classify records and information appropriately. Retention training is in place. Retention schedules are reviewed on a regular basis, and there is a process to adjust retention schedules, as needed. Records and information retention is a major organizational objective. Retention is an important item at the senior management and governing body level (e.g., board of directors). Retention is looked at holistically and is applied to all information in an organization, not just to official records. Information is consistently retained for appropriate periods of time. The organization s initial goals related to retention have been met, and it has an established process to ensure its goals for retention are routinely reviewed and revised. Official procedures for records and information disposition and transfer have been developed. Official policy and procedures for suspending disposition have been developed. Although policies and procedures exist, they may not be standardized across the organization. disposition. Disposition procedures are understood by all and are consistently applied across the enterprise. The process for suspending disposition is defined, understood, and used consistently across the organization. Records and information in all media are disposed of in a manner appropriate to the information content and retention policies. The disposition process covers all records and information in all media. Disposition is assisted by technology and is integrated into all applications, data warehouses, and repositories. Disposition processes are consistently applied and effective. Processes for disposition are regularly evaluated and improved. The organization s initial goals related to disposition ensure its goals for disposition are routinely reviewed and revised. 6
8 For education and resources on the Generally Accepted Recordkeeping Principles, visit All materials ARMA International, ARMA International has a variety of additional resources and assessment tools that are designed to help organizations improve their information governance practices available at
Generally Accepted Recordkeeping Principles How Does Your Program Measure Up? GARP Overview Creation Purpose GARP Overview Creation About ARMA International and the Generally Accepted Recordkeeping Principles
ARMA: Information Governance: A Revenue Source Potential Presenter: Martin Tuip Executive Director for IG Products ARMA International Agenda About ARMA International What is Information Governance? Generally
State of Florida ELECTRONIC RECORDKEEPING STRATEGIC PLAN January 2010 December 2012 DECEMBER 31, 2009 Florida Department of State State Library and Archives of Florida 850.245.6750 http://dlis.dos.state.fl.us/recordsmanagers
E-Guide GARP and how it helps you achieve better information governance Sponsored By: E-Guide GARP and how it helps you achieve better information governance Table of Contents Resources from IBM Sponsored
Principles for Improving Internal Audit s Value Proposition All organizations depend on information to manage day-to-day operations, comply with regulations, gauge financial performance, and monitor strategic
Successful Implementation of Enterprise-Wide Information Governance ARMA Austin Monthly Meeting November 13, 2014 TAD C. HOWINGTON, CRM, FAI Manager, E- Records and Information Governance Kinder- Morgan
Information and records management NZQA Quality Management System Policy Purpose The purpose of this policy is to establish a framework for the management of information and records within NZQA and assign
The World of Information Governance Society of Corporate Compliance and Ethics Maggi Johnsen, CRM October 12, 2012 Table of Contents What is Information Governance (IG)? What Might Lead to an IG Failure?
GARP Maturity Model Is Your Organization Ready? Douglas P Allen, CRM, CDIA+ President ARMA International firstname.lastname@example.org Dear ANOTHER Dear Manager MEMO (HR), (HR), SENT SHORTLY AFTER: Dear Bob
PURPOSE Records and information are important strategic assets of an organization and, like other organizational assets (people, capital and technology), must be managed to maximize their value. Information
Fundamentals of Information Governance: More than just records management PETER KURILECZ CRM CA IGP Hard as I try, I simply cannot make myself understand how Information Governance isn t just a different
Office of the Auditor General of Canada Internal Audit of Document Management Through PROxI Implementation July 2014 Practice Review and Internal Audit Her Majesty the Queen in Right of Canada, represented
Building a GARP -Compliant Solution How the ability to understand meaning helps organizations govern information in compliance with ARMA International s GARP Principles Autonomy White Paper Index Introduction
OVERVIEW: According to ISO 15489-1 and -2 Information and Documentation Records Management, Part 1 (General) and Part 2 (Guidelines), in order to design and implement sustainable record systems, a design
Non-Profit Records Management Tool Kit January 2013 Contents Introduction.... 3 Generally Accepted Record Keeping Principles.... 4 What is a Record?.... 5 File Maintenance.... 6 Classifying a Record.....8
Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives
INFORMATION GOVERNANCE Principles for Healthcare (IGPHC) AHIMA 3 INFORMATION GOVERNANCE Principles for Healthcare (IGPHC) Preamble...3 Principle of Accountability...5 Principle of Transparency...6 Principle
TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL INTRODUCTION WHAT IS A RECORD? AS ISO 15489-2002 Records Management defines a record as information created,
Securing the Healthcare Enterprise for Compliance with Cloud-based Identity Management Leveraging Common Resources and Investments to Achieve Premium Levels of Security Summary The ecosystem of traditional
The role of Information Governance in an Enterprise Architecture Framework Richard Jeffrey-Cook, MBCS, CITP, FIRMS Head of Information and Records Management In-Form Consult Ltd, Cardinal Point Park Road,
What We ll Cover Foundations of Records and Information Management Creating a Defensible Retention Schedule Paper v. Electronic Records Organization and Retrieval of Records and Information Records Management
Records Management Policy Effective Date: This Policy takes effect on July 15, 2013 Purpose The purpose of this policy is to achieve efficient and effective management of CMHC information with business
Page 1 of 12 Date of Issue: June 2014 Original Date of Issue: Subject: References: Links: Contact: June 2014 RECORDS AND INFORMATION MANAGEMENT Policy 2196 Records and Information Management Policy 2197
State of Montana E-Mail Guidelines A Management Guide for the Retention of E-Mail Records for Montana State Government Published by the: Montana State Records Committee Helena, Montana September 2006 Based,
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
Information and records management NZQA Quality Management System Policy Purpose The purpose of this policy is to establish a framework for the management of corporate information and records within NZQA.
INFORMATION GOVERNANCE Principles for Healthcare (IGPHC) AHIMA 3 INFORMATION GOVERNANCE Principles for Healthcare (IGPHC) Preamble...3 Principle of Accountability...5 Principle of Transparency...6 Principle
RECORDS MANAGEMENT POLICY POLICY STATEMENT The records of Legal Aid NSW are a major component of its corporate memory and risk management strategies. They are a vital asset that support ongoing operations
RECORDS MANAGEMENT POLICY Draft Final R Version: 1 Identifier: CCS 3.2.3 Policy Section: Records Management Date Adopted: 17 July 2015 Review Date: July 2018 Author: Jenny Kennedy Review Officer: Deputy
CONTRACT MANAGEMENT FRAMEWORK August 2010 Page 1 of 20 Table of contents 1 Introduction to the CMF... 3 1.1 Purpose and scope of the CMF... 3 1.2 Importance of contract management... 4 1.3 Managing contracts...
B O N N E V I L L E P O W E R A D M I N I S T R A T I O N BPA Policy 236-1 Table of Contents 236-1.1 Purpose & Background... 2 236-1.2 Policy Owner... 2 236-1.3 Applicability... 2 236-1.4 Terms & Definitions...
IG DG ITG Data Gov IT Gov Info Gov Data Governance vs. Information Governance? Data Gov Info Gov Data Governance vs. Information Governance Data Governance vs. Information Governance Data Facts, Measurements
Corporate Records Management Policy Introduction Part 1 Records Management Policy Statement. February 2011 Part 2 Records Management Strategy. February 2011 Norfolk County Council Information Management
InterPARES Trust Retention & Disposition in the Cloud Do you really have control? Franks Patricia, San Jose State University, San Jose, USA and Alan Doyle, University of British Columbia, Canada October
From Information Management to Information Governance: The New Paradigm By: Laurie Fischer Overview The explosive growth of information presents management challenges to every organization today. Retaining
D2725D-2013 EURIBOR - CODE OF OBLIGATIONS OF PANEL BANKS Version: 1 October 2013 1. Objectives The European Money Markets Institute EMMI previously known as Euribor-EBF, as Administrator for the Euribor
Considerations for Outsourcing Records Storage to the Cloud 2 Table of Contents PART I: Identifying the Challenges 1.0 Are we even allowed to move the records? 2.0 Maintaining Legal Control 3.0 From Storage
Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable
CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline) David J. Chavolla, Esq. and Gary L. Kemp, Esq. Casner & Edwards, LLP 303 Congress Street Boston, MA 02210 A. Document and Record Retention Preservation
Title: Records and Information Management Policy No: 057 Adopted By: Chief Officers Group Next Review Date: 08/06/2014 Responsibility: General Manager Corporate Services Document Number: 2120044 Version
INDEX Pages 1. DESCRIPTORS... 1 2. KEY ROLE PLAYERS... 1 3. CORE FUNCTIONS OF THE RECORDS MANAGER... 1 4. CORE FUNCTIONS OF THE HEAD OF REGISTRIES... 1 5. PURPOSE... 2 6. OBJECTIVES... 2 7. POLICY... 2
Tsawwassen First Nation Policy for Records and Information Management September 28 2011 Tsawwassen First Nation Policy for Records and Information Management Table of Contents 1. RECORDS AND INFORMATION
RECORDS AND INFORMATION Approved by: Vice President, Human Resources & Corporate Resources and Vice President, Treasury & Compliance Date: October 14, 2009 PURPOSE Penn West recognizes that responsible
Council Policy Records & Information Management COUNCIL POLICY RECORDS AND INFORMATION MANAGEMENT Policy Number: GOV-13 Responsible Department(s): Information Systems Relevant Delegations: None Other Relevant
H. R. 2458 48 (1) maximize the degree to which unclassified geographic information from various sources can be made electronically compatible and accessible; and (2) promote the development of interoperable
AL 2004 9 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Electronic Record Keeping TO: Chief Executive Officers of All National Banks, Federal Branches and Agencies,
2 July 2014 Executive Director Records management POLICY/no 0026 Status: Public Effective date: 10 July 2014 Review date: 10 July 2017 Supersedes: Version 17-SEP-08 1. Introduction and purpose To comply
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the Standards Internal auditing is conducted in diverse legal and cultural environments; for organizations
Information Technology Security Policy for IBTS Pakistan Stock Exchange Limited Table of contents Information Technology Security Policy for IBTS 1- INTRODUCTION AND SCOPE... 3 2- CHARTER OF THE DOCUMENT...
Rowan University Data Governance Policy Effective: January 2014 Table of Contents 1. Introduction... 3 2. Regulations, Statutes, and Policies... 4 3. Policy Scope... 4 4. Governance Roles... 6 4.1. Data
Discard Create Inactive Life Cycle of Records Current Retain Use Semi-current Records Management Policy April 2014 Document title Records Management Policy April 2014 Document author and department Responsible
GPO Box 2343 ADELAIDE SA 5001 Tel (08) 8204 8773 Fax (08) 8204 8777 DX:467 email@example.com www.archives.sa.gov.au Management of Official Records in a Business System October 2011 Version
for the March 22, 2011 Robert Morningstar Information Systems Security Manager DHS Office of the Chief Information Officer/Enterprise Service Delivery Office (202) 447-0467 Reviewing Official Mary Ellen
Department of Defense INSTRUCTION NUMBER 5015.02 February 24, 2015 DoD CIO SUBJECT: DoD Records Management Program References: See Enclosure 1 1. PURPOSE. This instruction reissues DoD Directive (DoDD)
Prepared by the Office of the Executive Vice President for Academic Affairs/Provost This is a NEW Executive Policy UNIVERSITY OF HAWAI I EXECUTIVE POLICY ON INSTITUTIONAL DATA GOVERNANCE September 2012
Interagency Science Working Group 1 National Archives and Records Administration Establishing Trustworthy Digital Repositories: A Discussion Guide Based on the ISO Open Archival Information System (OAIS)
ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND
NSW Data & Information Custodianship Policy June 2013 v1.0 CONTENTS 1. PURPOSE... 4 2. INTRODUCTION... 4 2.1 Information Management Framework... 4 2.2 Data and information custodianship... 4 2.3 Terms...
Records Retention and Management Report to the Government Oversight Committee April 2015 Report to the Government Oversight Committee Records Retention and Management 1 TABLE OF CONTENTS Introduction...
Policy Statement Information is a strategic business resource that the must manage as a public trust on behalf of Nova Scotians. Effective information management makes program and service delivery more
Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 PROCEDURES FOR ELECTRONIC MANAGEMENT OF RULEMAKING AND OTHER DOCKETED RECORDS IN THE FEDERAL DOCKET MANAGEMENT
INTERNATIONAL STANDARD ON 200 OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR AND THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH INTERNATIONAL STANDARDS ON (Effective for audits of financial statements for periods
Information Governance (IG) encompasses sets of multi disciplinary structures, policies, procedures, processes and controls implemented to manage records and information at an enterprise level, supporting
RECORDS MANAGEMENT TRAINING EVERYONES RESPONSIBILITY Marine Corps Community Services MCAS, Cherry Point, North Carolina COURSE INFORMATION Course Information Goal The goal of this training is to provide
RECORDS MANAGEMENT POLICY 1. POLICY OBJECTIVE 1.1 The University of South Africa (Unisa) has the responsibility to manage, store and retain certain documentation, records and other forms of information
INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 200 OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR AND THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH INTERNATIONAL STANDARDS ON AUDITING (UK AND IRELAND)
Records Management SUrvey Report 75% of Most Respondents Said a Senior Executive Oversees the Records Program On the Record Is Your Organization s Records Management Program Providing High Value or High
GRC Frameworks Series The Copenhagen Compliance Governance Framework is based on the Nordic Governance Model Nordic companies have transformed regulatory authority and mechanisms of the welfare state to
Developing a Records Retention Program This site is intended to help you design and implement a records retention program for your organization. Here you will find a basic explanation of a records retention
City of Minneapolis Policy for Enterprise Information Management Origin: Developed by the City Clerk s Office and Business Information Services. Based on requirements set forth in Federal and State regulations
Enterprise Content Management - ECM Program for New Mexico State Government a.k.a. ELECTRONIC DOCUMENT MANAGEMENT SYSTEM (EDMS) ELECTRONIC RECORDS MANAGEMENT SYSTEM (ERMS) Informational Presentation to
General HIPAA Implementation FAQ What is HIPAA? Signed into law in August 1996, the Health Insurance Portability and Accountability Act ( HIPAA ) was created to provide better access to health insurance,
Audit Documentation 2029 AU Section 339 Audit Documentation (Supersedes SAS No. 96.) Source: SAS No. 103. See section 9339 for interpretations of this section. Effective for audits of financial statements
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT PERFORMANCE AUDIT OF THE ENTERPRISE DATA WAREHOUSE DEPARTMENT OF TECHNOLOGY, MANAGEMENT, AND BUDGET August 2014 Doug A. Ringler, C.P.A., C.I.A. AUDITOR
NATIONAL INSURANCE BROKERS ASSOCIATION OF AUSTRALIA (NIBA) ABOUT NIBA Submission to WorkCover Western Australia Legislative Review 2013 February 2014 NIBA is the peak body of the insurance broking profession
July 21, 2009 The Honorable Michael J. Astrue Commissioner Social Security Administration 6401 Security Boulevard Baltimore, MD 21235-7703 Dear Mike: As you requested, the ABA explored the issues related
INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the International Standards Internal auditing is conducted in diverse legal and cultural environments;
University of Hawai i Executive Policy on Data Governance (Draft 2/1/12) I. Definition Data governance is the exercise of authority and control (planning, monitoring, and enforcement) over the management
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
Chapter 4 Section 4.01 Ministry of Government Services Archives of Ontario and Information Storage and Retrieval Services Follow-up on VFM Section 3.01, 2007 Annual Report Background The Archives of Ontario
STATS-DC 2012 Data Conference July 12, 2012 Washington State s Use of the IBM Data Governance Unified Process Best Practices Bill Huennekens Washington State Office of Superintendent of Public Instruction,
UTILIZING COMPOUND TERM PROCESSING TO ADDRESS RECORDS MANAGEMENT CHALLENGES CONCEPT SEARCHING This document discusses some of the inherent challenges in implementing and maintaining a sound records management
E-mail Management: A Guide For Harvard Administrators E-mail is information transmitted or exchanged between a sender and a recipient by way of a system of connected computers. Although e-mail is considered