Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
Information Management
Information management is an increasingly important discipline within Information Security. Organisations are rightly taking information management far more seriously now, recognising the potential cost savings, staff efficiencies and green benefits.
At vSEC we understand the importance of managing information. Without proper management it is easy to lose control of information and not understand what is current and what isn’t, who has access to which information and where it is stored.
Information is a strategic asset that must be managed to ensure business goals are supported. A good starting point is to agree principles on managing information. Sometimes it is hard to understand where to start, at vSEC we believe the following principles provide a good starting point.
Information is a strategic asset
Information is needed to allow an organisation to operate and grow. To maximise the positive impact of the information held by the business a robust and effective information management framework needs to be implemented.
Classify information
Qubely blocks is added to the Gutenberg editor as soon as you install the plugin. You can start using it as any other Gutenberg block. Add ready blocks using the plus sign To ensure that you have the right controls in place for types of information it is important that you classify your data. This allows you to have the right retention policies in place for information, who has access, how it is stored and what format it needs to be stored as.
Information ownership
To ensure that you have the right controls in place for types of information it is important that you classify your data. This allows you to have the right retention policies in pInformation needs to have ownership to ensure that it is managed and controlled. A information owner should be agreeing with the organisation what retention policies should be in place, who has access, how often it should be audited and updated and how it should be stored.
Only hold information required by the organisation
Only hold information if it required by the organisation and meets legal obligations, including personal data which you will need the owner permission. Holding information that you don’t need is taking up valuable resources as well as time to find, access and manage.
Information is stored in the right format
Information you hold is easy to find, to many times information is saved is the wrong location or is not up to date. Frustrating customer and staff as they waste time looking fInformation needs to be in the right format for users and systems in interpret, there in no use storing information that is not easy to use.
Only authorised people have access to authorised information
Information you hold is easy to find, to many times information is saved is the wrong location or is not up to date. Frustrating customer and staff as they waste time looking Only authorised people should have access to the organisations information; and have the right levels of authority to read or edit to ensure that information is leaked or changed without authority.
Ensure that information management meets legislative and contractual obligations
Understand what legal obligations you have on what information you are holding from VAT certificates, invoices, account, and personal information.
One you have the principles agreed the next step is to build some critical polices, for example:
This list is not extensive but it is a great starting point that will allow you to build your framework of controls.
If you require any further advice on how to build a information management framework please contact us
