Write annotate bibliography for Information governance milestone project.
Information Governance and Assurance; Reducing Risk, Promoting Policy Publication info: Records Management Journal ; Bradford Vol. 24, Iss. 3, (2014): 253-255.
ProQuest document link
ABSTRACT (ENGLISH) Early chapters of the book focus on introducing the concepts of governance and assurance and the UK law and
regulations that drive these requirements; there was a definite bias toward those laws that specifically concern
information, in particular, the Data Protection Act, and I would have liked to have seen more about those laws that
affect the way in which information is managed both in the broader context, e.g. employment law but also a
reference to the implications and issues when working in a global or international context which can present some
quite significant challenges when implementing an Information Governance Framework. Data are the focus of a
whole chapter, and it is a great introduction to the concepts of data management for those who have worked more
around information policy than the operational delivery of data and information services, systems and solutions.
Overall, I think that this is a useful addition to the books that are currently available that attempt to address this
subject area; having worked across the spectrum of information management, records management, information
assurance, information governance, risk and compliance and information security, I was already familiar with
much of the content. FULL TEXT This is one of the few books that brings together the concepts of records and information management and
information security and is a really solid introduction to the way in which the various information disciplines,
whether concerned with security and protection or reuse and optimisation, need to come together to ensure that
information remains useful, yet is appropriately secured to minimise risk.
Early chapters of the book focus on introducing the concepts of governance and assurance and the UK law and
regulations that drive these requirements; there was a definite bias toward those laws that specifically concern
information, in particular, the Data Protection Act, and I would have liked to have seen more about those laws that
affect the way in which information is managed both in the broader context, e.g. employment law but also a
reference to the implications and issues when working in a global or international context which can present some
quite significant challenges when implementing an Information Governance Framework.
I really like that this book referenced information in all of its forms, including data, which is all too often considered
as an entirely separate entity, yet remains a challenge when attempting to implement policy or demonstrate or
assure compliance. Data are the focus of a whole chapter, and it is a great introduction to the concepts of data
management for those who have worked more around information policy than the operational delivery of data and
information services, systems and solutions.
The chapter that focusses on the identification and assessment of threats is really useful and this is followed up
with a subsequent chapter on the security and protective measures that can be implemented to mitigate the threat
and any associated risk to the information. Again, this is a useful introduction to the concepts of information risk
management and information security.
While there are a couple of case studies, I would have liked this book to include some practical examples or
potential methodologies that bring together and integrate these information disciplines. Chapter 6 which focusses
on frameworks and “how it all fits together” identifies all of the various components that are referenced in the
broad spectrum of “information governance and assurance” and suggests an approach but does not sufficiently
demonstrate its effectiveness. There are many real challenges that will need to be overcome if a truly integrated
approach to the management, governance and assurance of information and data is to be achieved within an
enterprise environment, and it would have been useful to have some tools and techniques that have been proven
elsewhere for consideration by the reader.
The challenge that the author faces is that this is such a broad subject that to try to go into any degree of detail is
not really practical, and this means that much of the content literally introduces a concept rather than go into any
great detail. I do not think that this is a bad thing though; instead, I feel that this book demonstrates the necessary
integration of functions that have previously been seen (and treated) as distinctly different in an organisation. It
highlights that it is no longer practical to produce information policies, to develop and implement security controls
and to operate and support key information management services in isolation of each other. Instead, it is
absolutely necessary to develop a framework approach that highlights the importance of each of these roles and
functions and seeks to establish the way in which they can work together to manage information as an asset in an
enterprise context.
Overall, I think that this is a useful addition to the books that are currently available that attempt to address this
subject area; having worked across the spectrum of information management, records management, information
assurance, information governance, risk and compliance and information security, I was already familiar with
much of the content. Through necessity, I had come by this knowledge the hard way, and I feel that this book is a
really solid introductory resource for those currently working in a specific discipline or those starting their careers.
It introduces integrated concepts and highlights the various information management principles that need to be
considered if we are to truly manage information at an enterprise level and as a key business asset that has long
been a (significant) challenge for many information professionals, irrespective of their specific discipline. DETAILS
Subject: Integrated approach; Books; Information professionals; Information management
Publication title: Records Management Journal; Bradford
Volume: 24
Issue: 3
Pages: 253-255
Number of pages: 3
Publication year: 2014
Publication date: 2014
Publisher: Emerald Group Publishing Limited
Place of publication: Bradford
Country of publication: United Kingdom, Bradford
Publication subject: Business And Economics--Management
LINKS
Database copyright 2021 ProQuest LLC. All rights reserved. Terms and Conditions Contact ProQuest
ISSN: 09565698
e-ISSN: 17587689
Source type: Scholarly Journals
Language of publication: English
Document type: Journal Article
DOI: http://dx.doi.org/10.1108/RMJ-08-2014-0034
ProQuest document ID: 2439157141
Document URL: https://search.proquest.com/scholarly-journals/information-governance-assurance-
reducing-risk/docview/2439157141/se-2?accountid=10378
Copyright: © Emerald Group Publishing Limited 2014
Last updated: 2020-09-02
Database: ABI/INFORM Global
- Information Governance and Assurance; Reducing Risk, Promoting Policy