TRENDS AND DEVELOPMENTS IN INFORMATION GOVERNANCE AND RECORDS MANAGEMENT. Key Concepts Defined. Key Concepts Defined 4/30/2015



Similar documents
RECORD AND INFORMATION MANAGEMENT FRAMEWORK FOR ONTARIO SCHOOL BOARDS/AUTHORITIES

NightOwlDiscovery. EnCase Enterprise/ ediscovery Strategic Consulting Services

Interagency Science Working Group. National Archives and Records Administration

How the Information Governance Reference Model (IGRM) Complements ARMA International s Generally Accepted Recordkeeping Principles (GARP )

Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure?

Director, Value Engineering

Certified Information Professional 2016 Update Outline

PHASE 9: OPERATIONS AND MAINTENANCE PHASE

Breaking Down the Silos: A 21st Century Approach to Information Governance. May 2015

BPA Policy Information Governance & Lifecycle Management

ADMINISTRATIVE POLICY # (2014) Information Security Roles and Responsibilities

September Tsawwassen First Nation Policy for Records and Information Management

The Business Case for HP ControlPoint

UTech Services Compliance, Auditing, Risk, and Security (CARS) Team Charter

HIPAA BUSINESS ASSOCIATE AGREEMENT

7Seven Things You Need to Know About Long-Term Document Storage and Compliance

Accelerating HIPAA Compliance with EMC Healthcare Solutions

Fundamentals of Information Governance:

3. Ensure the management of information is compliant with legislative requirements to maximise the benefits and minimise risks;

Page 1 of 7 Effective Date: 12/18/03 Software Supplier Process Requirements

39C-1 Records Management Program 39C-3

Cloud Service Contracts: An Issue of Trust

Beazley presentation master

Defensible Disposition Strategies for Disposing of Structured Data - etrash

Speed the transition to an electronic environment. Comprehensive, Integrated Management of Physical and Electronic Documents

Identify and Protect Your Vital Records

Demographics QUESTIONS COMMENTS

From Information Management to Information Governance: The New Paradigm

Vendor Management Best Practices

How To Manage Cloud Data Safely

DUUS Information Technology (IT) Incident Management Standard

Governance, Risk, and Compliance (GRC) White Paper

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline)

Electronic Documents: is any electronic media content that is intended to be used in either an electronic form or as printed output.

Data Governance Policy. Staff Only Students Only Staff and Students. Vice-Chancellor

RECORDS MANAGEMENT POLICY

Administrative Procedures Memorandum A2005

B. Preservation is not limited to simply avoiding affirmative acts of destruction because day-to-day operations routinely alter or destroy evidence.

TABLE OF CONTENTS Information Systems Security Handbook Information Systems Security program elements. 7

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

REALITY BYTES: A NEW ERA OF ELECTRONIC DISCOVERY

Village of Hastings-on-Hudson Electronic Policy. Internal and External Policies and Procedures

Privacy Impact Assessment

OCC 98-3 OCC BULLETIN

Considerations for Outsourcing Records Storage to the Cloud

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

Overview. What are operational policies? Development, adoption, implementation

Generally Accepted Recordkeeping Principles

How To Develop An Enterprise Architecture

Scotland s Commissioner for Children and Young People Records Management Policy

IBM Unstructured Data Identification & Management An on ramp to reducing information costs and risk

Missouri Student Information System Data Governance

State of Oregon. State of Oregon 1

Research and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman,

Document Management in the FIPPA Era

Information Security Plan May 24, 2011

GOVERNANCE DEFINED. Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts

ADEC GROUP INFORMaTiON SecURiTY AND CONTROLS

Best Practices for Long-Term Retention & Preservation. Michael Peterson, Strategic Research Corp. Gary Zasman, Network Appliance

HIPAA/HITECH Compliance Using VMware vcloud Air

Understanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

Understanding changes to the Trust Services Principles for SOC 2 reporting

How To Improve Your Business

Information Management Advice 50 Developing a Records Management policy

Approved by: Vice President, Human Resources & Corporate Resources and Vice President, Treasury & Compliance Date: October 14, 2009

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

EMC Solutions for the Financial Services Industry

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015

UCF Security Incident Response Plan High Level

NSW Government. Cloud Services Policy and Guidelines

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.

Information Resource Management Directive USAP Contingency & Disaster Recovery Program

PSAB Supplement 21 Records Retention and Disposition

Electronic Discovery

Rackspace Archiving Compliance Overview

Real World Strategies for Migrating and Decommissioning Legacy Applications

Records Management Policy

How To Manage Records And Information Management In Alberta

to EMR transition Contents

Transcription:

TRENDS AND DEVELOPMENTS IN INFORMATION GOVERNANCE AND RECORDS MANAGEMENT William Saffady (718) 246-4696 wsaffady@aol.com Key Concepts Defined Governance the process or system by which an organization s activities are directed and controlled Governance framework the strategies, policies, decisionmaking structures and accountabilities through which an organization s governance arrangements operate Information governance a process or system for directing and controlling an organization s information assets, a component or subset of organizational governance Information governance model a framework of strategies, policies, decision-making structures, and accountabilities for directing and controlling information assets Key Concepts Defined Stakeholder a business unit or functional area that is involved with or affected by an organization s information assets IT governance --a process or system for directing and controlling an organization s Information technology assets Data governance a process or system for directing and controlling an organization s data assets, including issues related to data quality and usability Master data governance a process or system for consolidating an organization s data assets 1

Governance vs. Management Governance provides a strategic and policy framework that defines accountability and responsibility Management focuses on the day-to-day execution of specific business operations or activities Management occurs within context of strategies and policies defined by the governance framework IG Program Characteristics Enterprise scope a common vision for an organization s information assets Completeness addresses all aspects related to control of information assets Inclusiveness multidisciplinary approach emphasizes participation of all stakeholders, but participation varies depending on nature of stakeholder activities IG Program Characteristics Specialization stakeholder roles and responsibilities clearly defined with minimal overlap to avoid competition and duplication of effort Collaboration avoid silo approach by promoting interaction, cooperation, and consultation among stakeholders Practicality must be workable without significant organizational disruption and within limitations imposed by existing resources and stakeholder expertise 2

The Stakeholders Records Management Information Technology Legal Security, including Information Security Risk Management Compliance Business Units Archival Administration Records Management develops and communicates policies, procedures, and guidelines for cost-effective lifecycle management of information assets Information Technology creates and operates the technological infrastructure for processing, storage, retrieval, and distribution of information assets; optimizes technological resources for cost-effective management of information assets; provides backup protection and disaster recovery capability for information assets Legal Establishes and communicates policies related to legal proceedings that involve information assets, ensures that information assets are preserved, available, and accessible for legal discovery, provides opinions and advice to other stakeholders about legal issues related to information assets Security develops and communicates policies related to confidentiality, data protection, and disclosure of information assets; monitors and evaluates situations or events that threaten information assets; responds to security breaches that involve information assets 3

Risk Management Identifies, analyzes, and quantifies risks related to information assets; develops and communicates policies to mitigate the adverse impact of specific information-related practices Compliance Ensures that practices related to information assets comply with organizational policies and with external requirements, including laws, regulations, and industryspecific guidelines; audits and investigates organizational practices and presents findings with recommendations for corrective action Business Units Responsible for implementing policies and procedures for information assets in their custody or under their supervisory control Archival Administration Responsible for preservation and long-term usability of information assets RACI Chart for IG Stakeholders Activities / Business Processes Records Information Management Technology Legal Information Security Compliance Business Units Develop policies, procedures, and guidelines for lifecycle management of information assets Create and operate technological infrastructure for information assets Provide backup protection and disaster recovery for information assets Ensure that information assets are preserved, available, and accessible for legal discovery Develop policies for confidentiality, data protection, and disclosure of information assets Ensure compliance with laws, regulations, and internal policies Implement policies and procedures for information assets A, R C I I A, R C A, R I C C C A, R I I A, R I C C A, R C C C C A, R 4

SELLING POINTS Organizations use contractors to complement or supplement their internal capabilities Few organizations have all internal capabilities required for effective information governance Commercial storage providers can be an important resource for information governance initiatives Cost-effective record storage remains important but information governance is concerned with issues that are beyond the scope of traditional records management SELLING POINTS Commercial storage providers should emphasize services that address stakeholder roles and responsibilities Assured compliance with legally-mandated retention requirements Assured preservation and responsive availability of information needed for legal proceedings Secure storage to prevent unauthorized access to PII, PHI, PCI Secure, defensible destruction of obsolete information assets Backup protection and disaster recovery for electronic records Cloud-based storage and services to supplement internal IT resources SELLING POINTS Information governance broadens the range of issues that commercial storage services can address Stakeholders have greater budgetary resources than records management unit Compared to other expenditures, commercial storage charges seem reasonable, especially on a unit-cost basis But... 5

THE DOWNSIDE Increased emphasis on digital information resources marginalizes paper recordkeepingin the minds of some stakeholders Cost-effective storage of paper records is no longer viewed as the solution to an important problem Paper records in commercial storage viewed as a legacy accumulation to be phased out Some IG stakeholders believe this can be easily accomplished 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information