If you were presented with the following questions which would you answer first:
1)How protected are your monetary assets?
2)How protected are your information assets?
Understandably so, most people would have a quick answer to the first question. One of my goals is to raise aware that information is one of an organization’s most valuable assets that properly managed can increase a ROI and save money by reducing risks. As I continue to blog through the Information Governance Reference Model (IGRM) and the ARMA’s Generally Accepted Recordkeeping Principles (GARP) today’s entry is on the principle of protection.
According to GARP, to keep information protected that means that records and information must adhere to a certain level of confidentiality, secrecy and treated as privileged if necessary to ensure business continuity. This cannot be done by a RIM staff alone, but involves legal to identify what needs to be protected, business to denote pertinence to business continuity and IT to implement protection solutions.
Ensuring information is protected is often done through means such as the following:
•Accession permission schema
•Directory services such as Lightweight Directory Access Protocol or Netware Directory Service
If you are new to information security I would recommend this series of videos on securing and preserving information from AIIM’s Certified Information Professional training.
Protection can often be a hindrance for some RIM staff to use the cloud services to manage information. In the AIIM white paper, “Managing and Sharing Important Documents – in Small to Mid-Sized Business,” fears of inadequate cloud security is debunked as a myth.
Much like managing your bank account online, you need to take security threats to your cloud content seriously and follow sensible steps on passwords, secure connections, encryption, etc. In many ways, this is simpler than configuring the firewalls and anti-viruses that protect your on-premise network. Enabling access from mobil devices uses the same security mechanisms as from the office, so is simpler and potentially more reliable than punching VPN holes through your firewall.
Just as you would not trust your money to an online bank with no history and no reputation, you need to be sure you know who you are dealing with when it comes to entrusting your data to an online storage provider. Do not be put off by stories of hacked data and system outages: many on-premise systems are just as vulnerable, especially from internal employees and out-sourced IT support staff. Breaches of in-house systems are much more likely to go un-reported.
For more information you can read “How the Information Governance Reference Model (IGRM) Complements ARMA International’s Generally Accepted Recordkeeping Principles (GARP),” as well as ARMA International’s The Principles: Generallty Accepted Recordskeeping Principle of Protection.