Book description
This fully updated edition demonstrates how businesses can succeed in creating a new culture of information management compliance (IMC) by incorporating an IMC philosophy into a corporate governance structure. Expert advice and insight reveals the proven methodology that adopts the principles, controls, and discipline upon which many corporate compliance programs are built and explains how to apply this methodology to develop and implement IMC programs that anticipate problems and take advantage of opportunities. Plus, you?ll learn how to measure information management compliance through the use of auditing and monitoring, following the proper delegation of program roles and components, and creating a culture of information management awareness.
Table of contents
- Copyright
- About the Authors
- Credits
- Acknowledgments
- Introduction
-
I. Laying the Foundations of Information Management Compliance
- 1. Why Information Management Matters
-
2. Building the Foundation: Defining Records
- 2.1. Determining If Information Is a Record
- 2.2. Defining Records
- 2.3. Why We Retain Records
- 2.4. Not All Information Has to Be Retained
- 2.5. Top 10 Reasons Not to Keep Everything Forever
- 2.6. Medium Does Not Matter
- 2.7. Intent Does Matter
- 2.8. Record Qualification Checklist
- 2.9. Survey: Employee Responsibility for Records and Information
- 2.10. Notes
- 3. An Overview of Records Management
- 4. Information Management Compliance (IMC)
- 5. Achieving IMC: Introduction to the Seven Keys
- 6. Sarbanes-Oxley and IMC
-
II. Seven Keys to Information Management Compliance
- Key #1: Good Policies and Procedures
-
7. The Purpose of Policies and Procedures
- 7.1. Laying the Foundation of IMC
- 7.2. The Difference between Policies and Procedures
- 7.3. Provide Clear Directives to Employees
- 7.4. Making a Statement to the World
- 7.5. Not Following Your Own Policy Is Bad Policy
- 7.6. If You Don't Do It, Someone Else Will
- 7.7. Putting It Down in Writing
- 7.8. Limiting Corporate Liability for Employee Actions
- 7.9. The Legal Hold
- 7.10. Notes
-
8. Making Good Policies and Procedures
- 8.1. Create a Policy and Procedure Structure
- 8.2. Create Clear and Unambiguous Directives
- 8.3. Policies in the Real World
- 8.4. Policies Should Be Technology-Neutral
- 8.5. Guiding IT/IS with Policies and Procedures
- 8.6. Resist the Temptation to Make Catch-All Policies
- 8.7. Address Ongoing Changes in the Law
- 8.8. Addressing Policy Violations: A Four-Stage Program Courtesy of the FTC
- 8.9. Notes
- 9. Information Management Policy Issues
- Key #2: Executive-Level Program Responsibility
-
10. Executive Leadership, Sine Qua Non1
- 10.1. Policy Comes from Above
- 10.2. Companies and Executives Pay the Price for Their Failures
- 10.3. Who Has Time for It?
- 10.4. Organizational Culture
- 10.5. It's Not Just the CFO
- 10.6. Fighting the Tide Is a Job for Someone Strong
- 10.7. Consistency across Lines-of-Business
- 10.8. Put Your Money Where Your Mouth Is
- 10.9. Can the CEO Really Be Held Accountable for Information Management?
- 10.10. Notes
- 11. What Executive Responsibility Means
- 12. IT Leadership
- Key #3: Proper Delegation of Program Roles and Components
- 13. Create an Organizational Structure to Support IMC
- 14. A Sample Information Management Organizational Structure
- Key #4: Program Communication and Training
-
15. Essential Elements of Information Management Communication and Training
- 15.1. Be Clear and Consistent
- 15.2. Clarity Is King
- 15.3. Be Concise
- 15.4. Be Visible
- 15.5. Be Proactive and Responsive
- 15.6. Offer Engaging and Interactive Training Programs
- 15.7. Make IMC an Employee Priority
- 15.8. Constantly Communicate and Train
- 15.9. Educate Employees about the Implication of New Technology
- 15.10. Notes
- Key #5: Auditing and Monitoring to Measure Program Compliance
-
16. Use Auditing and Monitoring to Measure IMC
- 16.1. Information Management Auditing and Monitoring
- 16.2. Find Out before Someone Else Does
- 16.3. Auditing and Monitoring Programs Help to Build Trust
- 16.4. Know What Is Happening on Your Own Networks
- 16.5. Auditing or Monitoring May Be Required by Law
- 16.6. Internal versus External Auditing and Monitoring Programs
- 16.7. Piracy: Don't Look the Other Way
- 16.8. Monitoring Employee Activity
- 16.9. Notes
- Key #6: Effective and Consistent Program Enforcement
- 17. Addressing Employee Policy Violations
- 18. Using Technology to Enforce Policy
- Key #7: Continuous Program Improvement
- 19. The Ongoing Work of IMC
- Conclusion
Product information
- Title: Information Nation: Seven Keys to Information Management Compliance, Second Edition
- Author(s):
- Release date: February 2009
- Publisher(s): Wiley
- ISBN: 9780470453117
You might also like
book
Fully Compliant: Compliance Training to Change Behavior
A Better Kind of Compliance Training Compliance training succeeds when you balance the needs of not …
book
FISMA Compliance Handbook
This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA Compliance Handbook …
book
Building an Enterprise-Wide Business Continuity Program
Drawing on over two decades of experience creating continuity plans and using them in actual recoveries, …
article
Twenty Years of Open Innovation
Organizations that practice open innovation draw on external resources to develop new ideas for products and …