Book contents
- Frontmatter
- Contents
- Acknowledgements
- Acronyms and abbreviations
- Glossary of terms
- 1 Introduction
- 2 The laws and regulations
- 3 Data quality management
- 4 Dealing with threats
- 5 Security, risk management and business continuity
- 6 Frameworks, policies, ethics and how it all fits together
- Discussion points and exercises
- Index
6 - Frameworks, policies, ethics and how it all fits together
Published online by Cambridge University Press: 08 June 2018
- Frontmatter
- Contents
- Acknowledgements
- Acronyms and abbreviations
- Glossary of terms
- 1 Introduction
- 2 The laws and regulations
- 3 Data quality management
- 4 Dealing with threats
- 5 Security, risk management and business continuity
- 6 Frameworks, policies, ethics and how it all fits together
- Discussion points and exercises
- Index
Summary
Introduction
So far, we have looked at a variety of functions which information governance performs within the organization. First, there was the area which people normally associate with information governance, if indeed they make any association at all – the part that it plays in complying with legislation. We saw that this is indeed essential, but also that the drive to comply is not, or should not be, the principal, let alone the only, reason for adopting sound information governance and assurance practices.
We considered, in Chapter 2, the Data Protection, Freedom of Information, and Public Records (Scotland) Acts, and the Environmental Information Regulations, all of which are applicable in the UK, and noted that the same, or very similar, legislation is in place or pending in many other jurisdictions. We also noted that the movement of information between jurisdictions is another area for concern. We looked at the importance of adhering to standards in records management, and we have seen that the international standard ISO 15489 has been developed for this purpose.
In Chapter 3, we looked at data quality issues and how they may be managed, and we also considered steps which can be taken to maintain and enhance data quality. Next, in Chapter 4, we examined the threats which could impact on the data we manage and the services we provide, and in Chapter 5 we have set these threats in a greater context of security, as some of the risks which we must manage. The relevant international standard series here is ISO 27000 (information technology – security techniques). We discussed risk management (ISO 31000) as a means of evaluating the different types of risks faced by an organization and the informed decision to transfer, avoid or minimize the effects of risk. Lastly, business continuity planning (ISO 22301) was discussed as a safeguard against the worst consequences of security breaches and equipment failures, amongst other disruptive events which might impact on the information service, as part of the larger organization.
We have a range of elements there, and we have seen their individual importance to the operation of good information governance: so what remains is to contextualize them and fit them together into a picture of what contribution information governance and assurance can make to the total organizational structure.
- Type
- Chapter
- Information
- Information Governance and AssuranceReducing risk, promoting policy, pp. 157 - 182Publisher: FacetPrint publication year: 2014