GARP and how it helps you achieve better information governance



Similar documents
Generally Accepted Recordkeeping Principles

How the Information Governance Reference Model (IGRM) Complements ARMA International s Generally Accepted Recordkeeping Principles (GARP )

Generally Accepted Recordkeeping Principles How Does Your Program Measure Up?

Electronic Records Management

Successful Implementation of Enterprise-Wide Information Governance

Retention & Disposition in the Cloud Do you really have control?

5 Simple Steps to Secure Database Development

The role of Information Governance in an Enterprise Architecture Framework

The World of Information Governance

Implementing Enterprise Information Governance: A Practical Approach

Non-Profit Records Management Tool Kit

Information Management Strategic Plan - Methodology

Containing Future E-Discovery Risk and Cost: The Impact of Electronic Records Management Systems

How To Manage Cloud Data Safely

How To Manage Records And Information Management In Alberta

Fundamentals of Information Governance:

Technical Competency Framework for Information Management (IM)

Wheaton College Records and Information Management Policies and Procedures

Leveraging Network and Vulnerability metrics Using RedSeal

Strategies for Developing a Document Imaging & Electronic Retention Program

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

Real World Strategies for Migrating and Decommissioning Legacy Applications

Advice for Virtualizing Exchange 2010 Server Roles

A Practical Guide for Creating an Information Management Strategy and Strategic Information Management Roadmap

Records Management: Seven Best Practices for Staying Ahead of the Curve

Breaking Down the Silos: A 21st Century Approach to Information Governance. May 2015

ARMA: Information Governance: A Revenue Source Potential

Enabling Continuous PCI DSS Compliance. Achieving Consistent PCI Requirement 1 Adherence Using RedSeal

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

INFORMATION MANAGEMENT STRATEGIC FRAMEWORK GENERAL NAT OVERVIEW

What We ll Cover. Defensible Disposal of Records and Information Litigation Holds Information Governance the future of records management programs

Data Lifecycle Management and Information Governance A DOCULABS WHITE PAPER

Information Governance

Agenda. You are not in the business to manage records

SAME PRINCIPLES APPLY, BUT NEW MANDATES FOR CHANGE

Pulling it all together: Integrated Solutions for Governance, Risk and Compliance

Washington State s Use of the IBM Data Governance Unified Process Best Practices

IT Governance Charter

How To Write A Customer Data Analytics Strategy

VENDOR MANAGEMENT. General Overview

Scotland s Commissioner for Children and Young People Records Management Policy

Management of Business Support Service Contracts

Records and Information Management

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

Document Management in the FIPPA Era

EXECUTIVE SAFETY LEADERSHIP

GOVERNANCE DEFINED. Governance is the practice of making enterprise-wide decisions regarding an organization s informational assets and artifacts

Masterminding Data Governance

Approved by: Vice President, Human Resources & Corporate Resources and Vice President, Treasury & Compliance Date: October 14, 2009

Big Data Ups The Customer Analytics Game

From Information Management to Information Governance: The New Paradigm

New Regulations and Mortgage Document Management: What it Means for Mortgage Servicers

Corporate Real Estate Service Delivery Model at Prudential Financial

Data Quality Assessment. Approach

Office of the Auditor General of Canada. Internal Audit of Document Management Through PROxI Implementation. July 2014

Lowering E-Discovery Costs Through Enterprise Records and Retention Management. An Oracle White Paper March 2007

SOUTHWEST VIRGINIA COMMUNITY COLLEGE RECORDS MANAGEMENT POLICY

RECORD AND INFORMATION MANAGEMENT FRAMEWORK FOR ONTARIO SCHOOL BOARDS/AUTHORITIES

Information retention and disposal guide. Date: 31 October 2014 Version: 2.0

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Polices and Procedures

Discovery Technology Group

Information Governance 2.0 A DOCULABS WHITE PAPER

UNIVERSITY OF MANITOBA PROCEDURE

IT Governance: framework and case study. 22 September 2010

98% 22% RM-Speedy [03] Sven Hapke IBM Deutschland GmbH. From Records Management to Information Lifecycle Governance

Governance Is an Essential Building Block for Enterprise Information Management


Records and Information Management. General Manager Corporate Services

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

Business-driven governance: Managing policies for data retention

OFFICIAL. NCC Records Management and Disposal Policy

Realizing the ROI of Information Governance. Gregory P. Kosinski Director, Product Marketing EMC

Cohasset Associates, Inc. NOTES Managing Electronic Records Conference 1.1. The discipline of analyzing the. Value Costs and Risks

FINRA Publishes its 2015 Report on Cybersecurity Practices

Certified Identity and Access Manager (CIAM) Overview & Curriculum

Transcription:

E-Guide GARP and how it helps you achieve better information governance Sponsored By:

E-Guide GARP and how it helps you achieve better information governance Table of Contents Resources from IBM Sponsored By: Page 2 of 8

GARP and how it helps you achieve better information governance Record-keeping irregularities have been at the heart of several high-profile cases that have resulted in corporate failures and economic devastation. It started in 2001, with the Enron/Arthur Andersen LLP fiasco, and continued through recent cases involving Bernie Madoff's $65 billion investor swindle, American International Group Inc.'s $3 trillion in credit default swaps, and risky mortgage derivatives that resulted in the housing collapse. What went wrong in each of these cases is simple: Although these business transactions generated voluminous records, those records weren't necessarily accurate or useful, and discrepancies weren't apparent. These organizations did not have effective information governance structures operating under clearly defined principles that would have ensured integrity, transparency and accountability in recordkeeping. Until 2009, when ARMA International developed the Generally Accepted Recordkeeping Principles (GARP), there was no single set of principles to assist organizations in implementing records systems and policies that are the hallmarks of information governance. Effective information governance helps organizations succeed in operations, comply with legal and regulatory requirements, and avoid the type of catastrophes described above. This FAQ provides an introduction to GARP and information governance. 1. What is information governance? Information governance, as defined by Stamford, Conn.-based Gartner Inc., is "an accountability framework that includes the processes, roles, standards and metrics that ensure the effective use of information in enabling an organization to achieve its goals." Information governance has records and information management (RIM) as a foundation. In the absence of a single guiding set of principles organizations could use to evaluate the effectiveness of their information governance programs, ARMA International developed the Generally Accepted Recordkeeping Principles. Managing records and information according to the GARP principles ensures effective information governance to help organizations run more smoothly from an operations standpoint, stay in compliance with legal and regulatory requirements and mitigate risk. It Sponsored By: Page 3 of 8

also provides accountability and transparency, allowing others to understand the context surrounding business decisions and transactions, making the principles a critical part of any audit or investigative process. 2. What are the GARP principles and the best practices they promote? The GARP principles were created with the assistance of RIM, legal and IT professionals, who reviewed and distilled global best practice resources. These included the international records management standard ISO15489-1 Information and Documentation -- Records Management, guidelines from the American National Standards Institute and court case law. The principles were vetted through a public call-for-comment process involving the professional RIM community. GARP applies to organizations of any size, across all types of industries and both the private and public sectors. Multinational organizations can also use GARP to establish consistent practices across a variety of business units. The eight GARP principles create information governance best practices for an organization: Providing accountability and transparency for its actions; Proving the integrity of its records; Providing protection for its customers' personal information; Ensuring compliance with applicable laws and other binding authorities; Guaranteeing the availability of records and ensuring the timely, efficient and accurate retrieval of those records; Substantiating that retention and disposition requirements are adhered to based on the records retention schedule. 3. How does GARP improve information governance? GARP creates a structure to manage all records in a way that supports an organization's immediate and future regulatory, legal, risk mitigation, environmental and operational requirements. Numerous court rulings have established a demand that records be kept in accordance with legal requirements, that those records be accurate and that an organization establish Sponsored By: Page 4 of 8

accountability to ensure the records are properly maintained. GARP provides a roadmap for organizations to follow to meet these criteria. Today's environment is regulation-heavy and prone to litigation. How exposed an organization is to the risk of legal sanctions and its ability to respond to audits or lawsuits is heavily dependent on how well its records and information are managed. Establishing GARP within an organization demonstrates reasonable adherence to best practices. The benefits of implementing GARP in an information management program are realized when the organization's records accurately and efficiently demonstrate what it has done and promote its plans for the future. 4. What is the value proposition for implementing GARP? Applying the GARP principles can help an organization reach its strategic objectives. GARP not only helps an organization properly manage its information in compliance with legislative mandates and regulatory requirements, but it also improves business operations by guaranteeing that: Information will be protected against loss. It ensures that an organization's critical records are backed up, protected and easily accessible, allowing it to continue business in the event of a disaster. Information will be available when needed. It allows employees to locate, retrieve and disseminate information needed for making decisions, transacting business and responding to litigation -- all of which have a positive impact on an organization's bottom line. Information will be retained as required and disposed of when no longer required. It ensures that organizations have records retention schedules and that records are disposed of in the normal course of business. To ensure that employees are complying with records retention and other records management policies, organizations must regularly conduct internal audits. External investigations and litigation obligations can be easily met. Sponsored By: Page 5 of 8

5. How can an organization know it is doing information governance well? It is not always easy to describe what "good record keeping" looks like. Yet, this question gains in importance as regulators, shareholders and customers are increasingly concerned about the business practices of organizations. The GARP Information Governance Maturity Model begins to paint a more complete picture of what effective information governance looks like by assessing and measuring an organization's level of adherence to each principle. The Maturity Model describes for each principle and at each level the characteristics that are typical: Level 1 (Sub-Standard): Record-keeping concerns are either not addressed at all, or they are addressed in an ad hoc manner; Level 2 (In Development): There is a developing recognition that record keeping has an impact on the organization and that the organization may benefit from a more defined information governance program; Level 3 (Essential): There are defined policies and procedures, and more specific decisions are taken to improve record keeping; Level 4 (Proactive): Information governance issues and considerations are integrated into business decisions on a routine basis, and the organization easily meets its legal and regulatory requirements; Level 5 (Transformational): Information governance has been integrated into an overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine. Effective information governance requires a continuous focus. But in order to get started, organizations can look to the following steps: Identify the gaps between the organization's current practices and the desirable level of maturity for each principle; Assess the risk(s) to the organization, based on the biggest gaps; Determine whether additional information and analysis is necessary; Develop priorities and assign accountability for further development of the program. Sponsored By: Page 6 of 8

The Maturity Model is most useful to leaders who wish to achieve the maximum benefit from their information governance practices. Initially, it is not unusual for an organization to be at differing levels of maturity for the eight principles; it represents a preliminary assessment of the program's maturity. Further analysis and consultation with experts may be needed to achieve necessary program improvements. Sponsored By: Page 7 of 8

Resources from IBM Succeeding with Information Governance with IBM Technologies (Intelligent Business Strategies) Managing the Entire Database Security & Compliance Lifecycle with IBM InfoSphere Guardium Your Enterprise Database Security Strategy (Forrester Consulting) About IBM At IBM, we strive to lead in the creation, development and manufacture of the industry's most advanced information technologies, including computer systems, software, networking systems, storage devices and microelectronics. We translate these advanced technologies into value for our customers through our professional solutions and services businesses worldwide. Sponsored By: Page 8 of 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information