book

Information Governance: Concepts, Strategies, and Best Practices

Name: Information Governance: Concepts, Strategies, and Best Practices
Author: Robert F. Smallwood
ISBN: 9781118218303

by Robert F. Smallwood

April 2014

Intermediate to advanced

464 pages

14h 46m

English

Wiley

Read now

Unlock full access

Cover Page
Title Page
Copyright
Dedication
CONTENTS
PREFACE
ACKNOWLEDGMENTS
PART ONE: Information Governance Concepts, Definitions, and Principles
CHAPTER 1: The Onslaught of Big Data and the Information Governance Imperative
Defining Information GovernanceIG Is Not a Project, But an Ongoing ProgramWhy IG Is Good BusinessFailures in Information GovernanceForm IG Policies, Then Apply Technology for EnforcementNotes
CHAPTER 2: Information Governance, IT Governance, Data Governance: What's the Difference?
Data GovernanceIT GovernanceInformation GovernanceImpact of a Successful IG ProgramSumming Up the DifferencesNotes

CHAPTER 3: Information Governance Principles *
Accountability Is KeyGenerally Accepted Recordkeeping Principles®Assessment and Improvement RoadmapWho Should Determine IG Policies?Notes
PART TWO: Information Governance Risk Assessment and Strategic Planning
CHAPTER 4: Information Risk Planning and Management
Step 1: Survey and Determine Legal and Regulatory Applicability and RequirementsStep 2: Specify IG Requirements to Achieve ComplianceStep 3: Create a Risk ProfileStep 4: Perform Risk Analysis and AssessmentStep 5: Develop an Information Risk Mitigation PlanStep 6: Develop Metrics and Measure ResultsStep 7: Execute Your Risk Mitigation PlanStep 8: Audit the Information Risk Mitigation ProgramNotes
CHAPTER 5: Strategic Planning and Best Practices for Information Governance
Crucial Executive Sponsor RoleEvolving Role of the Executive SponsorBuilding Your IG TeamAssigning IG Team Roles and ResponsibilitiesAlign Your IG Plan with Organizational Strategic PlansSurvey and Evaluate External FactorsFormulating the IG Strategic PlanNotes
CHAPTER 6: Information Governance Policy Development
A Brief Review of Generally Accepted Recordkeeping Principles®IG Reference ModelBest Practices ConsiderationsStandards ConsiderationsBenefits and Risks of StandardsKey Standards Relevant to IG EffortsMajor National and Regional ERM StandardsMaking Your Best Practices and Standards Selections to Inform Your IG FrameworkRoles and ResponsibilitiesProgram Communications and TrainingProgram Controls, Monitoring, Auditing, and EnforcementNotes
PART THREE: Information Governance Key Impact Areas Based on the IG Reference Model
CHAPTER 7: Business Considerations for a Successful IG Program
Changing Information EnvironmentCalculating Information CostsBig Data Opportunities and ChallengesFull Cost Accounting for InformationCalculating the Cost of Owning Unstructured InformationThe Path to Information ValueChallenging the CultureNew Information ModelsFuture State: What Will the IG-Enabled Organization Look Like?Moving ForwardNotes
CHAPTER 8: Information Governance and Legal Functions
Introduction to e-Discovery: The Revised 2006 Federal Rules of Civil Procedure Changed EverythingBig Data ImpactMore Details on the Revised FRCP RulesLandmark E-Discovery Case: Zubulake v. UBS WarburgE-Discovery TechniquesE-Discovery Reference ModelThe Intersection of IG and E-DiscoveryBuilding on Legal Hold Programs to Launch Defensible DispositionDestructive Retention of E-mailNewer Technologies That Can Assist in E-DiscoveryDefensible Disposal: The Only Real Way To Manage Terabytes and PetabytesRetention Policies and SchedulesNotes
CHAPTER 9: Information Governance and Records and Information Management Functions
Records Management Business RationaleWhy Is Records Management So Challenging?Benefits of Electronic Records ManagementAdditional Intangible BenefitsInventorying E-RecordsGenerally Accepted Recordkeeping Principles ®E-Records Inventory ChallengesRecords Inventory PurposesRecords Inventorying StepsEnsuring Adoption and Compliance of RM PolicyGeneral Principles of a Retention SchedulingDeveloping a Records Retention ScheduleWhy Are Retention Schedules Needed?What Records Do You Have to Schedule? Inventory and ClassificationRationale for Records GroupingsRecords Series Identification and ClassificationRetention of E-Mail RecordsHow Long Should You Keep Old E-Mails?Destructive Retention of E-MailLegal Requirements and Compliance ResearchEvent-Based Retention Scheduling for Disposition of E-RecordsPrerequisites for Event-Based DispositionFinal Disposition and Closure CriteriaRetaining Transitory RecordsImplementation of the Retention Schedule and Disposal of RecordsOngoing Maintenance of the Retention ScheduleAudit to Manage Compliance with the Retention ScheduleNotes
CHAPTER 10: Information Governance and Information Technology Functions
Data GovernanceSteps to Governing Data EffectivelyData Governance FrameworkInformation ManagementIT GovernanceIG Best Practices for Database Security and ComplianceTying It All TogetherNotes
CHAPTER 11: Information Governance and Privacy and Security Functions
Cyberattacks ProliferateInsider Threat: Malicious or NotPrivacy LawsDefense in DepthControlling Access Using Identity Access ManagementEnforcing IG: Protect Files with Rules and PermissionsChallenge of Securing Confidential E-DocumentsApply Better Technology for Better Enforcement in the Extended EnterpriseE-Mail EncryptionSecure Communications Using Record-Free E-MailDigital SignaturesDocument EncryptionData Loss Prevention (DLP) TechnologyMissing Piece: Information Rights Management (IRM)Embedded ProtectionHybrid Approach: Combining DLP and IRM TechnologiesSecuring Trade Secrets after Layoffs and TerminationsPersistently Protecting Blueprints and CAD DocumentsSecuring Internal Price ListsApproaches for Securing Data Once It Leaves the OrganizationDocument LabelingDocument AnalyticsConfidential Stream MessagingNotes
PART FOUR: Information Governance for Delivery Platforms
CHAPTER 12: Information Governance for E-Mail and Instant Messaging *
Employees Regularly Expose Organizations to E-Mail RiskE-Mail Polices Should Be Realistic and Technology AgnosticE-Record Retention: Fundamentally a Legal IssuePreserve E-Mail Integrity and Admissibility with Automatic ArchivingInstant MessagingBest Practices for Business IM UseTechnology to Monitor IMTips for Safer IMNotes
CHAPTER 13: Information Governance for Social Media *
Types of Social Media in Web 2.0Additional Social Media CategoriesSocial Media in the EnterpriseKey Ways Social Media Is Different from E-Mail and Instant MessagingBiggest Risks of Social MediaLegal Risks of Social Media PostsTools to Archive Social MediaIG Considerations for Social MediaKey Social Media Policy GuidelinesRecords Management and Litigation Considerations for Social MediaEmerging Best Practices for Managing Social Media RecordsNotes
CHAPTER 14: Information Governance for Mobile Devices *
Current Trends in Mobile ComputingSecurity Risks of Mobile ComputingSecuring Mobile DataMobile Device ManagementIG for Mobile ComputingBuilding Security into Mobile ApplicationsBest Practices to Secure Mobile ApplicationsDeveloping Mobile Device PoliciesNotes
CHAPTER 15: Information Governance for Cloud Computing *
Defining Cloud ComputingKey Characteristics of Cloud ComputingWhat Cloud Computing Really MeansCloud Deployment ModelsSecurity Threats with Cloud ComputingBenefits of the CloudManaging Documents and Records in the CloudIG Guidelines for Cloud Computing SolutionsNotes
CHAPTER 16: SharePoint ® Information Governance *
Process Change, People ChangeWhere to Begin the Planning ProcessPolicy ConsiderationsRoles and ResponsibilitiesEstablish ProcessesTraining PlanCommunication PlanNote
PART FIVE: Long-Term Program Issues
CHAPTER 17: Long-Term Digital Preservation *
Defining Long-Term Digital PreservationKey Factors in Long-Term Digital PreservationThreats to Preserving RecordsDigital Preservation StandardsPREMIS Preservation Metadata StandardRecommended Open Standard Technology-Neutral FormatsDigital Preservation RequirementsLong-Term Digital Preservation Capability Maturity Model ®Scope of the Capability Maturity ModelDigital Preservation Capability Performance MetricsDigital Preservation Strategies and TechniquesEvolving MarketplaceLooking ForwardNotes
CHAPTER 18: Maintaining an Information Governance Program and Culture of Compliance *
Monitoring and AccountabilityStaffing Continuity PlanContinuous Process ImprovementWhy Continuous Improvement Is NeededNotes
APPENDIX A: Information Organization and Classification: Taxonomies and Metadata *
Importance of Navigation and ClassificationWhen Is a New Taxonomy Needed?Taxonomies Improve Search ResultsMetadata and TaxonomyMetadata Governance, Standards, and StrategiesTypes of MetadataCore Metadata IssuesInternational Metadata Standards and GuidanceRecords Grouping RationaleBusiness Classification Scheme, File Plans, and TaxonomyClassification and TaxonomyPrebuilt versus Custom TaxonomiesThesaurus Use in TaxonomiesTaxonomy TypesBusiness Process AnalysisTaxonomy Testing: A Necessary StepTaxonomy MaintenanceSocial Tagging and FolksonomiesNotes
APPENDIX B: Laws and Major Regulations Related to Records Management
United StatesCanadaUnited KingdomAustraliaNotes
APPENDIX C: Laws and Major Regulations Related to Privacy
United StatesMajor Privacy Laws Worldwide, by CountryNotes
GLOSSARY
Notes
ABOUT THE AUTHOR
ABOUT THE MAJOR CONTRIBUTORS
INDEX

Content preview from Information Governance: Concepts, Strategies, and Best Practices

APPENDIX B

Laws and Major Regulations Related to Records Management

United States

Records management practices and standards are delineated in many federal regulations. Also, a number of state statutes have passed. In some cases they actually supersede federal regulations; therefore, it is crucial to understand compliance within the state or states where an organization operates.

On the federal level, public companies must be vigilant in verifying, protecting, and reporting financial information to comply with requirements under Sarbanes—Oxley (SOX) and the Gramm–Leach–Bliley Acts. Health care concerns must meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA), and investment firms must comply with a myriad of regulations by the Securities and Exchange Commission (SEC) and National Association of Securities Dealers (NASD).

This appendix presents a brief description of current rules, laws, regulators, and their records retention and corporate policy requirements. (Note: This is an overview, and firms should consult their own legal counsel for interpretation and applicability.)

Gramm–Leach–Bliley Act

The Financial Institution Privacy Protection Act of 2001 and Financial Institution Privacy Protection Act of 2003 (Gramm–Leach–Bliley Act) was amended in 2003 to improve and increase protection of nonpublic personal information. Through this act, financial records must be properly secured, safeguarded, and eventually completely destroyed so that the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Seventh Edition and The Standard for Project Management (ENGLISH)

Project Management Institute

Publisher Resources

ISBN: 9781118218303Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Information Governance: Concepts, Strategies, and Best Practices

by Robert F. Smallwood

APPENDIX B

Laws and Major Regulations Related to Records Management