Managing Information Asset Register

3,594 views

Published on

This tool is designed to assist organisations in managing their Information Assets and with whom the Information Assets are shared.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,594
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
82
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Managing Information Asset Register

  1. 1. Managing Information Asset Register By Ben Oguntala. LLB, LLM Ben.oguntala@dataprotectionofficer.com How many Information data do you have, what are they and with whom are they shared? 1
  2. 2. Our 5 simple steps 1 Define the key stakeholders 2 Create your IAR & supplier register 3 Map current IAR to Suppliers & ISA 4 Create the relevant processes 5 Solution roll out 2
  3. 3. Overview of the framework Privacy Compliance Information THE KEY STAKEHOLDERS Business units team team security Access given these teams to ensure a consolidated coverage. www.dataprotectionofficer.com CREATE YOUR IAR/PR/3PR & ISA The databases provided: - IAR – information Asset register 3rd party register register Project - Project register IAR ISA - 3rd party register - ISA – information sharing agreements Business unit 1 Business unit 2 Business unit 2 Projects IAR 3rd parties ISA Projects IAR 3rd parties ISA Projects IAR 3rd parties ISA 13 9 12 6 13 9 12 6 13 9 12 6 3 Business units can be structured according to the hierarchy of your organisation
  4. 4. 1 Define the key stakeholders Team Role Benefits Procurement Procurement are best placed Supply of the list of team to know which suppliers you suppliers deal with As part of compliance the ISA Privacy team Supply the ISA template, is used with all 3rd party data PIA & approval exchanges. Compliance Compliance ensures all Supply compliance team policies and procedures are baseline adhered to. Information Play an operational role in Supply risk assessment security assessing projects & changes function to your organisation Business units Supply Information All business units listed Assets projects & including sub business units changes and Partners 4
  5. 5. 2 Create your IAR & supplier register Team Role 3rd party register Procurement Supply of the team list of suppliers Supply the ISA Privacy team template, PIA ISA & approval Compliance Supply team compliance IAR baseline Information Supply risk security assessment function register Project Supply Business units Information Assets projects & changes 5
  6. 6. 2 Create your IAR & supplier register Business unit: Organisation hierarchy 6
  7. 7. 2 Create your IAR & supplier register The Asset Register Buena Ventura 7
  8. 8. 2 Create your IAR & supplier register Editing the Information Asset Register Risk impact assessment Asset details include format, location, input & output. 8
  9. 9. 3 Map current IAR to Suppliers & ISA List of 3rd parties that the information asset is shared with Detailed view 3rd parties 9
  10. 10. 3 Map current IAR to Suppliers & ISA Details of the Asset Register 3rd parties 10 Each asset is risk assessed, classified, owner assigned and no. of 3rd parties shared with listed
  11. 11. 4 Create the relevant processes List of Information Assets IAR New information IAR Asset registration Project/Asset IAR 87 mapping Projects 32 Business Projects Projects New/change units project Project/asset/sup 3rd parties plier mapping parties 3rd New supplier registration Project ISA Compliance ISA Information asset 11
  12. 12. 4 Create the relevant processes Risk rating Incident Types of assets management Information Business 3rd party supplier register Information security Asset unit 3rd parties Total no. of Assets compliance Project/Asset Data Protection officer Types of assets Project/Asset • Privacy impact assessment • contract • Information sharing agreement Privacy team Business units Asset ID Owner Classification Record type ISA Suppliers Review date HR 901 A smut Restricted Full customer info 5 MOJ 23/09/10 Sales 789 S Red Unrestricted Customer financials 7 OMG 13/12/10 Marketing 456 N Ball financial Customer 3 Detica 02/06/11 Procurement 123 W Ed Restricted Record type 1 Logica 04/01/11 12
  13. 13. 5 Solution roll out Business unit 1 Stakeholders Projects IAR 3rd parties ISA Procurement 13 9 12 6 team Business unit 2 Privacy team Phased roll out Projects IAR 3rd parties ISA Operation 13 9 12 6 Pilot Business unit 3 Compliance team Projects IAR 3rd parties ISA 13 9 12 6 Information Business unit 4 security Projects IAR 3rd parties ISA 13 9 12 6 Business units 13
  14. 14. Contact details To know what Information Assets you have and with whom you are sharing them, contact • Ben Oguntala, LLB, LLM • Ben.oguntala@dataprotectionofficer.com • 07812 039 867 • www.dataprotectionofficer.com 14

×