Chapters 3 Question
Dharma006
ITS833-Chapter3.pptxITS 833 – INFORMATION GOVERNANCE
Chapter 3 – Information Governance Principles
Dr. Omar Mohamed
Copyright Omar Mohamed 2019
1
CHAPTER GOALS AND OBJECTIVES
Know the 10 key principles of IG
What are the Generally Accepted Recordkeeping Principles®
What is the difference between disposition and destruction
Who should be involved in the information governance development process
Know the 8 GAR principle
Know the 5 GAR Principle Levels
Know which of the four area(s) of improvement each of the 8 GAR principles map to
Copyright Omar Mohamed 2019
2
10 key principles for the IG approach
Executive Sponsorship
Information Policy Development and Communication
Information Integrity
Information Organization and Classification
Information Security
Information Accessibility
Information Control
Information Governance Monitoring and Auditing
Stakeholder Consultation
Continuous Improvement
Copyright Omar Mohamed 2019
3
3
The Key to Information Governance
Accountability
Copyright Omar Mohamed 2019
4
Often the root of many problems is that no one is held accountable
RECORDING KEEPING PRINCIPLES®
Formal Business records account for about 9% of all information in an organization
Formal record keeping allows the organization to demonstrate legal compliance, and applicable standards
Generally Accepted Recordkeeping Principles® were developed in 2009 by ARMA International to foster awareness of good recordkeeping practices
Copyright Omar Mohamed 2019
5
5
Generally Accepted Recordkeeping Principles®
Accountability
Transparency
Integrity
Protection
Compliance
Availability
Retention
Disposition
Copyright Omar Mohamed 2019
6
6
GAR Principles Levels
Used to define the characteristics of evolving and maturing Records Management Programs
1. Standard – whether recordkeeping concerns are being addressed
2. In Development – developing recognition that recordkeeping has an impact and benefit from more defined IG program
3. Essential – where defined policies and procedures exist that address minimum legal and regulatory requirements but more action is required to improve recordkeeping
4. Proactive – where information governance issues are integrated into business decisions with organization consistently meeting its legal and regulatory obligations
5. Transformational – Integrated IG into corporate infrastructure and business processes to such an extent that compliance is routine
Copyright Omar Mohamed 2019
7
7
RM responsibility at the senior level of executive authority
Understanding of regulatory and legal framework
Responsibility for ensuring that processes, procedures and governance structures and documentation are developed
Development of organization wide audit process for all aspects of RM
Reinforce compliance and require accountability
GAR PRINCIPLE 1: ACCOUNTABILITY
Copyright Omar Mohamed 2019
8
Practices that document processes and promote an understanding of the roles and responsibilities of the stakeholders
Policies are formalized and integrated into business processes
Must be recognized by senior management
Employees must have access to the policies and procedures of RM
Employee training
Documentation in the form of policies, procedures, guidelines, instructions, diagrams, flowcharts, system documentation, user manuals, etc.
GAR PRINCIPLE 2: TRANSPARENCY
Copyright Omar Mohamed 2019
9
“Record Integrity”: The records are complete and protected from being altered
Record generating systems and repositories are required to be assessed to determine record keeping capabilities.
Here a formalized process is required to be in place for acquiring or developing new systems, required for lifecycle management of records.
Record integrity is confirmed by ensuring that records are created by competent authority based upon established principles
GAR PRINCIPLE 3:INTEGRITY
Copyright Omar Mohamed 2019
10
This is where organizations ensure that the records are unaltered through loss, tampering or corruption
Applies to both physical and electronic records
GAR PRINCIPLE 4: PROTECTION
Copyright Omar Mohamed 2019
11
There should be a process for development and training of the fundamentals of compliance monitoring
Compliance monitoring involves reviewing and inspecting different facets or records management
Compliance monitoring is carried out by audits, whether that be internal audits, external organizations or by records management and must be performed routinely
GAR PRINCIPLE 5: COMPLIANCE
Copyright Omar Mohamed 2019
12
Process of evaluating how effectively and efficiently records and information are stored and retrieved using existing equipment, networks and software of the organization
Intended to identify current and future requirements and recommendations for new systems where appropriate
GAR PRINCIPLE 6: AVAILABILITY
Copyright Omar Mohamed 2019
13
This is the function of preserving and maintaining records for continuing use
A retention schedule is created to identify actions needed to fulfill requirements for retention and disposal of records and to identify and establish authority for employees who will be responsible for retention, destruction and transfer of records
Must identify the scope of the different jurisdictions that impose control over record in each location where the company does business
Includes “records appraisal” – process of assessing the value and risk of records to determine their retention and destruction requirements-part of records retention schedule
Record retention period – length of time that records should be retained and actions taken for them to be destroyed or preserved
Document research performed to identify jurisdictional and legal requirements for record retention
GAR PRINCIPLE 7: RETENTION
Copyright Omar Mohamed 2019
14
Disposition is the last stage in the life cycle of records
When records are required to be retained permanently or on a long term basis they should be “archived” for preservation
Should be part of record retention schedule
When destroyed, destruction must be in a controlled and secure manner in accordance with disposal instructions
Document destruction of record
Maintain an audit trail of the destruction of records
Must have someone designated to oversee destruction of records
GAR PRINCIPLE 8: DISPOSITION
Copyright Omar Mohamed 2019
15
Disposition of records is not the same as destruction of records.
Destruction may be one of the disposal options
Methods of Disposition
Discard-Standard for non-confidential records
Shred – Confidential and sensitive records
Archive – For records retained permanently or for long-term periods
Imaging – Conversion from a physical record to digital images prior to destruction of paper records
Purge – This involves the removal of material based upon specific criteria. Generally applicable to structured database records and applications
Copyright Omar Mohamed 2019
16
16
Generally Accepted Recordkeeping Principles® maturity model is used to identify a company’s areas in need of improvement.
Principles are mapped to four (4) improvement areas:
Roles and responsibilities
Policies and Procedure
Communication and Training
Systems and automation
Copyright Omar Mohamed 2019
17
17
MAPPING OF IMPROVEMENT AREAS FOR GENERALLY ACCEPTED RECORDKEEPING PRINCIPELS®
Copyright Omar Mohamed 2019
18
| Improvement Area | Accountability | Transparency | Integrity | Protection | Compliance | Availability | Retention | Disposition |
| Roles and Responsibilities | | | | |||||
| Policies and Procedure | | | | | | | | |
| Communication and Training | | | | | | |||
| Systems and Automation | | | | | | |
18
WHO SHOULD DETERMINE THE IG POLICIES?
Steering Committee or Board
Headed by executive sponsor
Include cross-functional groups
Key business units
IT
Finance
Risk
Compliance
Records Management
Legal
Training is essential
Review the Sample Assessment Report and Road Map in Table 3.3, Page 36 and 37 of text book
Copyright Omar Mohamed 2019
19
The End
Copyright Omar Mohamed 2019
20
20
