Saturday, July 13, 2024

International Standards For Information Governance

Don't Miss

Organization Of American States

Open Data Governance – International Standards

The OAS Special Rapporteur on Freedom of Expression has frequently recognised that freedom of information is a fundamental right, which includes the right to access information held by public bodies. In his 1999 Annual Report to the Inter-American Commission on Human Rights, he stated:

The right to access to official information is one of the cornerstones of representative democracy. In a representative system of government, the representatives should respond to the people who entrusted them with their representation and the authority to make decisions on public matters. It is to the individual who delegated the administration of public affairs to his or her representatives that belongs the right to information. Information that the State uses and produces with taxpayer money.

In October 2000, the Inter-American Commission on Human Rights approved the Inter-American Declaration of Principles on Freedom of Expression, which reaffirms the right to information in the Preamble:

CONVINCED that guaranteeing the right to access to information held by the State will ensure greater transparency and accountability of government activities and the strengthening of democratic institutions

The Principles unequivocally recognise the right to access information:

Measuring Information Governance Progress

Assessment tools such as the IG Maturity Model and the IG Reference Model help companies measure the progress of their Information Governance progress. The IG Reference Model provides corporations, industry associations, analyst firms and other interested parties a tool that allows them to communicate to and with stakeholders concerning processes, practices and responsibilities of their IG program.

On the other hand, the IG Maturity Model is based on ARMAs eight Generally Accepted Recordkeeping Principles. The maturity model defines the characteristics of various recordkeeping program levels that range from substandard to transformational IG. The goal of organizations is to reach the top transformational level where IG strategies are integrated into the overall corporate infrastructure or business processes to help boost cost containment, client services and competitive advantage.

Definition Of Information Governance

What is Information GovernanceGartner defines Information Governance as “the specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.”

Information governance is not a separate category from information management, but rather a different perspective of it a more conservative one. In a perfect world, organizations would bar applications that put content out of control, but efforts to stop people from doing what they want to do with information always fail. Always. Information governance is really the practice of putting in place measures to mitigate the risk.Those organizations that have good information governance programs in place know:

  • What information is retained
  • How long it is retained
  • Who has access to it
  • How that data is protected
  • How policies, standards and regulations are enforced

The challenge many organizations face is connecting these programs under one umbrella and correctly assigning ownership sometimes to legal, sometimes to IT, and sometimes to compliance.Each organization is different, but in general the following diagram is a good description for information governance.

Figure 1. source: Information Architected

Don’t Miss: Federal Jobs In Las Vegas Nevada

What Is Information Governance And Why Is It Important

Information governance is the management of information usability, integrity and security. Gartner defines the term as the specification of decision rights and accountability frameworks to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. This is a thorough way of saying that an information governance policy and system helps your organization manage data for maximum compliance, security and accessibility. This differs from the data lifecycle in that information governance also covers the policies and procedures governing information across an entire organization.

Why is that so important? There are a few reasons:

Governance is such an important aspect of data-driven businesses that professionals are certified by authorized organizations. For example, the Association of Records Manager and Administrators International is a professional body of information governance experts that certify professionals, offer continuing courses and workshops and sponsor events. Likewise, the Certified Governance Officers Association is a similar organization for governance professionals on an international level.

Historical Overview Of Information Governance


As data generation exploded in recent decades, and regulations and compliance issues increased, traditional records management failed to keep pace. A more comprehensive platform for managing records and information became necessary to address all phases of the lifecycle, which led to the advent of information governance. In 2003 the Department of Health in England introduced the concept of broad-based information governance into the National Health Service, publishing version 1 of an online performance assessment tool with supporting guidance. The NHS IG Toolkit is now used by over 30,000 NHS and partner organizations, supported by an e-learning platform with some 650,000 users. In 2008, ARMA International introduced the Generally Accepted Recordkeeping Principles®, or “The Principles” and the subsequent “The Principles” Information Governance Maturity Model. “The Principles” identify the critical hallmarks of information governance. As such, they apply to all sizes of organizations, in all types of industries, and in both the private and public sectors. Multi-national organizations can also use “The Principles” to establish consistent practices across a variety of business units. ARMA International recognized that a clear statement of “Generally Accepted Recordkeeping Principles®” would guide:

Don’t Miss: Grants For Dental Implants For Seniors

Overcoming The Challenges Of Scale Across Business Roles

Before any organization embarks on an overhaul of their information governance policies and procedures, its important to consider the challenges first. These can include:

  • The complexity and diversity of todays enterprise technology stacks
  • The rapid proliferation of data across all business roles and departments
  • The new and emerging data privacy regulations at local, state, federal, and global levels
  • The need to derive real-time insights from data to maintain competitive advantage

The above responsibilities apply in almost every business role and department. In enterprise environments, matters become exponentially more complex, especially when factoring in the rise of remote teams and multiple branches. Different departments use a wide range of cloud services. For example, marketing teams use on average 120 different services, while HR use around 100, and finance uses 51, according to one recent study. Since each of these services collects and stores information in a unique way, information governance must apply in every area of the organization.

Information Governance no longer belongs exclusively to legal, compliance, and information security teams. Its everyones responsibility. IG professionals need visibility across the full range of information-based services. Business leaders need to maintain complete audit trails of where their data lives and which controls are in place to protect it.

List Of International Common Standards

This article contains embedded lists that may be poorly defined, unverified or indiscriminate. Please help to clean it up to meet Wikipedia’s quality standards. Where appropriate, incorporate items into the main body of the article.

A list of international common and basic technical standards, which have been established worldwide and are related by their frequent and widespread use. These standards are conventionally accepted as best practice and used globally by industry and organizations.

In circumstances and situations there are certain methods and systems that are used as benchmarks, guidelines or protocols for communication, measurement, orientation, reference for information, science, symbols and time. These standards are employed to universally convey meaning, classification and to relate details of information.

The standards listed may be formal or informal and some might not be recognised by all governments or organizations.

You May Like: Dental Implant Assistance Programs

Principle 3 Promotion Of Open Government

Public bodies must actively promote open government.

Informing the public of their rights and promoting a culture of openness within government are essential if the goals of freedom of information legislation are to be realised. In most countries, particularly those which have not yet or have just recently adopted freedom of information laws, there is a deep-rooted culture of secrecy within government, based on long-standing practices and attitudes. Ultimately, the success of a freedom of information law depends on changing this culture since it is virtually impossible to force openness, even with the most progressive legislation.

The best approach to addressing this problem will vary from country to country but, at a minimum, there will be a need to train public officials. A number of other means of promoting openness within government have been tried in different countries, including, for example, providing incentives for good performers and exposing poor performers, and ensuring oversight through annual reports which provide relevant statistics on the functioning of the FOI regime. Another useful tool to tackle the culture of secrecy is to provide for criminal penalties for those who wilfully obstruct access to information in any way, including by destroying records or inhibiting the work of the administrative body overseeing implementation of the law.

Committee For Information Governance

ISO 38500 – Corporate Governance of Information Technology

The responsibility of maintaining information governance policies should not be the job of one individual. Rather, the company should select persons from various divisions within the organization, all of whom have a stake in ensuring that PII, proprietary information, and any other type of important information is properly maintained in the best interest of the company, as well as in the interest of all who could be affected by an unauthorized release.

Logically, IT will have a role in this committee. For years, those within IT have been thought of as accountable for any breaches of information, but rarely have they had a seat at the table to discuss how to prevent these breaches. Just as importantly, it was a rare occasion when a company heeded the warnings of IT professionals and spent money on areas where no problem had occurred. The IT department has often been its own island inside large companies, overseen by managers who do not fully understand the language or importance of IT. Yet, IT departments can significantly help information governance efforts through their knowledge of threats and their ability to share this knowledge with others in the organization. But the responsibilities of information governance should no longer fall to the IT department alone.

Also Check: Los Lunas Government

How To Get Started

To identify the best place to start your IG initiative, you need to figure out a way to support your organizations strategic efforts with reliable information and data.

Organizations usually have a mission and vision that guides them along as they conduct business and develop strategies to help achieve their goals. Thus, taking a careful look at those business strategies and goals can give you a strong hint about where and how to start your IG initiative.

Since you cannot achieve any organizational goal without useful information, the best place to start your IG initiative is identifying a problem with information that requires addressing, or even a business opportunity that reduces costs and enhances revenue.

Such strategic alignment means that you should put your IG needs as part of a broader strategy that will help achieve your organizational goals. Your goals can be extensive and varied, such as better management of space , expanding service offerings through the acquisition and integration of other businesses, creating new customer service protocols or reducing your costs.

Since IG is a set requirement of responsibility and rights to allow the suitable function of various information aspects, the provision of decision rights determines data ownership and who has the right to make decisions about it.

The Right Of Access: International Standards

A number of international bodies have authoritatively recognised the fundamental and legal nature of the right to freedom of information, as well as the need for effective legislation to secure respect for that right in practice. These include the UN, the Organisation of American States, the Council of Europe and the African Union.

Read Also: Federal Government Jobs Las Vegas Nv

Bs 1001: 2017 Personal Information Management

In 2017 we decided to further enhance our governance model through the adoption of and certification to the BS 10012:2017 Personal Information Management Standard, thus assuring customers of our systematic and best practice approach to the management of privacy risk and improvement of our ASP services. Adoption of the BS 10012:2017 standard enhances compliance with the GDPR Regulation 2016/679 valid May 25th 2018.

The BS 10012:2017 certification assessments are carried out by our accredited partner Certification Europe. We undertake surveillance audits at yearly intervals in order to continually improve privacy risk management and to maintain certification validity. This certification is renewed every 3 years. The current certificate may be viewed here.

For further information contact our

Features Of An Foi Regime


A number of the international standards and statements noted above provide valuable insight into the precise content of the right to freedom of information, over and above simply affirming its existence. In his 2000 Annual Report, the UN Special Rapporteur on Freedom of Opinion and Expression set out in detail the standards to which freedom of information legislation should conform . The 2002 Recommendation of the Committee of Ministers of the Council of Europe is even more detailed, providing, for example, a list of the legitimate aims which might justify exceptions to the right of access.

These standards find some support in the various freedom of information laws and policies around the world. Although these vary considerably as to their content and approach, the more progressive laws do have a number of common features which reflect these international standards.

ARTICLE 19 has published a set of principles, The Publics Right To Know: Principles on Freedom of Information Legislation , setting outbest practice standards on freedom of information legislation. These Principles are based on international and regional law and standards, and evolving State practice. They therefore provide a useful framework in which to discuss the features of access to information legislation.

Read Also: Grants For Owner Operators

What Is Information Governance

Information governance is defined in a lot of different ways, but at its core, it refers to a strategic framework for managing information at an organizational level. Although we typically refer to information governance in a digital context, it also incorporates physical assets, such as devices and printed documents. This is especially true in the case of more mature organizations, which often have large amounts of information stored locally, in printed or digital form.

There are many regional and international standards for managing information at scale, and the regulatory compliance landscape is evolving every year. However, the core concepts of information governance have largely remained the same. These include security and privacy, integrity and authenticity, information lifecycle management, and business continuity. But information governance is more than just a legal and ethical obligation. Establishing a robust and adaptable framework can help organizations derive greater value out of their information and drive smarter, more informed decision-making.

Iso 27701 And The Gdpr

Although it has data protection in its name, the GDPR is equally concerned about data privacy.

However, as you will have already learned during your GDPR compliance programme, the legislation doesnt include guidance on how to meet its requirements.

This is to prevent the GDPR from becoming outdated as best practices evolve and new technologies become available.

Although thats a smart decision in the long term, it leave organisations unsure about specifics.

Thats where ISO 27001 helps, explaining how organisations can address data privacy adequately.

You May Like: Arkansas Assistance For Single Mothers

An Introduction To Iso 27: The International Standard For Data Privacy

ISO 27701 is the newest standard in the ISO 27000 series, explaining what organisations must do when implementing a PIMS .

The advice essentially bolts privacy processing controls onto ISO 27001, the international standard for information security, and provides a framework to establish the best practices required by regulations such as the GDPR.

Organisations that are already ISO 27001 compliant will only have a few extra tasks to complete, such as a second risk assessment, to account for the new controls.

Why Is Information Governance Important

The US and EU Further Talks on Technology Governance | Cyber In :60 | GZERO Media

Data overload is real, and its one of the biggest challenges facing todays organizations. Our collective digital activities have now generated almost 60 zettabytes of data, a figure thats expected to reach 149 over the next four years. In small businesses, data typically exists in the dozens of terabytes, while many larger enterprises have already reached the petabyte scale. These amounts are expected to only increase over the years to come.

Todays organizations have the monumental task ahead of minimizing risk and maximizing value across increasingly vast data sets. While business leaders usually recognize the fact that their data is valuable, the overwhelming majority of their digital assets are underutilized and inadequately governed and protected. This isnt helped by the fact that the average enterprise now uses 1,295 different cloud services, each one leaving a trail of data across a complex array of networks and systems.

Recommended Reading: Grants For Teeth Implants

The Power Of Information

We believe information can be a positive transformative force in the world improving business, government, and the lives of people in all walks of life. But we also believe that these benefits are not automatic, and in fact will only be the result of sustained, proactive efforts to understand and manage information in a better way.

We believe that there is a need for like-minded people to come together and find this better way. A forum for ideas, facts, and techniques. An initiative that pushes the market forward and builds information literacy.

That’s why we created the Information Governance Initiative and why we want you to be a part of it.

Our Advisory Board is comprised of senior professionals who represent these facets of IG, and who can help to guide the IGI in research and peer-to-peer work in these areas.

We want to advance the practice of information governance, as we believe that IG is the best chance that organizations have to truly get their information under control and to maximize its value.

More articles

Popular Articles