book

Information Governance, 2nd Edition

by Robert F. Smallwood

December 2019

Intermediate to advanced

544 pages

18h 7m

English

Wiley

Read now

Unlock full access

Early Development of IGBig Data ImpactDefining Information GovernanceIG Is Not a Project, But an Ongoing ProgramWhy IG Is Good BusinessFailures in Information GovernanceForm IG Policies, Then Apply Technology for EnforcementNotes
Data GovernanceData Governance Strategy TipsIT GovernanceIT Governance FrameworksInformation GovernanceImpact of a Successful IG ProgramSumming Up the DifferencesNotes
The Sedona Conference® Commentary on Information GovernanceSmallwood IG PrinciplesAccountability Is KeyGenerally Accepted Recordkeeping Principles®Assessment and Improvement RoadmapInformation Security PrinciplesPrivacy PrinciplesWho Should Determine IG Policies?Notes
The Information Risk Planning ProcessCreate a Risk ProfileInformation Risk Planning and Management SummaryNotes
Crucial Executive Sponsor RoleEvolving Role of the Executive SponsorBuilding Your IG TeamAssigning IG Team Roles and ResponsibilitiesAlign Your IG Plan with Organizational Strategic PlansSurvey and Evaluate External FactorsFormulating the IG Strategic PlanNotes

The Sedona Conference IG PrinciplesA Brief Review of Generally Accepted Recordkeeping Principles®IG Reference ModelBest Practices ConsiderationsStandards ConsiderationsBenefits and Risks of StandardsKey Standards Relevant to IG EffortsMajor National and Regional ERM StandardsMaking Your Best Practices and Standards Selections to Inform Your IG FrameworkRoles and ResponsibilitiesProgram Communications and TrainingProgram Controls, Monitoring, Auditing, and EnforcementNotes
Start with Business Objective AlignmentWhich Business Units Are the Best Candidates to Pilot an IG Program?What Is Infonomics?How to Begin an IG ProgramBusiness Considerations for an IG ProgramChanging Information EnvironmentCalculating Information CostsBig Data Opportunities and ChallengesFull Cost Accounting for InformationCalculating the Cost of Owning Unstructured InformationThe Path to Information ValueChallenging the CultureNew Information ModelsFuture State: What Will the IG-Enabled Organization Look Like?Moving ForwardNotes
Introduction to E-Discovery: The Revised 2006 and 2015 Federal Rules of Civil Procedure Changed EverythingBig Data ImpactMore Details on the Revised FRCP RulesLandmark E-Discovery Case: Zubulake v. UBS WarburgE-Discovery TechniquesE-Discovery Reference ModelThe Intersection of IG and E-DiscoveryBuilding on Legal Hold Programs to Launch Defensible DispositionDestructive Retention of E-MailNewer Technologies That Can Assist in E-DiscoveryDefensible Disposal: The Only Real Way to Manage Terabytes and PetabytesNotes
Records Management Business RationaleWhy Is Records Management So Challenging?Benefits of Electronic Records ManagementAdditional Intangible BenefitsInventorying E-RecordsRM Intersection with Data Privacy ManagementGenerally Accepted Recordkeeping Principles®E-Records Inventory ChallengesRecords Inventory PurposesRecords Inventorying StepsAppraising the Value of RecordsEnsuring Adoption and Compliance of RM PolicySample Information Asset Survey QuestionsGeneral Principles of a Retention SchedulingDeveloping a Records Retention ScheduleWhy Are Retention Schedules Needed?What Records Do You Have to Schedule? Inventory and ClassificationRationale for Records GroupingsRecords Series Identification and ClassificationRetention of E-Mail RecordsHow Long Should You Keep Old E-Mails?Destructive Retention of E-MailLegal Requirements and Compliance ResearchEvent-Based Retention Scheduling for Disposition of E-RecordsPrerequisites for Event-Based DispositionFinal Disposition and Closure CriteriaRetaining Transitory RecordsImplementation of the Retention Schedule and Disposal of RecordsOngoing Maintenance of the Retention ScheduleAudit to Manage Compliance with the Retention ScheduleNotes
Data GovernanceSteps to Governing Data EffectivelyData Governance FrameworkInformation ManagementIT GovernanceIG Best Practices for Database Security and ComplianceTying It All TogetherNotes
Information PrivacyGenerally Accepted Privacy PrinciplesFair Information Practices (FIPS)OCED Privacy PrinciplesMadrid Resolution 2009EU General Data Protection RegulationGDPR: A Look at Its First YearPrivacy ProgramsPrivacy in the United StatesPrivacy LawsCybersecurityCyberattacks ProliferateInsider Threat: Malicious or NotInformation Security Assessments and Awareness TrainingCybersecurity Considerations and ApproachesDefense in DepthControlling Access Using Identity Access ManagementEnforcing IG: Protect Files with Rules and PermissionsChallenge of Securing Confidential E-DocumentsApply Better Technology for Better Enforcement in the Extended EnterpriseE-Mail EncryptionSecure Communications Using Record-Free E-MailDigital SignaturesDocument EncryptionData Loss Prevention (DLP) TechnologyMissing Piece: Information Rights Management (IRM)Embedded ProtectionHybrid Approach: Combining DLP and IRM TechnologiesSecuring Trade Secrets After Layoffs and TerminationsPersistently Protecting Blueprints and CAD DocumentsSecuring Internal Price ListsApproaches for Securing Data Once It Leaves the OrganizationDocument LabelingDocument AnalyticsConfidential Stream MessagingNotes
Employees Regularly Expose Organizations to E-Mail RiskE-Mail Polices Should Be Realistic and Technology AgnosticE-Record Retention: Fundamentally a Legal IssuePreserve E-Mail Integrity and Admissibility with Automatic ArchivingInstant MessagingBest Practices for Business IM UseTechnology to Monitor IMTips for Safer IMTeam and Channel Messaging Solutions EmergeNotes
Types of Social Media in Web 2.0Additional Social Media CategoriesSocial Media in the EnterpriseKey Ways Social Media Is Different from E-Mail and Instant MessagingBiggest Risks of Social MediaLegal Risks of Social Media PostsTools to Archive Social MediaIG Considerations for Social MediaKey Social Media Policy GuidelinesRecords Management and Litigation Considerations for Social MediaEmerging Best Practices for Managing Social Media RecordsNotes
Current Trends in Mobile ComputingSecurity Risks of Mobile ComputingSecuring Mobile DataMobile Device Management (MDM)IG for Mobile ComputingBuilding Security into Mobile ApplicationsBest Practices to Secure Mobile ApplicationsDeveloping Mobile Device PoliciesNotes
Defining Cloud ComputingKey Characteristics of Cloud ComputingWhat Cloud Computing Really MeansCloud Deployment ModelsBenefits of the CloudSecurity Threats with Cloud ComputingManaging Documents and Records in the CloudIG Guidelines for Cloud Computing SolutionsIG for SharePoint and Office365Notes
Data AnalyticsDescriptive AnalyticsDiagnostic AnalyticsPredictive AnalyticsPrescriptive AnalyticsWhich Type of Analytics Is Best?Artificial IntelligenceThe Role of Artificial Intelligence in IGBlockchain: A New Approach with Clear AdvantagesBreaking Down the Definition of BlockchainThe Internet of Things: IG ChallengesIoT as a System of ContractsIoT Basic Risks and IG IssuesIoT E-Discovery IssuesWhy IoT Trustworthiness Is a Journey and Not a ProjectGoverning the IoT DataIoT TrustworthinessInformation Governance Versus IoT TrustworthinessIoT Trustworthiness JourneyConclusionNotes
Defining Long-Term Digital PreservationKey Factors in Long-Term Digital PreservationThreats to Preserving RecordsDigital Preservation StandardsPREMIS Preservation Metadata StandardRecommended Open Standard Technology–Neutral FormatsDigital Preservation RequirementsLong-Term Digital Preservation Capability Maturity Model®Scope of the Capability Maturity ModelDigital Preservation Capability Performance MetricsDigital Preservation Strategies and TechniquesEvolving MarketplaceLooking ForwardConclusionNotes
Monitoring and AccountabilityChange Management—RequiredContinuous Process ImprovementWhy Continuous Improvement Is NeededNotes
Importance of Navigation and ClassificationWhen Is a New Taxonomy Needed?Taxonomies Improve Search ResultsMetadata and TaxonomyMetadata Governance, Standards, and StrategiesTypes of MetadataCore Metadata IssuesInternational Metadata Standards and GuidanceRecords Grouping RationaleBusiness Classification Scheme, File Plans, and TaxonomyClassification and TaxonomyPrebuilt Versus Custom TaxonomiesThesaurus Use in TaxonomiesTaxonomy TypesBusiness Process AnalysisTaxonomy Testing: A Necessary StepTaxonomy MaintenanceSocial Tagging and FolksonomiesEndnotes
United StatesGramm-Leach-Bliley ActHealthcare Insurance Portability and Accountability Act of 1996 (HIPAA)PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001)Sarbanes-Oxley Act (SOX)SEC Rule 17A-4CFR Title 47, Part 42—TelecommunicationsCFR Title 21, Part 11—PharmaceuticalsUS Federal Authority on Archives and Records: National Archives and Records Administration (NARA)US Code of Federal RegulationsCanada*United KingdomAustraliaIdentifying Records Management Requirements in Other LegislationNotes
United StatesEuropean Union General Data Protection Regulation (GDPR)Major Privacy Laws Worldwide, by CountryNotes
Notes

Content preview from Information Governance, 2nd Edition

CHAPTER 18Maintaining an Information Governance Program and Culture of Compliance

Maintaining your information governance (IG) program beyond an initial project effort is key to realizing the continued and long-term benefits of IG. This means that the IG program must become an everyday part of an organization's operations. This requires vigilant and consistent monitoring and auditing to ensure that IG policies and processes are effective and consistently followed and enforced. Using audits and the proper controls should become a regular part of the enterprise's operations.

Monitoring and Accountability

This requires a continuous tightening down and expansion of protections and the implementation of newer strategic technologies. Information technology (IT) developments and innovations that can foster the effort must be steadily monitored and evaluated, and those technology subsets that can assist in providing security need to be incorporated into the mix.

The IG policies themselves must be reviewed and updated periodically to accommodate changes in the business environment, laws, regulations, and technology. Program gaps and failures must be addressed, and the effort should continue to improve and adapt to new types of security threats.

That means accountability—some individual must remain responsible for an IG policy's administration and results¹—perhaps the executive sponsor for the initial project becomes the chief information governance officer (CIGO) or IG “Czar” of sorts; ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Corporate Governance Matters, 3rd Edition

Publisher Resources

ISBN: 9781119491446Purchase book

Information Governance, 2nd Edition

by Robert F. Smallwood

CHAPTER 18Maintaining an Information Governance Program and Culture of Compliance

Monitoring and Accountability

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Corporate Governance Matters, 3rd Edition

Data Governance For Dummies

MASTER DATA MANAGEMENT AND DATA GOVERNANCE, 2/E, 2nd Edition

Data Governance Handbook

Publisher Resources

Monitoring and Accountability

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Corporate Governance Matters, 3rd Edition

Data Governance For Dummies

MASTER DATA MANAGEMENT AND DATA GOVERNANCE, 2/E, 2nd Edition

Data Governance Handbook

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.