Zusammenfassung
Compliance is one of the component of the widely discussed GRC (governance, risk, and compliance) framework, which integrates three key elements of organizational strategy, the other two being governance and risk. The GRC framework encompasses all aspects of organizational strategy and operations, including those that involve the creation, collection, retention, disclosure, ownership, and use of information by companies, government agencies, and non-profit entities. Information governance develops strategies, policies, and initiatives to maximize the value of an organization’s information assets. Information risk management is responsible for identifying, analyzing, and controlling threats to those assets. Information compliance seeks to align an organization’s information-related policies and practices with applicable requirements. Academic researchers, legal commentators, and management specialists have traditionally viewed compliance as a legal concern, but compliance is a multi-faceted concept. While adherence to legal and regulatory requirements is widely acknowledged as a critical component of compliance initiatives, it is not the only one. Taking a broader approach, this book identifies, categorizes, and provides examples of information compliance requirements that are specified in laws, regulations, contracts, standards, industry norms, and an organization’s code of conduct and other internal policies. It also considers compliance with social and environmental concerns that are impacted by an organization’s information-related policies and practices. The book is intended for compliance officers, information governance specialists, risk managers, attorneys, records managers, information technology managers, and other decision-makers who need to understand legal and non-legal compliance requirements that apply to their organizations’ information assets. It can also be used as a textbook by colleges and universities that offer courses in compliance, risk management, information governance, or related topics at the graduate or advanced undergraduate level.
Schlagworte
Compliance GRC Organizational Records Records Management Information Lifecycle Information Management Information Regulations Information collection Information creation Information destruction Information ownership Information preservation Information retention Information security and protection Information storage governance, risk, compliance compliance requirements information compliance information disclosure information governance information protection information risk- 275–292 Index 275–292
- 293–294 About the Author 293–294
10 Treffer gefunden
- „... failures, and other information security lapses expose an organization to risk of regulatory violations ...” „... . Risk is a characteristic of all organizational initiatives, including information-related operations ...” „... executive.As it relates to information governance, risk may be associated with internal factors, such as an ...”
- „... , information risk, and information compliance have closely aligned objectives. Information governance develops ...” „... organizational governance. Informa-tion risk management is responsible for identifying, analyzing, and ...” „... controlling threats to those assets. The author examined information risk, an import-ant component of ...”
- „... information.• The contractor must employ risk assessment processes and procedures to regularly evaluate ...” „... administrative, physical, and tech-nological controls to manage information security risks.• ISO/IEC 27003:2017 ...” „... systems—Information security risk man-agement takes a methodology-independent risk management approach to implementing ...”
- „... library donations and, 131; in retention and disposition of information, 92–95; risk assessment and, 203 ...” „... ; legal department in, 21–22; records management in, 23; risk management in, 22–23information risk, in ...” „... risk management, viiinformation storage laws, 122–26information technology: compliance and, 19–20 ...”
- „... collect information about participants’ policies, risks, strate-gies, targets, and other environmental ...” „... 1475Information Access and DisclosureInformation access and information disclosure are related but ...” „... not synonymous concepts. Information access is the act of obtaining or retrieving information, either ...”
- „... information management topics. His latest books are Managing Information Risks: Threats, Vulnerabilities, and ...” „... 293About the AuthorWilliam Saffady is an independent records management and information gov-ernance ...” „... Responses, which was published by Rowman & Littlefield in 2020, and Records and Information Management ...”
- „... 773Information Retention and DispositionPolicies and procedures for the retention and disposition ...” „... of information are developed by records managers and information governance specialists who work with ...” „... an organization’s legal department, compliance officers, risk managers, department heads, and other ...”
- „... . Such information will likely remain usable until its retention period elapses, although the risk of ...” „... 1174Information Storage and PreservationThe preceding chapter identified compliance requirements ...” „... that specify how long information must be retained. The compliance requirements discussed in this ...”
- „... 2337Ownership of InformationAccording to the Collins Dictionary of Law, the concept of ownership is ...” „... compliance requirements discussed in this chapter treat information as property, a view that is supported by ...” „... forms of property, information may be owned by an individual, a group, a business, a nonprofit entity ...”
- „... from or about them will be used, and any risks associated with the information collection process ...” „... 372Information Creation and CollectionThis chapter identifies and discusses compliance requirements ...” „... for the creation and collection of data, documents, images, or other information by compa-nies ...”