Need Help Writing an Essay?
Tell us about your assignment and we will find the best writer for your paper.
Write My Essay For MeGOVERNANCE
Founded in 1807, John Wiley & Sons is the oldest independent publishing company in
the United States. With offices in North America, Europe, Asia, and Australia, Wiley
is globally committed to developing and marketing print and electronic products and
services for our customers’ professional and personal knowledge and understanding.
The Wiley CIO series provides information, tools, and insights to IT executives
and managers. The products in this series cover a wide range of topics that supply
strategic and implementation guidance on the latest technology trends, leadership, and
emerging best practices.
Titles in the Wiley CIO series include:
The Agile Architecture Revolution: How Cloud Computing, REST-Based SOA, and
Mobile Computing Are Changing Enterprise IT
T by Jason Bloomberg
Big Data, Big Analytics: Emerging Business Intelligence and Analytic Trends for Today’s
Businesses by Michael Minelli, Michele Chambers, and Ambiga Dhiraj
The Chief Information Officer’s Body of Knowledge: People, Process, and Technology by
Dean Lane
CIO Best Practices: Enabling Strategic Value with Information Technology (Second
Edition) by Joe Stenzel, Randy Betancourt, Gary Cokins, Alyssa Farrell, Bill
Flemming, Michael H. Hugos, Jonathan Hujsak, and Karl Schubert
The CIO Playbook: Strategies and Best Practices for IT Leaders to Deliver Value by
Nicholas R. Colisto
Enterprise Performance Management Done Right: An Operating System for Your
Organization by Ron Dimon
Executive’s Guide to Virtual Worlds: How Avatars Are Transforming Your Business and
Your Brandd by Lonnie Benson
IT Leadership Manual: Roadmap to Becoming a Trusted Business Partnerr by Alan R.
Guibord
Managing Electronic Records: Methods, Best Practices, and Technologiess by Robert F.
Smallwood
On Top of the Cloud: How CIOs Leverage New Technologies to Drive Change and Build
Value Across the Enterprise by Hunter Muller
Straight to the Top: CIO Leadership in a Mobile, Social, and Cloud-based World (Second
Edition) by Gregory S. Smith
Strategic IT: Best Practices for Managers and Executivess by Arthur M. Langer and
Lyle Yorks
Transforming IT Culture: How to Use Social Intelligence, Human Factors, and
Collaboration to Create an IT Department That Outperformss by Frank Wander
Unleashing the Power of IT: Bringing People, Business, and Technology Together by Dan
Roberts
The U.S. Technology Skills Gap: What Every Technology Executive Must Know to Save
America’s Future by Gary J. Beach
Information Governance: Concepts, Strategies and Best Practicess by Robert F. Smallwood
INFORMATION
GOVERNANCE
CONCEPTS, STRATEGIES AND
BEST PRACTICES
Robert F. Smallwood
Cover image: © iStockphoto / IgorZh
Cover design: Wiley
Copyright © 2014 by Robert F. Smallwood. All rights reserved.
Chapter 7 © 2014 by Barclay Blair
Portions of Chapter 8 © 2014 by Randolph Kahn
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as
permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior
written permission of the Publisher, or authorization through payment of the appropriate per-copy fee
to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax
(978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should
be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ
07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best
efforts in preparing this book, they make no representations or warranties with respect to the accuracy
or completeness of the contents of this book and specifically disclaim any implied warranties of
merchantability or fitness for a particular purpose. No warranty may be created or extended by sales
representatives or written sales materials. The advice and strategies contained herein may not be suitable
for your situation. You should consult with a professional where appropriate. Neither the publisher nor
author shall be liable for any loss of profit or any other commercial damages, including but not limited to
special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our
Customer Care Department within the United States at (800) 762-2974, outside the United States at (317)
572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included
with standard print versions of this book may not be included in e-books or in print-on-demand. If this book
refers to media such as a CD or DVD that is not included in the version you purchased, you may download this
material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Cataloging-in-Publication Data:
Smallwood, Robert F., 1959Information governance : concepts, strategies, and best practices / Robert F. Smallwood.
pages cm. — (Wiley CIO series)
ISBN 978-1-118-21830-3 (cloth); ISBN 978-1-118-41949-6 (ebk); ISBN 978-1-118-42101-7 (ebk)
1. Information technology—Management. 2. Management information systems. 3. Electronic
records—Management. I. Title.
HD30.2.S617 2014
658.4’038—dc23
2013045072
Printed in the United States of America
10 9 8 7 6 5 4 3 2 1
For my sons
and the next generation of tech-savvy managers
CONTENTS
PREFACE
xv
ACKNOWLEDGMENTS xvii
PART ONE— Information Governance Concepts,
Definitions, and Principles
p
1
CH APT ER 1 The Onslaught of Big Data and the Information Governance
Imperative 3
Defining Information Governance 5
IG Is Not a Project, But an Ongoing Program 7
Why IG Is Good Business
7
Failures in Information Governance 8
Form IG Policies, Then Apply Technology for Enforcement
Notes
10
12
2 Information Governance, IT Governance, Data
Governance: What’s the Difference? 15
CH APT ER
Data Governance 15
IT Governance 17
Information Governance 20
Impact of a Successful IG Program
Summing Up the Differences
20
21
Notes 22
CH APT ER
3 Information Governance Principles 25
Accountability Is Key
27
Generally Accepted Recordkeeping Principles®
Contributed by Charmaine Brooks, CRM
Assessment and Improvement Roadmap
27
34
Who Should Determine IG Policies? 35
Notes 38
PART TWO— Information Governance Risk Assessment
and Strategic
g Planning
g
CH APT ER
41
4 Information Risk Planning and Management 43
Step 1: Survey and Determine Legal and Regulatory Applicability
and Requirements 43
vii
viii CONTENTS
Step 2: Specify IG Requirements to Achieve Compliance 46
Step 3: Create a Risk Profile
46
Step 4: Perform Risk Analysis and Assessment
48
Step 5: Develop an Information Risk Mitigation Plan 49
Step 6: Develop Metrics and Measure Results 50
Step 7: Execute Your Risk Mitigation Plan
50
Step 8: Audit the Information Risk Mitigation Program 51
Notes
51
5 Strategic Planning and Best Practices for
Information Governance 53
CH APT ER
Crucial Executive Sponsor Role
54
Evolving Role of the Executive Sponsor 55
Building Your IG Team
56
Assigning IG Team Roles and Responsibilities
56
Align Your IG Plan with Organizational Strategic Plans 57
Survey and Evaluate External Factors 58
Formulating the IG Strategic Plan 65
Notes 69
CH APT ER
6 Information Governance Policy Development 71
A Brief Review of Generally Accepted Recordkeeping Principles® 71
IG Reference Model 72
Best Practices Considerations 75
Standards Considerations
76
Benefits and Risks of Standards 76
Key Standards Relevant to IG Efforts 77
Major National and Regional ERM Standards 81
Making Your Best Practices and Standards Selections to Inform
Your IG Framework 87
Roles and Responsibilities
88
Program Communications and Training
89
Program Controls, Monitoring, Auditing and Enforcement
Notes
PART THREE— Information Governance Key
Impact
p Areas Based on the IG Reference Model
CH APT ER
89
91
95
7 Business Considerations for a Successful IG Program 97
By Barclay T. Blair
Changing Information Environment
97
CONTENTS ix
Calculating Information Costs 99
Big Data Opportunities and Challenges 100
Full Cost Accounting for Information 101
Calculating the Cost of Owning Unstructured Information 102
The Path to Information Value
Challenging the Culture
New Information Models
105
107
107
Future State: What Will the IG-Enabled Organization Look Like? 110
Moving Forward
Notes
CH APT ER
111
113
8 Information Governance and Legal Functions 115
By Robert Smallwood with Randy Kahn, Esq., and Barry Murphy
Introduction to e-Discovery: The Revised 2006 Federal Rules of
Civil Procedure Changed Everything 115
Big Data Impact
117
More Details on the Revised FRCP Rules 117
Landmark E-Discovery Case: Zubulake v. UBS Warburg 119
E-Discovery Techniques
119
E-Discovery Reference Model 119
The Intersection of IG and E-Discovery
By Barry Murphy
122
Building on Legal Hold Programs to Launch Defensible Disposition 125
By Barry Murphy
Destructive Retention of E-Mail 126
Newer Technologies That Can Assist in E-Discovery
126
Defensible Disposal: The Only Real Way To Manage Terabytes and Petabytes
By Randy Kahn, Esq.
Retention Policies and Schedules 137
By Robert Smallwood, edited by Paula Lederman, MLS
Notes 144
9 Information Governance and Records and
Information Management Functions 147
CH APT ER
Records Management Business Rationale 149
Why Is Records Management So Challenging? 150
Benefits of Electronic Records Management
Additional Intangible Benefits
152
153
Inventorying E-Records 154
Generally Accepted Recordkeeping Principles®
E-Records Inventory Challenges 155
155
130
x CONTENTS
Records Inventory Purposes 156
Records Inventorying Steps
157
Ensuring Adoption and Compliance of RM Policy 168
General Principles of a Retention Scheduling 169
Developing a Records Retention Schedule 170
Why Are Retention Schedules Needed? 171
What Records Do You Have to Schedule? Inventory and Classification
173
Rationale for Records Groupings 174
Records Series Identification and Classification
Retention of E-Mail Records
174
175
How Long Should You Keep Old E-Mails?
Destructive Retention of E-Mail
176
177
Legal Requirements and Compliance Research
178
Event-Based Retention Scheduling for Disposition of E-Records 179
Prerequisites for Event-Based Disposition 180
Final Disposition and Closure Criteria 181
Retaining Transitory Records 182
Implementation of the Retention Schedule and Disposal of Records 182
Ongoing Maintenance of the Retention Schedule 183
Audit to Manage Compliance with the Retention Schedule 183
Notes
186
10 Information Governance and Information
Technology Functions 189
CH APT ER
Data Governance 191
Steps to Governing Data Effectively 192
Data Governance Framework 193
Information Management
194
IT Governance 196
IG Best Practices for Database Security and Compliance 202
Tying It All Together
Notes
204
205
11 Information Governance and Privacy and
Security Functions 207
CH APT ER
Cyberattacks Proliferate 207
Insider Threat: Malicious or Not
Privacy Laws
208
210
Defense in Depth 212
Controlling Access Using Identity Access Management 212
Enforcing IG: Protect Files with Rules and Permissions 213
CONTENTS xi
Challenge of Securing Confidential E-Documents
213
Apply Better Technology for Better Enforcement in the Extended Enterprise 215
E-Mail Encryption
217
Secure Communications Using Record-Free E-Mail 217
Digital Signatures
218
Document Encryption
219
Data Loss Prevention (DLP) Technology
220
Missing Piece: Information Rights Management (IRM) 222
Embedded Protection 226
Hybrid Approach: Combining DLP and IRM Technologies
Securing Trade Secrets after Layoffs and Terminations
227
228
Persistently Protecting Blueprints and CAD Documents 228
Securing Internal Price Lists
229
Approaches for Securing Data Once It Leaves the Organization 230
Document Labeling
231
Document Analytics 232
Confidential Stream Messaging
233
Notes 236
PART FOUR— Information Governance for
Deliveryy Platforms
CH APT ER
239
12 Information Governance for E-Mail and Instant Messaging 241
Employees Regularly Expose Organizations to E-Mail Risk 242
E-Mail Polices Should Be Realistic and Technology Agnostic
243
E-Record Retention: Fundamentally a Legal Issue 243
Preserve E-Mail Integrity and Admissibility with Automatic Archiving
244
Instant Messaging 247
Best Practices for Business IM Use 247
Technology to Monitor IM
Tips for Safer IM
Notes
CH APT ER
249
249
251
13 Information Governance for Social Media 253
By Patricia Franks, Ph.D, CRM, and Robert Smallwood
Types of Social Media in Web 2.0
253
Additional Social Media Categories 255
Social Media in the Enterprise 256
Key Ways Social Media Is Different from E-Mail and Instant Messaging 257
Biggest Risks of Social Media 257
Legal Risks of Social Media Posts 259
xii CONTENTS
Tools to Archive Social Media
261
IG Considerations for Social Media 262
Key Social Media Policy Guidelines 263
Records Management and Litigation Considerations for Social Media 264
Emerging Best Practices for Managing Social Media Records 267
Notes
CH APT ER
269
14 Information Governance for Mobile Devices 271
Current Trends in Mobile Computing
273
Security Risks of Mobile Computing 274
Securing Mobile Data
274
Mobile Device Management
IG for Mobile Computing
275
276
Building Security into Mobile Applications 277
Best Practices to Secure Mobile Applications 280
Developing Mobile Device Policies 281
Notes 283
CH APT ER
15 Information Governance for Cloud Computing 285
By Monica Crocker CRM, PMP, CIP, and Robert Smallwood
Defining Cloud Computing
286
Key Characteristics of Cloud Computing 287
What Cloud Computing Really Means
Cloud Deployment Models
288
289
Security Threats with Cloud Computing 290
Benefits of the Cloud 298
Managing Documents and Records in the Cloud 299
IG Guidelines for Cloud Computing Solutions 300
Notes
CH APT ER
301
16 SharePoint Information Governance 303
By Monica Crocker, CRM, PMP, CIP, edited by Robert Smallwood
Process Change, People Change 304
Where to Begin the Planning Process 306
Policy Considerations
310
Roles and Responsibilities 311
Establish Processes 312
Training Plan
313
Communication Plan 313
Note
314
CONTENTS xiii
PART FIVE— Long-Term
g
Program
g
Issues
CH APT ER
315
17 Long-Term Digital Preservation 317
By Charles M. Dollar and Lori J. Ashley
Defining Long-Term Digital Preservation
317
Key Factors in Long-Term Digital Preservation
Threats to Preserving Records
320
Digital Preservation Standards
321
318
PREMIS Preservation Metadata Standard 328
Recommended Open Standard Technology-Neutral Formats
329
Digital Preservation Requirements 333
Long-Term Digital Preservation Capability Maturity Model® 334
Scope of the Capability Maturity Model 336
Digital Preservation Capability Performance Metrics
341
Digital Preservation Strategies and Techniques 341
Evolving Marketplace
Looking Forward
Notes
344
344
346
18 Maintaining an Information Governance Program
and Culture of Compliance 349
CH APT ER
Monitoring and Accountability 349
Staffing Continuity Plan
350
Continuous Process Improvement
351
Why Continuous Improvement Is Needed 351
Notes 353
A Information Organization and Classification:
Taxonomies and Metadata 355
APPEN DI X
By Barb Blackburn, CRM, with Robert Smallwood; edited by Seth Earley
Importance of Navigation and Classification
357
When Is a New Taxonomy Needed? 358
Taxonomies Improve Search Results 358
Metadata and Taxonomy
359
Metadata Governance, Standards, and Strategies 360
Types of Metadata
362
Core Metadata Issues 363
International Metadata Standards and Guidance 364
Records Grouping Rationale 368
Business Classification Scheme, File Plans, and Taxonomy
Classification and Taxonomy
369
368
xiv CONTENTS
Prebuilt versus Custom Taxonomies 370
Thesaurus Use in Taxonomies 371
Taxonomy Types
371
Business Process Analysis
377
Taxonomy Testing: A Necessary Step
Taxonomy Maintenance
379
380
Social Tagging and Folksonomies 381
Notes
383
B Laws and Major Regulations Related to
Records Management 385
APPEN DI X
United States 385
Canada 387
By Ken Chasse, J.D., LL.M.
United Kingdom
389
Australia 391
Notes 394
C Laws and Major Regulations
Related to Privacy 397
APPEN DI X
United States 397
Major Privacy Laws Worldwide, by Country
Notes
GLOSSARY
400
401
ABOUT THE AUTHOR 417
ABOUT THE MAJOR CONTRIBUTORS 419
INDEX
421
398
PREFACE
I
nformation governance (IG) has emerged as a key concern for business executives
and managers in today’s environment of Big Data, increasing information risks, colossal leaks, and greater compliance and legal demands. But few seem to have a clear
understanding of what IG is; that is, how you define what it is and is not, and how to
implement it. This book clarifies and codifies these definitions and provides key insights as to how to implement and gain value from IG programs. Based on exhaustive
research, and with the contributions of a number of industry pioneers and experts, this
book lays out IG as a complete discipline in and of itself for the first time.
IG is a super-discipline that includes components of several key fields: law, records
management, information technology (IT), risk management, privacy and security,
and business operations. This unique blend calls for a new breed of information professional who is competent across these established and quite complex fields. Training
and education are key to IG success, and this book provides the essential underpinning
for organizations to train a new generation of IG professionals.
Those who are practicing professionals in the component fields of IG will find
the book useful in expanding their knowledge from traditional fields to the emerging
tenets of IG. Attorneys, records and compliance managers, risk managers, IT managers, and security and privacy professionals will find this book a particularly valuable
resource.
The book strives to offer clear IG concepts, actionable strategies, and proven best
practices in an understandable and digestible way; a concerted effort was made to
simplify language and to offer examples. There are summaries of key points throughout and at the end of each chapter to help the reader retain major points. The text
is organized into five parts: (1) Information Governance Concepts, Definitions, and
Principles; (2) IG Risk Assessment and Strategic Planning; (3) IG Key Impact Areas;
(4) IG for Delivery Platforms; and (5) Long-Term Program Issues. Also included are
appendices with detailed information on taxonomy and metadata design and on records management and privacy legislation.
One thing that is sure is that the complex field of IG is evolving. It will continue
to change and solidify. But help is here: No other book offers the kind of comprehensive coverage of IG contained within these pages. Leveraging the critical advice
provided here will smooth your path to understanding and implementing successful
IG programs.
Robert F. Smallwood
xv
ACKNOWLEDGMENTS
I
would like to sincerely thank my colleagues for their support and generous contribution of their expertise and time, which made this pioneering text possible.
Many thanks to Lori Ashley, Barb Blackburn, Barclay Blair, Charmaine Brooks,
Ken Chasse, Monica Crocker, Charles M. Dollar, Seth Earley, Dr. Patricia Franks,
Randy Kahn, Paula Lederman, and Barry Murphy.
I am truly honored to include their work and owe them a great debt of gratitude.
xvii
PART ONE
Information
Govern …
Purchase answer to see full
attachment
/*<![CDATA[*/
(function() {
var _fbq = window._fbq || (window._fbq = []);
if (!_fbq.loaded) {
var fbds = document.createElement('script');
fbds.async = true;
fbds.src="https://connect.facebook.net/en_US/fbds.js";
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(fbds, s);
_fbq.loaded = true;
}
_fbq.push(['addPixelId', '1515237832084918']);
})();
window._fbq = window._fbq || [];
window._fbq.push(['track', 'PixelInitialized', {}]);
!function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","group","track","ready","alias","page","once","off","on"];analytics.factory=function(t){return function(){var e=Array.prototype.slice.call(arguments);e.unshift(t);analytics.push(e);return analytics}};for(var t=0;t<analytics.methods.length;t++){var e=analytics.methods[t];analytics[e]=analytics.factory(e)}analytics.load=function(t){var e=document.createElement("script");e.type="text/javascript";e.async=!0;e.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.com/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(e,n)};analytics.SNIPPET_VERSION="3.0.1";
analytics.load("b1UEQTnh5l3Fp1AHmMAM3zbc6xb6uVYp");
}}();
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-47685492-1', 'auto');
ga('send', 'pageview');
var yiiHost = "https://www.studypool.com";var socketIOServer = "https://lpdiscussionserver.com:8888";
var userID = "0";
LiveUpdate.setup("https://lpdiscussionserver.com:8888","/liveUpdates",{"enable":false});
/*]]>*/
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’//connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1515237832084918’);
fbq(‘track’, “PageView”);(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = “https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.7&appId=383536828330728”;
fjs.parentNode.insertBefore(js, fjs);
}(document, ‘script’, ‘facebook-jssdk’));(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = “https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.0”;
fjs.parentNode.insertBefore(js, fjs);
}(document, ‘script’, ‘facebook-jssdk’));
Custom academic and business writing services. You made my dreams come true! I got better results than any other student for a very complex capstone project! Your company is very helpful. Thanks! Would you like to make your academic life easier? We offers you a perfect chance to buy essays online and let our writers take care of your academic achievements! Each paper is composed from scratch, according to your instructions