Practicing good information ­governance

August 2014 Information Security

In today’s information-driven world, data is at the heart of enabling businesses to operate and innovate effectively. However, the exponential growth of data, combined with increasing regulation, has left many organisations struggling with the complexity of compliance required to manage their information.

To compound the challenge, legislation is constantly evolving. Organisations cannot afford to address each legal requirement separately. Instead, an holistic approach to information governance is needed – one that can adapt to an increasingly regulatory environment yet is seamless and transparent across an operation’s business systems.

It is no wonder many enterprises are looking to get ahead of the compliance curve. But where to begin?

Hitachi Data Systems defines information governance as a comprehensive programme of controls, processes and technologies designed to help organisations maximise the value of their data while minimising associated risks and costs. Any organisation looking to ensure compliance in the face of mounting regulatory requirements firstly needs to assess its Information Governance maturity and put policies in place to ensure its data supports the agreed framework.

Addressing information governance, however, can be a significant undertaking. Organisations need a clear understanding of the types of data they own – from structured to unstructured – and how this information is collected, stored, used and managed – for the long term. This must be done in tandem with a content audit to identify where the information assets are, who uses them, whether they have regulatory significance and how they are currently protected.

Multinational organisations are likely to find this considerably complex given assessment must take place across all jurisdictions in which they operate and take into consideration the varying regulatory requirements across markets. In addition, a thorough review of information governance must investigate roles and responsibilities regarding the creation and management of data within the organisation. Current regulatory compliance across the business must also be assessed to identify weaknesses and strengths.

Stakeholders will then need to consider governance requirements, which data assets need to be classified, how data will be protected, and how costs will be managed.

Having a clear understanding of their requirements at a regulatory, business and corporate asset level will enable organisations to better understand how best practice can be applied, where they could take advantage of established processes and policy definitions to support their requirements, and how they can manage future costs effectively.

Once an enterprise has evaluated its maturity in these areas, the next step is to develop a robust policy framework that addresses all legal and regulatory requirements, industry standards as well as company policy. In essence, this ensures the digital house is in order, to mitigate risk from initial creation of electronically stored information through to its final disposal. This framework is then the basis for all lifecycle workflow within the organisation.

Finally, an organisation should deploy and enforce the policies across all data the company holds, manages and interacts with. This incorporates applying information governance policies to assigned content using automated tools and migrating data from current to new systems.

The volume and complexity of enterprise data is growing exponentially. Compliance with regulatory frameworks is a critical concern for organisations, especially as risks and potential fines are increasing dramatically. The negative impact on reputation, should your business fail, can also be irrevocably damaging. Getting ahead of the compliance and governance curve is therefore critical and if effective information governance practices are implemented, compliance becomes less complex and costly.

For more information, go to www.HDS.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
From QR code to compromise
Information Security News & Events
A new attack vector involves threat actors using fraudulent QR codes emailed in PDF attachments to bypass companies' phishing security measures by requiring users to scan the code with their mobile phones.

Read more...
Organisations fear AI-driven cyberattacks, but lack key defences
Kaspersky Information Security News & Events Training & Education
A recent Kaspersky study reveals that businesses are increasingly worried about the growing use of artificial intelligence in cyberattacks, with 56% of surveyed companies in South Africa reporting a rise in cyber incidents over the past year.

Read more...
Vodacom Business unveils new cybersecurity report
Information Security IoT & Automation
Cybersecurity as an Imperative for Growth offers insights into the state of cybersecurity in South Africa, the importance of security frameworks in digital resilience and the latest attack methods adopted by cyberattackers.

Read more...
Smart surveillance and cyber resilience
Axis Communications SA Surveillance Information Security Government and Parastatal (Industry) Facilities & Building Management
South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Read more...
NIS2 compliance amplifies skills shortages and resource strain
Information Security Security Services & Risk Management
A new Censuswide survey, commissioned by Veeam Software reveals the significant impact on businesses as they adapt to this key cybersecurity directive, with 95% of EMEA businesses siphoning other budgets to try and meet compliance deadline.

Read more...
Cybersecurity needs 4,7 million professionals
Information Security
Despite all the efforts organisations worldwide put into preventing cyberattacks, global cybercrime has snowballed to $9,2 trillion in 2024 and is expected to grow by another 70% to $15,6 trillion by the end of a decade.

Read more...
Autonomous healing systems are the future
Infrastructure Information Security AI & Data Analytics
Autonomous healing software, an emerging technology, is gaining traction for its potential to transform how organisations manage software maintenance, security, and system performance.

Read more...
Understanding South Africa’s Cybercrimes Act
Information Security Security Services & Risk Management
The Cybercrimes Act No.19 of 2020 is a comprehensive legislative response to the evolving landscape of cyberthreats in South Africa. Its effectiveness, however, relies on enforcement, which relies on implementation, international cooperation, and collaboration between the public and private sectors.

Read more...
Dahua achieves international cybersecurity standards
Dahua Technology South Africa Information Security Surveillance
Dahua Technology has received the Common Criteria (ISO/IEC 15048) EAL 3+ certificate, along with ISO/IEC 27001 for Information Security Management Systems, ISO/IEC 27701 for Privacy Information Management Systems, and CSA STAR certifications.

Read more...