A great deal of the business value of Information Governance is derived from getting the right information, to the right people, at the right time. Just as important, however, is stopping the wrong information, going to the wrong people, at the wrong time.
High profile examples of the loss of personal data by government, healthcare and commercial organisations abound and demonstrate the reputational and financial damage that can occur.
Any Information Governance programme should ensure that the Information Security element includes:
Only authorised users can access the information
Information is accurate, complete, and as few versions of information exist as possible
Information is accessible to the right people when they need it
Information is credible and authoritative
Information can be trusted and is a full and accurate presentation of the business activity or transaction
Information Governance and Information Security
It should be clear that the Information Security element of Information Governance is essentially about finding the correct balance between accessibility and confidentiality. It has to set out how, where and when information can be deployed while keeping it fully protected, securely stored and defensibly deleted.
Information Governance should ensure the following for Information Security:
- Develop a robust framework for handling information in a confidential and secure manner
- Ensure that information security and privacy policies meet all relevant Data Protection and Freedom of Information legislation
- Ensure information is processed legally, securely, efficiently and consistently to the highest standards
- Ensure security policies cover not only information and associated applications, but also the physical devices users employ to access information
- Ensure all employees fully understand, and have been trained on the organisation’s information security policies and procedures
- Ensure that information security extends beyond the organisation to encompass the organisation’s partners, suppliers and contractors