You are previewing Information Governance: Concepts, Strategies, and Best Practices.
O'Reilly logo
Information Governance: Concepts, Strategies, and Best Practices

Book Description

Proven and emerging strategies for addressing document and records management risk within the framework of information governance principles and best practices

Information Governance (IG) is a rapidly emerging "super discipline" and is now being applied to electronic document and records management, email, social media, cloud computing, mobile computing, and, in fact, the management and output of information organization-wide. IG leverages information technologies to enforce policies, procedures and controls to manage information risk in compliance with legal and litigation demands, external regulatory requirements, and internal governance objectives. Information Governance: Concepts, Strategies, and Best Practices reveals how, and why, to utilize IG and leverage information technologies to control, monitor, and enforce information access and security policies.

  • Written by one of the most recognized and published experts on information governance, including specialization in e-document security and electronic records management

  • Provides big picture guidance on the imperative for information governance and best practice guidance on electronic document and records management

  • Crucial advice and insights for compliance and risk managers, operations managers, corporate counsel, corporate records managers, legal administrators, information technology managers, archivists, knowledge managers, and information governance professionals

IG sets the policies that control and manage the use of organizational information, including social media, mobile computing, cloud computing, email, instant messaging, and the use of e-documents and records. This extends to e-discovery planning and preparation. Information Governance: Concepts, Strategies, and Best Practices provides step-by-step guidance for developing information governance strategies and practices to manage risk in the use of electronic business documents and records.

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright
  4. Dedication
  8. PART ONE: Information Governance Concepts, Definitions, and Principles
    1. CHAPTER 1: The Onslaught of Big Data and the Information Governance Imperative
      1. Defining Information Governance
      2. IG Is Not a Project, But an Ongoing Program
      3. Why IG Is Good Business
      4. Failures in Information Governance
      5. Form IG Policies, Then Apply Technology for Enforcement
      6. Notes
    2. CHAPTER 2: Information Governance, IT Governance, Data Governance: What's the Difference?
      1. Data Governance
      2. IT Governance
      3. Information Governance
      4. Impact of a Successful IG Program
      5. Summing Up the Differences
      6. Notes
    3. CHAPTER 3: Information Governance Principles *
      1. Accountability Is Key
      2. Generally Accepted Recordkeeping Principles®
      3. Assessment and Improvement Roadmap
      4. Who Should Determine IG Policies?
      5. Notes
  9. PART TWO: Information Governance Risk Assessment and Strategic Planning
    1. CHAPTER 4: Information Risk Planning and Management
      1. Step 1: Survey and Determine Legal and Regulatory Applicability and Requirements
      2. Step 2: Specify IG Requirements to Achieve Compliance
      3. Step 3: Create a Risk Profile
      4. Step 4: Perform Risk Analysis and Assessment
      5. Step 5: Develop an Information Risk Mitigation Plan
      6. Step 6: Develop Metrics and Measure Results
      7. Step 7: Execute Your Risk Mitigation Plan
      8. Step 8: Audit the Information Risk Mitigation Program
      9. Notes
    2. CHAPTER 5: Strategic Planning and Best Practices for Information Governance
      1. Crucial Executive Sponsor Role
      2. Evolving Role of the Executive Sponsor
      3. Building Your IG Team
      4. Assigning IG Team Roles and Responsibilities
      5. Align Your IG Plan with Organizational Strategic Plans
      6. Survey and Evaluate External Factors
      7. Formulating the IG Strategic Plan
      8. Notes
    3. CHAPTER 6: Information Governance Policy Development
      1. A Brief Review of Generally Accepted Recordkeeping Principles®
      2. IG Reference Model
      3. Best Practices Considerations
      4. Standards Considerations
      5. Benefits and Risks of Standards
      6. Key Standards Relevant to IG Efforts
      7. Major National and Regional ERM Standards
      8. Making Your Best Practices and Standards Selections to Inform Your IG Framework
      9. Roles and Responsibilities
      10. Program Communications and Training
      11. Program Controls, Monitoring, Auditing, and Enforcement
      12. Notes
  10. PART THREE: Information Governance Key Impact Areas Based on the IG Reference Model
    1. CHAPTER 7: Business Considerations for a Successful IG Program
      1. Changing Information Environment
      2. Calculating Information Costs
      3. Big Data Opportunities and Challenges
      4. Full Cost Accounting for Information
      5. Calculating the Cost of Owning Unstructured Information
      6. The Path to Information Value
      7. Challenging the Culture
      8. New Information Models
      9. Future State: What Will the IG-Enabled Organization Look Like?
      10. Moving Forward
      11. Notes
    2. CHAPTER 8: Information Governance and Legal Functions
      1. Introduction to e-Discovery: The Revised 2006 Federal Rules of Civil Procedure Changed Everything
      2. Big Data Impact
      3. More Details on the Revised FRCP Rules
      4. Landmark E-Discovery Case: Zubulake v. UBS Warburg
      5. E-Discovery Techniques
      6. E-Discovery Reference Model
      7. The Intersection of IG and E-Discovery
      8. Building on Legal Hold Programs to Launch Defensible Disposition
      9. Destructive Retention of E-mail
      10. Newer Technologies That Can Assist in E-Discovery
      11. Defensible Disposal: The Only Real Way To Manage Terabytes and Petabytes
      12. Retention Policies and Schedules
      13. Notes
    3. CHAPTER 9: Information Governance and Records and Information Management Functions
      1. Records Management Business Rationale
      2. Why Is Records Management So Challenging?
      3. Benefits of Electronic Records Management
      4. Additional Intangible Benefits
      5. Inventorying E-Records
      6. Generally Accepted Recordkeeping Principles ®
      7. E-Records Inventory Challenges
      8. Records Inventory Purposes
      9. Records Inventorying Steps
      10. Ensuring Adoption and Compliance of RM Policy
      11. General Principles of a Retention Scheduling
      12. Developing a Records Retention Schedule
      13. Why Are Retention Schedules Needed?
      14. What Records Do You Have to Schedule? Inventory and Classification
      15. Rationale for Records Groupings
      16. Records Series Identification and Classification
      17. Retention of E-Mail Records
      18. How Long Should You Keep Old E-Mails?
      19. Destructive Retention of E-Mail
      20. Legal Requirements and Compliance Research
      21. Event-Based Retention Scheduling for Disposition of E-Records
      22. Prerequisites for Event-Based Disposition
      23. Final Disposition and Closure Criteria
      24. Retaining Transitory Records
      25. Implementation of the Retention Schedule and Disposal of Records
      26. Ongoing Maintenance of the Retention Schedule
      27. Audit to Manage Compliance with the Retention Schedule
      28. Notes
    4. CHAPTER 10: Information Governance and Information Technology Functions
      1. Data Governance
      2. Steps to Governing Data Effectively
      3. Data Governance Framework
      4. Information Management
      5. IT Governance
      6. IG Best Practices for Database Security and Compliance
      7. Tying It All Together
      8. Notes
    5. CHAPTER 11: Information Governance and Privacy and Security Functions
      1. Cyberattacks Proliferate
      2. Insider Threat: Malicious or Not
      3. Privacy Laws
      4. Defense in Depth
      5. Controlling Access Using Identity Access Management
      6. Enforcing IG: Protect Files with Rules and Permissions
      7. Challenge of Securing Confidential E-Documents
      8. Apply Better Technology for Better Enforcement in the Extended Enterprise
      9. E-Mail Encryption
      10. Secure Communications Using Record-Free E-Mail
      11. Digital Signatures
      12. Document Encryption
      13. Data Loss Prevention (DLP) Technology
      14. Missing Piece: Information Rights Management (IRM)
      15. Embedded Protection
      16. Hybrid Approach: Combining DLP and IRM Technologies
      17. Securing Trade Secrets after Layoffs and Terminations
      18. Persistently Protecting Blueprints and CAD Documents
      19. Securing Internal Price Lists
      20. Approaches for Securing Data Once It Leaves the Organization
      21. Document Labeling
      22. Document Analytics
      23. Confidential Stream Messaging
      24. Notes
  11. PART FOUR: Information Governance for Delivery Platforms
    1. CHAPTER 12: Information Governance for E-Mail and Instant Messaging *
      1. Employees Regularly Expose Organizations to E-Mail Risk
      2. E-Mail Polices Should Be Realistic and Technology Agnostic
      3. E-Record Retention: Fundamentally a Legal Issue
      4. Preserve E-Mail Integrity and Admissibility with Automatic Archiving
      5. Instant Messaging
      6. Best Practices for Business IM Use
      7. Technology to Monitor IM
      8. Tips for Safer IM
      9. Notes
    2. CHAPTER 13: Information Governance for Social Media *
      1. Types of Social Media in Web 2.0
      2. Additional Social Media Categories
      3. Social Media in the Enterprise
      4. Key Ways Social Media Is Different from E-Mail and Instant Messaging
      5. Biggest Risks of Social Media
      6. Legal Risks of Social Media Posts
      7. Tools to Archive Social Media
      8. IG Considerations for Social Media
      9. Key Social Media Policy Guidelines
      10. Records Management and Litigation Considerations for Social Media
      11. Emerging Best Practices for Managing Social Media Records
      12. Notes
    3. CHAPTER 14: Information Governance for Mobile Devices *
      1. Current Trends in Mobile Computing
      2. Security Risks of Mobile Computing
      3. Securing Mobile Data
      4. Mobile Device Management
      5. IG for Mobile Computing
      6. Building Security into Mobile Applications
      7. Best Practices to Secure Mobile Applications
      8. Developing Mobile Device Policies
      9. Notes
    4. CHAPTER 15: Information Governance for Cloud Computing *
      1. Defining Cloud Computing
      2. Key Characteristics of Cloud Computing
      3. What Cloud Computing Really Means
      4. Cloud Deployment Models
      5. Security Threats with Cloud Computing
      6. Benefits of the Cloud
      7. Managing Documents and Records in the Cloud
      8. IG Guidelines for Cloud Computing Solutions
      9. Notes
    5. CHAPTER 16: SharePoint ® Information Governance *
      1. Process Change, People Change
      2. Where to Begin the Planning Process
      3. Policy Considerations
      4. Roles and Responsibilities
      5. Establish Processes
      6. Training Plan
      7. Communication Plan
      8. Note
  12. PART FIVE: Long-Term Program Issues
    1. CHAPTER 17: Long-Term Digital Preservation *
      1. Defining Long-Term Digital Preservation
      2. Key Factors in Long-Term Digital Preservation
      3. Threats to Preserving Records
      4. Digital Preservation Standards
      5. PREMIS Preservation Metadata Standard
      6. Recommended Open Standard Technology-Neutral Formats
      7. Digital Preservation Requirements
      8. Long-Term Digital Preservation Capability Maturity Model ®
      9. Scope of the Capability Maturity Model
      10. Digital Preservation Capability Performance Metrics
      11. Digital Preservation Strategies and Techniques
      12. Evolving Marketplace
      13. Looking Forward
      14. Notes
    2. CHAPTER 18: Maintaining an Information Governance Program and Culture of Compliance *
      1. Monitoring and Accountability
      2. Staffing Continuity Plan
      3. Continuous Process Improvement
      4. Why Continuous Improvement Is Needed
      5. Notes
  13. APPENDIX A: Information Organization and Classification: Taxonomies and Metadata *
    1. Importance of Navigation and Classification
    2. When Is a New Taxonomy Needed?
    3. Taxonomies Improve Search Results
    4. Metadata and Taxonomy
    5. Metadata Governance, Standards, and Strategies
    6. Types of Metadata
    7. Core Metadata Issues
    8. International Metadata Standards and Guidance
    9. Records Grouping Rationale
    10. Business Classification Scheme, File Plans, and Taxonomy
    11. Classification and Taxonomy
    12. Prebuilt versus Custom Taxonomies
    13. Thesaurus Use in Taxonomies
    14. Taxonomy Types
    15. Business Process Analysis
    16. Taxonomy Testing: A Necessary Step
    17. Taxonomy Maintenance
    18. Social Tagging and Folksonomies
    19. Notes
  14. APPENDIX B: Laws and Major Regulations Related to Records Management
    1. United States
    2. Canada
    3. United Kingdom
    4. Australia
    5. Notes
  15. APPENDIX C: Laws and Major Regulations Related to Privacy
    1. United States
    2. Major Privacy Laws Worldwide, by Country
    3. Notes
    1. Notes
  19. INDEX