Information Governance, 2nd Edition

Book description

The essential guide to effective IG strategy and practice

Information Governance is a highly practical and deeply informative handbook for the implementation of effective Information Governance (IG) procedures and strategies. A critical facet of any mid- to large-sized company, this “super-discipline” has expanded to cover the management and output of information across the entire organization; from email, social media, and cloud computing to electronic records and documents, the IG umbrella now covers nearly every aspect of your business. As more and more everyday business is conducted electronically, the need for robust internal management and compliance grows accordingly. This book offers big-picture guidance on effective IG, with particular emphasis on document and records management best practices.

Step-by-step strategy development guidance is backed by expert insight and crucial advice from a leading authority in the field. This new second edition has been updated to align with the latest practices and regulations, providing an up-to-date understanding of critical IG concepts and practices.

  • Explore the many controls and strategies under the IG umbrella
  • Understand why a dedicated IG function is needed in today’s organizations
  • Adopt accepted best practices that manage risk in the use of electronic documents and data
  • Learn how IG and IT technologies are used to control, monitor, and enforce information access and security policy

IG strategy must cover legal demands and external regulatory requirements as well as internal governance objectives; integrating such a broad spectrum of demands into workable policy requires a deep understanding of key concepts and technologies, as well as a clear familiarity with the most current iterations of various requirements. Information Governance distills the best of IG into a primer for effective action.   

Table of contents

  1. COVER
  4. PART ONE: Information Governance Concepts, Definitions, and Principles
    1. CHAPTER 1: The Information Governance Imperative
      1. Early Development of IG
      2. Big Data Impact
      3. Defining Information Governance
      4. IG Is Not a Project, But an Ongoing Program
      5. Why IG Is Good Business
      6. Failures in Information Governance
      7. Form IG Policies, Then Apply Technology for Enforcement
      8. Notes
    2. CHAPTER 2: Information Governance, IT Governance, Data Governance: What's the Difference?
      1. Data Governance
      2. Data Governance Strategy Tips
      3. IT Governance
      4. IT Governance Frameworks
      5. Information Governance
      6. Impact of a Successful IG Program
      7. Summing Up the Differences
      8. Notes
    3. CHAPTER 3: Information Governance Principles
      1. The Sedona Conference® Commentary on Information Governance
      2. Smallwood IG Principles
      3. Accountability Is Key
      4. Generally Accepted Recordkeeping Principles®
      5. Assessment and Improvement Roadmap
      6. Information Security Principles
      7. Privacy Principles
      8. Who Should Determine IG Policies?
      9. Notes
  5. PART TWO: Information Governance Risk Assessment and Strategic Planning
    1. CHAPTER 4: Information Asset Risk Planning and Management
      1. The Information Risk Planning Process
      2. Create a Risk Profile
      3. Information Risk Planning and Management Summary
      4. Notes
    2. CHAPTER 5: Strategic Planning and Best Practices for Information Governance
      1. Crucial Executive Sponsor Role
      2. Evolving Role of the Executive Sponsor
      3. Building Your IG Team
      4. Assigning IG Team Roles and Responsibilities
      5. Align Your IG Plan with Organizational Strategic Plans
      6. Survey and Evaluate External Factors
      7. Formulating the IG Strategic Plan
      8. Notes
    3. CHAPTER 6: Information Governance Policy Development
      1. The Sedona Conference IG Principles
      2. A Brief Review of Generally Accepted Recordkeeping Principles®
      3. IG Reference Model
      4. Best Practices Considerations
      5. Standards Considerations
      6. Benefits and Risks of Standards
      7. Key Standards Relevant to IG Efforts
      8. Major National and Regional ERM Standards
      9. Making Your Best Practices and Standards Selections to Inform Your IG Framework
      10. Roles and Responsibilities
      11. Program Communications and Training
      12. Program Controls, Monitoring, Auditing, and Enforcement
      13. Notes
  6. PART THREE: Information Governance Key Impact Areas
    1. CHAPTER 7: Information Governance for Business Units
      1. Start with Business Objective Alignment
      2. Which Business Units Are the Best Candidates to Pilot an IG Program?
      3. What Is Infonomics?
      4. How to Begin an IG Program
      5. Business Considerations for an IG Program
      6. Changing Information Environment
      7. Calculating Information Costs
      8. Big Data Opportunities and Challenges
      9. Full Cost Accounting for Information
      10. Calculating the Cost of Owning Unstructured Information
      11. The Path to Information Value
      12. Challenging the Culture
      13. New Information Models
      14. Future State: What Will the IG-Enabled Organization Look Like?
      15. Moving Forward
      16. Notes
    2. CHAPTER 8: Information Governance and Legal Functions
      1. Introduction to E-Discovery: The Revised 2006 and 2015 Federal Rules of Civil Procedure Changed Everything
      2. Big Data Impact
      3. More Details on the Revised FRCP Rules
      4. Landmark E-Discovery Case: Zubulake v. UBS Warburg
      5. E-Discovery Techniques
      6. E-Discovery Reference Model
      7. The Intersection of IG and E-Discovery
      8. Building on Legal Hold Programs to Launch Defensible Disposition
      9. Destructive Retention of E-Mail
      10. Newer Technologies That Can Assist in E-Discovery
      11. Defensible Disposal: The Only Real Way to Manage Terabytes and Petabytes
      12. Notes
    3. CHAPTER 9: Information Governance and Records and Information Management Functions
      1. Records Management Business Rationale
      2. Why Is Records Management So Challenging?
      3. Benefits of Electronic Records Management
      4. Additional Intangible Benefits
      5. Inventorying E-Records
      6. RM Intersection with Data Privacy Management
      7. Generally Accepted Recordkeeping Principles®
      8. E-Records Inventory Challenges
      9. Records Inventory Purposes
      10. Records Inventorying Steps
      11. Appraising the Value of Records
      12. Ensuring Adoption and Compliance of RM Policy
      13. Sample Information Asset Survey Questions
      14. General Principles of a Retention Scheduling
      15. Developing a Records Retention Schedule
      16. Why Are Retention Schedules Needed?
      17. What Records Do You Have to Schedule? Inventory and Classification
      18. Rationale for Records Groupings
      19. Records Series Identification and Classification
      20. Retention of E-Mail Records
      21. How Long Should You Keep Old E-Mails?
      22. Destructive Retention of E-Mail
      23. Legal Requirements and Compliance Research
      24. Event-Based Retention Scheduling for Disposition of E-Records
      25. Prerequisites for Event-Based Disposition
      26. Final Disposition and Closure Criteria
      27. Retaining Transitory Records
      28. Implementation of the Retention Schedule and Disposal of Records
      29. Ongoing Maintenance of the Retention Schedule
      30. Audit to Manage Compliance with the Retention Schedule
      31. Notes
    4. CHAPTER 10: Information Governance and Information Technology Functions
      1. Data Governance
      2. Steps to Governing Data Effectively
      3. Data Governance Framework
      4. Information Management
      5. IT Governance
      6. IG Best Practices for Database Security and Compliance
      7. Tying It All Together
      8. Notes
    5. CHAPTER 11: Information Governance and Privacy and Security Functions
      1. Information Privacy
      2. Generally Accepted Privacy Principles
      3. Fair Information Practices (FIPS)
      4. OCED Privacy Principles
      5. Madrid Resolution 2009
      6. EU General Data Protection Regulation
      7. GDPR: A Look at Its First Year
      8. Privacy Programs
      9. Privacy in the United States
      10. Privacy Laws
      11. Cybersecurity
      12. Cyberattacks Proliferate
      13. Insider Threat: Malicious or Not
      14. Information Security Assessments and Awareness Training
      15. Cybersecurity Considerations and Approaches
      16. Defense in Depth
      17. Controlling Access Using Identity Access Management
      18. Enforcing IG: Protect Files with Rules and Permissions
      19. Challenge of Securing Confidential E-Documents
      20. Apply Better Technology for Better Enforcement in the Extended Enterprise
      21. E-Mail Encryption
      22. Secure Communications Using Record-Free E-Mail
      23. Digital Signatures
      24. Document Encryption
      25. Data Loss Prevention (DLP) Technology
      26. Missing Piece: Information Rights Management (IRM)
      27. Embedded Protection
      28. Hybrid Approach: Combining DLP and IRM Technologies
      29. Securing Trade Secrets After Layoffs and Terminations
      30. Persistently Protecting Blueprints and CAD Documents
      31. Securing Internal Price Lists
      32. Approaches for Securing Data Once It Leaves the Organization
      33. Document Labeling
      34. Document Analytics
      35. Confidential Stream Messaging
      36. Notes
  7. PART FOUR: Information Governance for Delivery Platforms
    1. CHAPTER 12: Information Governance for E-Mail and Instant Messaging
      1. Employees Regularly Expose Organizations to E-Mail Risk
      2. E-Mail Polices Should Be Realistic and Technology Agnostic
      3. E-Record Retention: Fundamentally a Legal Issue
      4. Preserve E-Mail Integrity and Admissibility with Automatic Archiving
      5. Instant Messaging
      6. Best Practices for Business IM Use
      7. Technology to Monitor IM
      8. Tips for Safer IM
      9. Team and Channel Messaging Solutions Emerge
      10. Notes
    2. CHAPTER 13: Information Governance for Social Media
      1. Types of Social Media in Web 2.0
      2. Additional Social Media Categories
      3. Social Media in the Enterprise
      4. Key Ways Social Media Is Different from E-Mail and Instant Messaging
      5. Biggest Risks of Social Media
      6. Legal Risks of Social Media Posts
      7. Tools to Archive Social Media
      8. IG Considerations for Social Media
      9. Key Social Media Policy Guidelines
      10. Records Management and Litigation Considerations for Social Media
      11. Emerging Best Practices for Managing Social Media Records
      12. Notes
    3. CHAPTER 14: Information Governance for Mobile Devices
      1. Current Trends in Mobile Computing
      2. Security Risks of Mobile Computing
      3. Securing Mobile Data
      4. Mobile Device Management (MDM)
      5. IG for Mobile Computing
      6. Building Security into Mobile Applications
      7. Best Practices to Secure Mobile Applications
      8. Developing Mobile Device Policies
      9. Notes
    4. CHAPTER 15: Information Governance for Cloud Computing
      1. Defining Cloud Computing
      2. Key Characteristics of Cloud Computing
      3. What Cloud Computing Really Means
      4. Cloud Deployment Models
      5. Benefits of the Cloud
      6. Security Threats with Cloud Computing
      7. Managing Documents and Records in the Cloud
      8. IG Guidelines for Cloud Computing Solutions
      9. IG for SharePoint and Office365
      10. Notes
    5. CHAPTER 16: Leveraging and Governing Emerging Technologies
      1. Data Analytics
      2. Descriptive Analytics
      3. Diagnostic Analytics
      4. Predictive Analytics
      5. Prescriptive Analytics
      6. Which Type of Analytics Is Best?
      7. Artificial Intelligence
      8. The Role of Artificial Intelligence in IG
      9. Blockchain: A New Approach with Clear Advantages
      10. Breaking Down the Definition of Blockchain
      11. The Internet of Things: IG Challenges
      12. IoT as a System of Contracts
      13. IoT Basic Risks and IG Issues
      14. IoT E-Discovery Issues
      15. Why IoT Trustworthiness Is a Journey and Not a Project
      16. Governing the IoT Data
      17. IoT Trustworthiness
      18. Information Governance Versus IoT Trustworthiness
      19. IoT Trustworthiness Journey
      20. Conclusion
      21. Notes
  8. PART FIVE: Long-Term Program Issues
    1. CHAPTER 17: Long-Term Digital Preservation
      1. Defining Long-Term Digital Preservation
      2. Key Factors in Long-Term Digital Preservation
      3. Threats to Preserving Records
      4. Digital Preservation Standards
      5. PREMIS Preservation Metadata Standard
      6. Recommended Open Standard Technology–Neutral Formats
      7. Digital Preservation Requirements
      8. Long-Term Digital Preservation Capability Maturity Model®
      9. Scope of the Capability Maturity Model
      10. Digital Preservation Capability Performance Metrics
      11. Digital Preservation Strategies and Techniques
      12. Evolving Marketplace
      13. Looking Forward
      14. Conclusion
      15. Notes
    2. CHAPTER 18: Maintaining an Information Governance Program and Culture of Compliance
      1. Monitoring and Accountability
      2. Change Management—Required
      3. Continuous Process Improvement
      4. Why Continuous Improvement Is Needed
      5. Notes
  9. APPENDIX A: Information Organization and Classification: Taxonomies and Metadata
    1. Importance of Navigation and Classification
    2. When Is a New Taxonomy Needed?
    3. Taxonomies Improve Search Results
    4. Metadata and Taxonomy
    5. Metadata Governance, Standards, and Strategies
    6. Types of Metadata
    7. Core Metadata Issues
    8. International Metadata Standards and Guidance
    9. Records Grouping Rationale
    10. Business Classification Scheme, File Plans, and Taxonomy
    11. Classification and Taxonomy
    12. Prebuilt Versus Custom Taxonomies
    13. Thesaurus Use in Taxonomies
    14. Taxonomy Types
    15. Business Process Analysis
    16. Taxonomy Testing: A Necessary Step
    17. Taxonomy Maintenance
    18. Social Tagging and Folksonomies
    19. Endnotes
  10. APPENDIX B: Laws and Major Regulations Related to Records Management
    1. United States
    2. Gramm-Leach-Bliley Act
    3. Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA)
    4. PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001)
    5. Sarbanes-Oxley Act (SOX)
    6. SEC Rule 17A-4
    7. CFR Title 47, Part 42—Telecommunications
    8. CFR Title 21, Part 11—Pharmaceuticals
    9. US Federal Authority on Archives and Records: National Archives and Records Administration (NARA)
    10. US Code of Federal Regulations
    11. Canada*
    12. United Kingdom
    13. Australia
    14. Identifying Records Management Requirements in Other Legislation
    15. Notes
  11. APPENDIX C: Laws and Major Regulations Related to Privacy
    1. United States
    2. European Union General Data Protection Regulation (GDPR)
    3. Major Privacy Laws Worldwide, by Country
    4. Notes
    1. Notes
  15. INDEX

Product information

  • Title: Information Governance, 2nd Edition
  • Author(s): Robert F. Smallwood
  • Release date: December 2019
  • Publisher(s): Wiley
  • ISBN: 9781119491446