SlideShare a Scribd company logo

Chapter 6Information Governance policy developmentDr. Sand.docx

Download as DOCX, PDF
M
mccormicknadine86

Chapter 6 Information Governance policy development Dr. Sandra J. Reeves ITS 833 – INFORMATION GOVERNANCE Chapter 6 Information Governance Policy Development Dr. Sandra J. Reeves [email protected] J. Reeves 2018 1 1 CHAPTER GOALS AND OBJECTIVES Know the 8 Generally Accepted Recordkeeping Principles® What is the IG Reference Model? What does the IGRM Diagram consist of? What are the best practice considerations? What is the benefits and risks of having standards? What are the key standards relevant to IG [email protected] J. Reeves 2018 2 2 A Review of the 8 Generally Accepted Recording Keeping Principles® Accountability Transparency Integrity Protection Compliance Availability Retention Disposition So…what is the significance of these principles? [email protected] J. Reeves 2018 3 3 [email protected] J. Reeves 2018 4 IG REFERENCE MODEL Who? ARMA International & CGOC When? 2012 Where? As part of the EDRM Project Verson 3.0 Why? To foster the adoption by facilitating communication and collaboration between IG stakeholder functions, legal, records management, risk management, and business unit stakeholders. 4 HOW TO INTERPRET THE IGRM DIAGRAM Outter Ring: Complex set of interoperable processes and implementing he procedures and structural element to put them into practice Requirements: Understanding of business imperatives Knowledge of appropriate tools and infrastructure Sensitivity to legal and regulatory obligations [email protected] J. Reeves 2018 5 5 HOW TO INTERPRET THE IGRM DIAGRAM…continued Inner Ring: Depicts a work-flow (life-cycle) diagram. Shows that information management is important at all stages of the lifecycle. [email protected] J. Reeves 2018 6 6 So….How is the IGRM Diagram related to the Generally Accepted Recordkeeping Principles®? Support the ARMA Principle by identifying the cross-functional groups of IG stakeholders Depicts the intersecting objectives of the organization Depicts the relationship duty, value and information assets Used by proactive organizations as an introspective lens to facilitate visualization, understanding and discussion concerning how to apple the “Principles” to the organization. Puts focus on the “Principles” Provides essential context for the maturity model [email protected] J. Reeves 2018 7 7 Considerations in IG Policy Formation? Best Practices? YES! Understand that Best Practices will vary per organization Review 25 generic Best Practices, Pages 75 and 76 of text book [email protected] J. Reeves 2018 8 Standards? YES! Two types to consider De Jure Standards-Legal standards published by standards setting bodies such as IOS, ANSI, NIST, BTS and others De Facto Standards – Informal standards regarded by many as actual standards – arising through popular use (Example: Windows in the business world in 2001-2010). May be published by formal standards setting bo ...

Education
1 of 17
Chapter 6 Information Governance policy development Dr. Sandra J. Reeves ITS 833 – INFORMATION GOVERNANCE Chapter 6 Information Governance Policy Development Dr. Sandra J. Reeves [email protected] J. Reeves 2018 1 1
CHAPTER GOALS AND OBJECTIVES Know the 8 Generally Accepted Recordkeeping Principles® What is the IG Reference Model? What does the IGRM Diagram consist of? What are the best practice considerations? What is the benefits and risks of having standards? What are the key standards relevant to IG [email protected] J. Reeves 2018 2 2 A Review of the 8 Generally Accepted Recording Keeping Principles® Accountability Transparency Integrity Protection Compliance Availability
Retention Disposition So…what is the significance of these principles? [email protected] J. Reeves 2018 3 3 [email protected] J. Reeves 2018 4 IG REFERENCE MODEL Who? ARMA International & CGOC When? 2012 Where? As part of the EDRM Project Verson 3.0 Why? To foster the adoption by facilitating communication and collaboration between IG stakeholder functions, legal, records
management, risk management, and business unit stakeholders. 4 HOW TO INTERPRET THE IGRM DIAGRAM Outter Ring: Complex set of interoperable processes and implementing he procedures and structural element to put them into practice Requirements: Understanding of business imperatives Knowledge of appropriate tools and infrastructure Sensitivity to legal and regulatory obligations [email protected] J. Reeves 2018 5
5 HOW TO INTERPRET THE IGRM DIAGRAM…continued Inner Ring: Depicts a work-flow (life-cycle) diagram. Shows that information management is important at all stages of the lifecycle. [email protected] J. Reeves 2018 6 6
So….How is the IGRM Diagram related to the Generally Accepted Recordkeeping Principles®? Support the ARMA Principle by identifying the cross-functional groups of IG stakeholders Depicts the intersecting objectives of the organization Depicts the relationship duty, value and information assets Used by proactive organizations as an introspective lens to facilitate visualization, understanding and discussion concerning how to apple the “Principles” to the organization. Puts focus on the “Principles” Provides essential context for the maturity model [email protected] J. Reeves 2018 7 7 Considerations in IG Policy Formation? Best Practices? YES! Understand that Best Practices will vary per organization Review 25 generic Best Practices, Pages 75 and 76 of text book
[email protected] J. Reeves 2018 8 Standards? YES! Two types to consider De Jure Standards-Legal standards published by standards setting bodies such as IOS, ANSI, NIST, BTS and others De Facto Standards – Informal standards regarded by many as actual standards – arising through popular use (Example: Windows in the business world in 2001-2010). May be published by formal standards setting bodies without having “Formal” status 8 Benefits and Risks of Standards Benefits Quality Assurance Support Interoperability Support Implementation Framework and Certification Checklists Cost Reduction International Consensus
[email protected] J. Reeves 2018 9 Risks Possible Decreased Flexibility Standards Confusion Real-World Shortcomings to due Theoretical Basis Cost and Maintenance Involving in Updating Standard 9 KEY STANDARDS RELEVANT TO IG Risk Management ISO 31000-2009 – States principles and generic guidelines of risk management applicable to IG Provides a structured framework for development and implementation of risk management strategies and programs “Risk Management Framework”: Set of two basic components (foundations and organizational arrangements) that support and sustain risk management throughout the organization. [email protected] J. Reeves 2018
10 10 KEY STANDARDS RELEVANT TO IG…continued Information Security Management ISO/IEC 27001:2005- Information Security Management System Standard that provides guidance in development of security controls for protection of information assets Flexible –can be applied to different activities and processes Includes use of standards by auditors and stakeholders ISO/IEC 27002:2005-Information Technology-Security Techniques-Code of Practice for Information Security Establishes guidelines and general principle for initiating, implementing, maintaining and improving information security mgt. Includes Best Practices of Control Objectives in 11 key areas of information security management ISO/IE 38500:2008 –International Standard for high-level principle and guidance for senior executives and directors, and advisors for effective and efficient use of IT
Three major sections Scope, Application and Objectives Framework for Good Corporate Governance of IT Guidance for Corporate Governance of IT [email protected] J. Reeves 2018 11 11 KEY STANDARDS RELEVANT TO IG…continued RECORDS AND E-RECORDS MANAGEMENT ISO 15489-1:2001 and ISO 15489-2:2001– International Standard for Records Management Part 1:Provides a framework and high-level overview of RM core principles Part 1:Defines RM as “Field of management responsibility for the efficient and systematic control of creation receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records”1
Part 2: Technical Specifications and Methodology for implementing standard ISO 30300;2011 – Information and Documentation-Management Systems for Records-Fundamentals and Vocabulary ISO 30301:2011 – Information and Documentation-Management Systems for Records – Requirments 1ISO 15489-1:2001 Information and Documentation-Records Management, Part 1:General Geneva: ISO, 2001), section 3.16. [email protected] J. Reeves 2018 12 12 NATIONAL, INTERNATIONAL AND REGIONAL ERM
STANDARDS United States E-Records Standard U.S. DOD 5015.2 Design Criteria Standard For Electronic Records Management Software Applications Developed in 1997 Updated in 2002 and 2007 Canadian Standards Electronic Records as Documentary Evidence CAN/CGSB- 72.34-2005 Microfilm and Electronic Images as Documentary Evidence CAN/DGSB-72.11-93 Canadian Legal Considerations Relies on prime directive-that an organization shall always be prepared to produce its records as evidence- and its national standards, for the admissibility of electronic records in court proceedings The admissibility of records as evidence is determined under the business records provisions of the Evidence Act [email protected] J. Reeves 2018 13
13 NATIONAL, INTERNATIONAL AND REGIONAL ERM STANDARDS…CONTINUED United Kingdom The National Archives To sets of functions requirements to promote the development of the electronic records management software market (one in 1999 and one in 2002) Model Requirements of Electronic Records MoReq2 MoReq2010 [email protected] J. Reeves 2018 14 Australian ERM and Records Management Standards Has consistently been world leader in this area Adopted all three parts of ISO 16175 as its e-records standard Australian Government Recordkeeping Metadata Standard Version 2.0 Australian Government Locator Service AS 5090:2003 – Work Process Analysis for Recordkeeping
14 LONG-TERM DIGITAL PRESERVATION Referred to as “LTDP” LTDP is a key area for IG policy development Frequently not addressed in an IG plan Should be applied in preserving historical and “vital records” and in order to maintain its corporate or organizational memory Key Standards for LTDP: PDF/A-2 –official standard format for preserving electronic documents, developed by Adobe. ISO 19005-1:2005 Document Management is the published specification requiring PDF format ISO 14721:2012 – Space Data and Information Transfer Systems –Open Archival Information Systems ISO TR 18492(2005) – Long Term Preservation of Electronic Document Based Information ISO 16363:2012 – Space Data and Information Transfer Systems-Audit and Certification of Trustworthy Digital Repositories [email protected] J. Reeves 2018 15
15 BUSINESS CONTINUITY MANAGEMENT ISO 22301:2012 – Societal Security – Business Continuity Management Systems Requirements Specifies requirements for creating and implementing a standardized approach to business continuity management ----- this is also known as Disaster Recovery Benefits of ISO 22301 Threat Identification and Assessment Threat and Recovery Planning Mission-critical process protection Stakeholder Confidence [email protected] J. Reeves 2018 16 16
THINGS TO REMEMBER IN DEVELOPING THE IG POLICY Take into account organizational goals Draw clear lines of authority Make sure you have an executive sponsor who can garner executive support for the IG program and policies IG program must contain communications and training component Stakeholders must be made aware of new policies and practices Make sure you have metrics that are relevant and useful and can actually be measured Test and audit Give feedback to employees based upon metrics, tests and audit results Establish and enforce clear penalties for policy violations and communicate that to employees Take into account organizational culture [email protected] J. Reeves 2018 17 17
The End [email protected] J. Reeves 2018 18 18

Recommended

ITS 833 – INFORMATION GOVERNANCEChapter 7Dr. Omar Mohamed.docx
ITS 833 – INFORMATION GOVERNANCEChapter 7Dr. Omar Mohamed.docxITS 833 – INFORMATION GOVERNANCEChapter 7Dr. Omar Mohamed.docx
ITS 833 – INFORMATION GOVERNANCEChapter 7Dr. Omar Mohamed.docxvrickens
 
In order to have a successful IG program, one of the eight (8) I
In order to have a successful IG program, one of the eight (8) IIn order to have a successful IG program, one of the eight (8) I
In order to have a successful IG program, one of the eight (8) IMalikPinckney86
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Frameworkbarnetdh
 
From ISO to Implementation A framework for ECM Implementation
From ISO to Implementation A framework for ECM ImplementationFrom ISO to Implementation A framework for ECM Implementation
From ISO to Implementation A framework for ECM Implementationgbroadbent67
 
Julian Watts - The Value of Standards and why GIS and AM practitioners should...
Julian Watts - The Value of Standards and why GIS and AM practitioners should...Julian Watts - The Value of Standards and why GIS and AM practitioners should...
Julian Watts - The Value of Standards and why GIS and AM practitioners should...GeoEnable Limited
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500Ramiro Cid
 
ITS 833 – INFORMATION GOVERNANCEChapter 2 – Information Gove.docx
ITS 833 – INFORMATION GOVERNANCEChapter 2 – Information Gove.docxITS 833 – INFORMATION GOVERNANCEChapter 2 – Information Gove.docx
ITS 833 – INFORMATION GOVERNANCEChapter 2 – Information Gove.docxvrickens
 

Recommended

ITS 833 – INFORMATION GOVERNANCEChapter 7Dr. Omar Mohamed.docx
ITS 833 – INFORMATION GOVERNANCEChapter 7Dr. Omar Mohamed.docxITS 833 – INFORMATION GOVERNANCEChapter 7Dr. Omar Mohamed.docx
ITS 833 – INFORMATION GOVERNANCEChapter 7Dr. Omar Mohamed.docxvrickens
 
In order to have a successful IG program, one of the eight (8) I
In order to have a successful IG program, one of the eight (8) IIn order to have a successful IG program, one of the eight (8) I
In order to have a successful IG program, one of the eight (8) IMalikPinckney86
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Frameworkbarnetdh
 
From ISO to Implementation A framework for ECM Implementation
From ISO to Implementation A framework for ECM ImplementationFrom ISO to Implementation A framework for ECM Implementation
From ISO to Implementation A framework for ECM Implementationgbroadbent67
 
Julian Watts - The Value of Standards and why GIS and AM practitioners should...
Julian Watts - The Value of Standards and why GIS and AM practitioners should...Julian Watts - The Value of Standards and why GIS and AM practitioners should...
Julian Watts - The Value of Standards and why GIS and AM practitioners should...GeoEnable Limited
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500Ramiro Cid
 
ITS 833 – INFORMATION GOVERNANCEChapter 2 – Information Gove.docx
ITS 833 – INFORMATION GOVERNANCEChapter 2 – Information Gove.docxITS 833 – INFORMATION GOVERNANCEChapter 2 – Information Gove.docx
ITS 833 – INFORMATION GOVERNANCEChapter 2 – Information Gove.docxvrickens
 
Integrating sms and isms
Integrating sms and ismsIntegrating sms and isms
Integrating sms and ismsSeptafiansyah P
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grcTatto Sugiopranoto
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.360factors
 
CV jagroop jagpal
CV jagroop jagpalCV jagroop jagpal
CV jagroop jagpalJagroopSinghJagpal
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT FrameworksFrancisco Calzado
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
CHAPTER 6INFORMATION GOVERNANCEInformation Governance Po.docx
CHAPTER 6INFORMATION GOVERNANCEInformation Governance Po.docxCHAPTER 6INFORMATION GOVERNANCEInformation Governance Po.docx
CHAPTER 6INFORMATION GOVERNANCEInformation Governance Po.docxrobertad6
 
Automating Policy Compliance and IT Governance
Automating Policy Compliance and IT GovernanceAutomating Policy Compliance and IT Governance
Automating Policy Compliance and IT GovernanceSasha Nunke
 
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...IJECEIAES
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1Richard Willis
 
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001IJNSA Journal
 
IT frameworks
IT frameworksIT frameworks
IT frameworkscyouss
 
mm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and Conceptsmm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and ConceptsAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Yerlin Sturdivant
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Disa Itsm V1.3
Disa Itsm V1.3Disa Itsm V1.3
Disa Itsm V1.3djaehnig
 
3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3aGene Kim
 
Eurosec'2008 christophe feltus
Eurosec'2008 christophe feltusEurosec'2008 christophe feltus
Eurosec'2008 christophe feltusLuxembourg Institute of Science and Technology
 
Option #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxOption #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxmccormicknadine86
 
Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxmccormicknadine86
 

More Related Content

Similar to Chapter 6Information Governance policy developmentDr. Sand.docx

Integrating sms and isms
Integrating sms and ismsIntegrating sms and isms
Integrating sms and ismsSeptafiansyah P
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.360factors
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT FrameworksFrancisco Calzado
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
CHAPTER 6INFORMATION GOVERNANCEInformation Governance Po.docx
CHAPTER 6INFORMATION GOVERNANCEInformation Governance Po.docxCHAPTER 6INFORMATION GOVERNANCEInformation Governance Po.docx
CHAPTER 6INFORMATION GOVERNANCEInformation Governance Po.docxrobertad6
 
Automating Policy Compliance and IT Governance
Automating Policy Compliance and IT GovernanceAutomating Policy Compliance and IT Governance
Automating Policy Compliance and IT GovernanceSasha Nunke
 
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...IJECEIAES
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1Richard Willis
 
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001IJNSA Journal
 
IT frameworks
IT frameworksIT frameworks
IT frameworkscyouss
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Yerlin Sturdivant
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Disa Itsm V1.3
Disa Itsm V1.3Disa Itsm V1.3
Disa Itsm V1.3djaehnig
 
3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3aGene Kim
 

Similar to Chapter 6Information Governance policy developmentDr. Sand.docx (20)

Integrating sms and isms
Integrating sms and ismsIntegrating sms and isms
Integrating sms and isms
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grc
 
Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.Cyber Security IT GRC Management Model and Methodology.
Cyber Security IT GRC Management Model and Methodology.
 
CV jagroop jagpal
CV jagroop jagpalCV jagroop jagpal
CV jagroop jagpal
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 
CHAPTER 6INFORMATION GOVERNANCEInformation Governance Po.docx
CHAPTER 6INFORMATION GOVERNANCEInformation Governance Po.docxCHAPTER 6INFORMATION GOVERNANCEInformation Governance Po.docx
CHAPTER 6INFORMATION GOVERNANCEInformation Governance Po.docx
 
Automating Policy Compliance and IT Governance
Automating Policy Compliance and IT GovernanceAutomating Policy Compliance and IT Governance
Automating Policy Compliance and IT Governance
 
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1
 
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
 
IT frameworks
IT frameworksIT frameworks
IT frameworks
 
mm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and Conceptsmm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and Concepts
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Disa Itsm V1.3
Disa Itsm V1.3Disa Itsm V1.3
Disa Itsm V1.3
 
3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a3 2006 06 cs6 4 gait principles v3a
3 2006 06 cs6 4 gait principles v3a
 
Eurosec'2008 christophe feltus
Eurosec'2008 christophe feltusEurosec'2008 christophe feltus
Eurosec'2008 christophe feltus
 

More from mccormicknadine86

Option #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxOption #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxmccormicknadine86
 
Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxmccormicknadine86
 
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docxOption Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docxmccormicknadine86
 
Option A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docxOption A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docxmccormicknadine86
 
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docxOption 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docxmccormicknadine86
 
OPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docxOPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docxmccormicknadine86
 
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docxOption 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docxmccormicknadine86
 
Option A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docxOption A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docxmccormicknadine86
 
Option #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docxOption #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docxmccormicknadine86
 
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docxOption 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docxmccormicknadine86
 
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docxOption 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docxmccormicknadine86
 
Option #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docxOption #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docxmccormicknadine86
 
Option A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docxOption A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docxmccormicknadine86
 
opic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docxopic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docxmccormicknadine86
 
Option 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docxOption 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docxmccormicknadine86
 
Option #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docxOption #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docxmccormicknadine86
 
Operationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxOperationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxmccormicknadine86
 
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docxOpen the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docxmccormicknadine86
 
onsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docxonsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docxmccormicknadine86
 
Operations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docxOperations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docxmccormicknadine86
 

More from mccormicknadine86 (20)

Option #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxOption #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docx
 
Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docx
 
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docxOption Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
 
Option A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docxOption A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docx
 
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docxOption 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
 
OPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docxOPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docx
 
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docxOption 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
 
Option A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docxOption A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docx
 
Option #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docxOption #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docx
 
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docxOption 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
 
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docxOption 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
 
Option #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docxOption #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docx
 
Option A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docxOption A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docx
 
opic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docxopic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docx
 
Option 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docxOption 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docx
 
Option #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docxOption #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docx
 
Operationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxOperationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docx
 
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docxOpen the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
 
onsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docxonsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docx
 
Operations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docxOperations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docx
 

Recently uploaded

Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 

Recently uploaded (20)

Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 

Chapter 6Information Governance policy developmentDr. Sand.docx

  • 1. Chapter 6 Information Governance policy development Dr. Sandra J. Reeves ITS 833 – INFORMATION GOVERNANCE Chapter 6 Information Governance Policy Development Dr. Sandra J. Reeves [email protected] J. Reeves 2018 1 1
  • 2. CHAPTER GOALS AND OBJECTIVES Know the 8 Generally Accepted Recordkeeping Principles® What is the IG Reference Model? What does the IGRM Diagram consist of? What are the best practice considerations? What is the benefits and risks of having standards? What are the key standards relevant to IG [email protected] J. Reeves 2018 2 2 A Review of the 8 Generally Accepted Recording Keeping Principles® Accountability Transparency Integrity Protection Compliance Availability
  • 3. Retention Disposition So…what is the significance of these principles? [email protected] J. Reeves 2018 3 3 [email protected] J. Reeves 2018 4 IG REFERENCE MODEL Who? ARMA International & CGOC When? 2012 Where? As part of the EDRM Project Verson 3.0 Why? To foster the adoption by facilitating communication and collaboration between IG stakeholder functions, legal, records
  • 4. management, risk management, and business unit stakeholders. 4 HOW TO INTERPRET THE IGRM DIAGRAM Outter Ring: Complex set of interoperable processes and implementing he procedures and structural element to put them into practice Requirements: Understanding of business imperatives Knowledge of appropriate tools and infrastructure Sensitivity to legal and regulatory obligations [email protected] J. Reeves 2018 5
  • 5. 5 HOW TO INTERPRET THE IGRM DIAGRAM…continued Inner Ring: Depicts a work-flow (life-cycle) diagram. Shows that information management is important at all stages of the lifecycle. [email protected] J. Reeves 2018 6 6
  • 6. So….How is the IGRM Diagram related to the Generally Accepted Recordkeeping Principles®? Support the ARMA Principle by identifying the cross-functional groups of IG stakeholders Depicts the intersecting objectives of the organization Depicts the relationship duty, value and information assets Used by proactive organizations as an introspective lens to facilitate visualization, understanding and discussion concerning how to apple the “Principles” to the organization. Puts focus on the “Principles” Provides essential context for the maturity model [email protected] J. Reeves 2018 7 7 Considerations in IG Policy Formation? Best Practices? YES! Understand that Best Practices will vary per organization Review 25 generic Best Practices, Pages 75 and 76 of text book
  • 7. [email protected] J. Reeves 2018 8 Standards? YES! Two types to consider De Jure Standards-Legal standards published by standards setting bodies such as IOS, ANSI, NIST, BTS and others De Facto Standards – Informal standards regarded by many as actual standards – arising through popular use (Example: Windows in the business world in 2001-2010). May be published by formal standards setting bodies without having “Formal” status 8 Benefits and Risks of Standards Benefits Quality Assurance Support Interoperability Support Implementation Framework and Certification Checklists Cost Reduction International Consensus
  • 8. [email protected] J. Reeves 2018 9 Risks Possible Decreased Flexibility Standards Confusion Real-World Shortcomings to due Theoretical Basis Cost and Maintenance Involving in Updating Standard 9 KEY STANDARDS RELEVANT TO IG Risk Management ISO 31000-2009 – States principles and generic guidelines of risk management applicable to IG Provides a structured framework for development and implementation of risk management strategies and programs “Risk Management Framework”: Set of two basic components (foundations and organizational arrangements) that support and sustain risk management throughout the organization. [email protected] J. Reeves 2018
  • 9. 10 10 KEY STANDARDS RELEVANT TO IG…continued Information Security Management ISO/IEC 27001:2005- Information Security Management System Standard that provides guidance in development of security controls for protection of information assets Flexible –can be applied to different activities and processes Includes use of standards by auditors and stakeholders ISO/IEC 27002:2005-Information Technology-Security Techniques-Code of Practice for Information Security Establishes guidelines and general principle for initiating, implementing, maintaining and improving information security mgt. Includes Best Practices of Control Objectives in 11 key areas of information security management ISO/IE 38500:2008 –International Standard for high-level principle and guidance for senior executives and directors, and advisors for effective and efficient use of IT
  • 10. Three major sections Scope, Application and Objectives Framework for Good Corporate Governance of IT Guidance for Corporate Governance of IT [email protected] J. Reeves 2018 11 11 KEY STANDARDS RELEVANT TO IG…continued RECORDS AND E-RECORDS MANAGEMENT ISO 15489-1:2001 and ISO 15489-2:2001– International Standard for Records Management Part 1:Provides a framework and high-level overview of RM core principles Part 1:Defines RM as “Field of management responsibility for the efficient and systematic control of creation receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records”1
  • 11. Part 2: Technical Specifications and Methodology for implementing standard ISO 30300;2011 – Information and Documentation-Management Systems for Records-Fundamentals and Vocabulary ISO 30301:2011 – Information and Documentation-Management Systems for Records – Requirments 1ISO 15489-1:2001 Information and Documentation-Records Management, Part 1:General Geneva: ISO, 2001), section 3.16. [email protected] J. Reeves 2018 12 12 NATIONAL, INTERNATIONAL AND REGIONAL ERM
  • 12. STANDARDS United States E-Records Standard U.S. DOD 5015.2 Design Criteria Standard For Electronic Records Management Software Applications Developed in 1997 Updated in 2002 and 2007 Canadian Standards Electronic Records as Documentary Evidence CAN/CGSB- 72.34-2005 Microfilm and Electronic Images as Documentary Evidence CAN/DGSB-72.11-93 Canadian Legal Considerations Relies on prime directive-that an organization shall always be prepared to produce its records as evidence- and its national standards, for the admissibility of electronic records in court proceedings The admissibility of records as evidence is determined under the business records provisions of the Evidence Act [email protected] J. Reeves 2018 13
  • 13. 13 NATIONAL, INTERNATIONAL AND REGIONAL ERM STANDARDS…CONTINUED United Kingdom The National Archives To sets of functions requirements to promote the development of the electronic records management software market (one in 1999 and one in 2002) Model Requirements of Electronic Records MoReq2 MoReq2010 [email protected] J. Reeves 2018 14 Australian ERM and Records Management Standards Has consistently been world leader in this area Adopted all three parts of ISO 16175 as its e-records standard Australian Government Recordkeeping Metadata Standard Version 2.0 Australian Government Locator Service AS 5090:2003 – Work Process Analysis for Recordkeeping
  • 14. 14 LONG-TERM DIGITAL PRESERVATION Referred to as “LTDP” LTDP is a key area for IG policy development Frequently not addressed in an IG plan Should be applied in preserving historical and “vital records” and in order to maintain its corporate or organizational memory Key Standards for LTDP: PDF/A-2 –official standard format for preserving electronic documents, developed by Adobe. ISO 19005-1:2005 Document Management is the published specification requiring PDF format ISO 14721:2012 – Space Data and Information Transfer Systems –Open Archival Information Systems ISO TR 18492(2005) – Long Term Preservation of Electronic Document Based Information ISO 16363:2012 – Space Data and Information Transfer Systems-Audit and Certification of Trustworthy Digital Repositories [email protected] J. Reeves 2018 15
  • 15. 15 BUSINESS CONTINUITY MANAGEMENT ISO 22301:2012 – Societal Security – Business Continuity Management Systems Requirements Specifies requirements for creating and implementing a standardized approach to business continuity management ----- this is also known as Disaster Recovery Benefits of ISO 22301 Threat Identification and Assessment Threat and Recovery Planning Mission-critical process protection Stakeholder Confidence [email protected] J. Reeves 2018 16 16
  • 16. THINGS TO REMEMBER IN DEVELOPING THE IG POLICY Take into account organizational goals Draw clear lines of authority Make sure you have an executive sponsor who can garner executive support for the IG program and policies IG program must contain communications and training component Stakeholders must be made aware of new policies and practices Make sure you have metrics that are relevant and useful and can actually be measured Test and audit Give feedback to employees based upon metrics, tests and audit results Establish and enforce clear penalties for policy violations and communicate that to employees Take into account organizational culture [email protected] J. Reeves 2018 17 17
  • 17. The End [email protected] J. Reeves 2018 18 18