Write annotate bibliography for Information governance milestone project.

profilepimrypie
ProQuestDocuments-2021-02-11.pdf

Information Governance and Assurance; Reducing Risk, Promoting Policy Publication info: Records Management Journal ; Bradford  Vol. 24, Iss. 3,  (2014): 253-255.

ProQuest document link

ABSTRACT (ENGLISH) Early chapters of the book focus on introducing the concepts of governance and assurance and the UK law and

regulations that drive these requirements; there was a definite bias toward those laws that specifically concern

information, in particular, the Data Protection Act, and I would have liked to have seen more about those laws that

affect the way in which information is managed both in the broader context, e.g. employment law but also a

reference to the implications and issues when working in a global or international context which can present some

quite significant challenges when implementing an Information Governance Framework. Data are the focus of a

whole chapter, and it is a great introduction to the concepts of data management for those who have worked more

around information policy than the operational delivery of data and information services, systems and solutions.

Overall, I think that this is a useful addition to the books that are currently available that attempt to address this

subject area; having worked across the spectrum of information management, records management, information

assurance, information governance, risk and compliance and information security, I was already familiar with

much of the content. FULL TEXT This is one of the few books that brings together the concepts of records and information management and

information security and is a really solid introduction to the way in which the various information disciplines,

whether concerned with security and protection or reuse and optimisation, need to come together to ensure that

information remains useful, yet is appropriately secured to minimise risk.

Early chapters of the book focus on introducing the concepts of governance and assurance and the UK law and

regulations that drive these requirements; there was a definite bias toward those laws that specifically concern

information, in particular, the Data Protection Act, and I would have liked to have seen more about those laws that

affect the way in which information is managed both in the broader context, e.g. employment law but also a

reference to the implications and issues when working in a global or international context which can present some

quite significant challenges when implementing an Information Governance Framework.

I really like that this book referenced information in all of its forms, including data, which is all too often considered

as an entirely separate entity, yet remains a challenge when attempting to implement policy or demonstrate or

assure compliance. Data are the focus of a whole chapter, and it is a great introduction to the concepts of data

management for those who have worked more around information policy than the operational delivery of data and

information services, systems and solutions.

The chapter that focusses on the identification and assessment of threats is really useful and this is followed up

with a subsequent chapter on the security and protective measures that can be implemented to mitigate the threat

and any associated risk to the information. Again, this is a useful introduction to the concepts of information risk

management and information security.

While there are a couple of case studies, I would have liked this book to include some practical examples or

potential methodologies that bring together and integrate these information disciplines. Chapter 6 which focusses

on frameworks and “how it all fits together” identifies all of the various components that are referenced in the

broad spectrum of “information governance and assurance” and suggests an approach but does not sufficiently

demonstrate its effectiveness. There are many real challenges that will need to be overcome if a truly integrated

approach to the management, governance and assurance of information and data is to be achieved within an

enterprise environment, and it would have been useful to have some tools and techniques that have been proven

elsewhere for consideration by the reader.

The challenge that the author faces is that this is such a broad subject that to try to go into any degree of detail is

not really practical, and this means that much of the content literally introduces a concept rather than go into any

great detail. I do not think that this is a bad thing though; instead, I feel that this book demonstrates the necessary

integration of functions that have previously been seen (and treated) as distinctly different in an organisation. It

highlights that it is no longer practical to produce information policies, to develop and implement security controls

and to operate and support key information management services in isolation of each other. Instead, it is

absolutely necessary to develop a framework approach that highlights the importance of each of these roles and

functions and seeks to establish the way in which they can work together to manage information as an asset in an

enterprise context.

Overall, I think that this is a useful addition to the books that are currently available that attempt to address this

subject area; having worked across the spectrum of information management, records management, information

assurance, information governance, risk and compliance and information security, I was already familiar with

much of the content. Through necessity, I had come by this knowledge the hard way, and I feel that this book is a

really solid introductory resource for those currently working in a specific discipline or those starting their careers.

It introduces integrated concepts and highlights the various information management principles that need to be

considered if we are to truly manage information at an enterprise level and as a key business asset that has long

been a (significant) challenge for many information professionals, irrespective of their specific discipline. DETAILS

Subject: Integrated approach; Books; Information professionals; Information management

Publication title: Records Management Journal; Bradford

Volume: 24

Issue: 3

Pages: 253-255

Number of pages: 3

Publication year: 2014

Publication date: 2014

Publisher: Emerald Group Publishing Limited

Place of publication: Bradford

Country of publication: United Kingdom, Bradford

Publication subject: Business And Economics--Management

LINKS

Database copyright  2021 ProQuest LLC. All rights reserved. Terms and Conditions Contact ProQuest

ISSN: 09565698

e-ISSN: 17587689

Source type: Scholarly Journals

Language of publication: English

Document type: Journal Article

DOI: http://dx.doi.org/10.1108/RMJ-08-2014-0034

ProQuest document ID: 2439157141

Document URL: https://search.proquest.com/scholarly-journals/information-governance-assurance-

reducing-risk/docview/2439157141/se-2?accountid=10378

Copyright: © Emerald Group Publishing Limited 2014

Last updated: 2020-09-02

Database: ABI/INFORM Global

  • Information Governance and Assurance; Reducing Risk, Promoting Policy