1 / 32

MITIGATING INFORMATION RISK Presented by Fred V. Diers

MITIGATING INFORMATION RISK Presented by Fred V. Diers Vice President & General Manager – GRM Solutions Group www.grmdocumentmanagement.com www.grmpedia.com fdiers@grmdocument.com. Learning Objectives. Today’s participants will be able to: Identify and Communicate Risks

salma
Download Presentation

MITIGATING INFORMATION RISK Presented by Fred V. Diers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MITIGATING INFORMATION RISK • Presented by • Fred V. Diers • Vice President & General Manager – GRM Solutions Group • www.grmdocumentmanagement.com • www.grmpedia.com • fdiers@grmdocument.com

  2. Learning Objectives Today’s participants will be able to: • Identify and Communicate Risks • Create a fact based records retention schedule • Identify external and internal impacts resulting in change management and determine compliance realities • Clarify governance package scope • Maintain compliance with Regulations through GRMpedia • Implement and assure policy sustainability

  3. Why Records Pose Risk Information, as an organization’s single most important resource, can cause: Bad publicity impacting the price of shares or loss of business (e.g. Wikileaks) Discrimination claims resulting from e-mails, instant messages, company blogs Product liability from customer complaints not being addressed Ruined business plans or mergers from information leaks Lost trade secrets from unauthorized information disclosures Privacy claims from stolen or misplaced data The list goes on and on and on…

  4. Greater risk caused by less control over information The Demand for Greater Control Due to: ONE TWO THREE FOUR Tougher Federal and State Compliance Regulations Steep Fines and Penalties for Failing to be in Compliance Increased Exposure to Litigations Increased Incidence of Investigations Dodd-Frank Wall Street Reform and Consumer Protection Act – July 2010 HIPAA HITECK – July 2009 Health Care Reform - 2010

  5. Existing Programs Records Management programs traditionally consist of: Records Management Policy issued by the RM dept. Records Retention Schedules Records Management Procedures (SOP’s) Records Management software Records discovery support Active file center maintenance Inactive records storage and disposition All the above program elements are focused on paper or imaged records at the back-end of the process

  6. External Factors Since 2002, 6 major events have caused organizations to refocus on the need for compliant information controls: HIPPA and HIPPA HITECH SOX Federal Rules of Civil Procedures Government bailouts (TARP) & SEC Audit Rules Consumer Protection Act Health Care Reform and EMR Initiatives The days of de-regulation are over!!!

  7. External Factors Management is looking for a solution to ensure regulatory compliance and effective sustainable management of its information resources. Decision relating to compliance are: Keep all data, documents, and records forever, or Implement a compliant and effective records retention program

  8. Objectives Mitigating risk through a holistic approach to Information Management Devising and implementing a truly comprehensive records management solution Bringing companies lower risk and enhanced performance through the most secure, reliable and fully integrated record management platform

  9. Today’s RM Program Objectives To implement a compliant and flexible governance program for staff and business unit’s document handling and preservation processes To enable enterprise knowledge of and access to electronic and physical records today and in the future To reduce information volumes ensuring preservation of complete and trustworthy records

  10. Today’s RM Program Objectives To ensure records’ chain of custody from creation through disposition To control information duplication, processing and storage To work with IT to develop processes for preserving and accessing electronic records with long retention periods To work with IT to dispose of electronic records

  11. Governance Enterprise Rules The foundational enterprise rules Records Management Policy Retention Schedule Electronic Messaging Policy Hold Order Policy Enterprise and local information processing procedures

  12. Governance Functional Rules Organization specific rules can include: Inactive Media Policy (Back-up tapes) Legacy Data Retention Policy Acquired or Dissolved Business Unit Retention Policy HR Personnel Records Privacy Policy Records Security and Archive Policy

  13. Data Collection Codifying collected information Taxonomies Inactive media rotation Electronically stored information repositories Category standards Information custodians

  14. Data Collection

  15. Data Validation Validating findings and recommendations Return draft taxonomies for user review for: Comprehensive record types Record type definitions Record type custodians Record type media Secure user consensus prior to developing standards and rules

  16. Data Validation

  17. Records Management Policy Content of policy mirrors organizational level policies authorized by the Board or executive body Policy is enterprise in scope to ensure consistency and sustainability

  18. Records Management Policy Policy defines life cycle of all information regardless of media or type. (No longer is there a differentiation between record or non-record or data versus document versus record) Policy defines governing body oversight responsibilities. Other information governance policies and procedures link with the Records Management Policy and retention schedule.

  19. Retention Schedule

  20. Retention Schedule

  21. First step is researching government regulations that impact the business Original Research based on fact not hearsay International research includes: Countries that the organization conducts business Local regulations requiring original records retained in-country Privacy requirements Treaty requirements (e.g. EU, WHO, etc.) Retention Schedule

  22. How do you research Retention and Reporting Regulations? The Cornerstone of Reducing Risk is the original research of government regulations that impact Business Information Resources Retention Schedule

  23. Retention Schedule • Two versions of GRMpedia are available: • Client version with selected regulations impacting their business that are used to apply to the Retention Schedule that GRM Solutions’ Consultants create. • Knowledge base reference of over 16,000 Federal, International, and State impacted records. • Access at www.grmpedia.com

  24. Retention Schedule

  25. Once the research is completed, the schedule is created by: Mapping regulatory research results with standard categories Providing industry benchmarking to non-regulated record series Adjusting retention policies for operational preservation processing needs Combining with other business rules relating to security, business resumption, and corporate ethics Retention Schedule

  26. Retention Schedule

  27. Retention Schedule

  28. Next step is consolidating codified information into an enterprise retention schedule listing: Classification standards (Record Series) with definitions and sample record types Media and record designation (vital, historical, GxP, SOX, etc.) Copy and official retention periods Applicable regulatory citations linked to the regulatory database Records custodians Retention Schedule

  29. CREDIBLE Program Benefits Reduces information related risk Enables organization personnel access to needed information Provides sustainable information volume reduction Manages life-cycle of structured and unstructured information

  30. Raises management’s comfort level of ethical conformance to the rules Minimizes document handling burdens Decentralizes use and access of information by employing centralized standards Makes the Records Management program a core information function CREDIBLE Program Benefits

  31. Questions Fred V. Diers Vice President & General Manager GRM Solutions Group www.grmdocumentmanagement.com

More Related