Latest news
While an increasing number of companies have one policy for handling paper documents and electronic files, the pervasive growth of new record sources like Twitter, wikis and collaborative software applications like Microsoft SharePoint threatens their ability to keep those policies current and compliant.Iron Mountain encourages organizations to adopt a unified records management approach and recommends the following for creation and implementation:
Set Proper Policy – Get the fundamentals right to achieve compliance. Include key aspects such as governance, communication, education/training, and implementation; once defined, roll out this policy to the organization and to include all information types.
Make retention and compliance a priority – Retention covers both the preservation and destruction of information when it reaches the end of its business life and applies to all business records. Effective retention schedules apply to all business records and are regularly updated to comply with changing regulations and business needs.
Information should be easily identifiable and readily available. An organization capable of quickly identifying and retrieving records enjoys a competitive advantage, enhanced productivity, and greater protection from regulatory or discovery non-compliance. Classify information based on key identifiers such as record location, subject, author, date and method origination, system of creation and intended recipient. Then define authorizations and security controls to ensure it is available when it is needed and who should have access.
Protect and dispose of records the right way. Following consistent practices for safeguarding and properly disposing of information reduces the risks of exposure and theft while also helping to control storage costs. Documenting detailed instructions on how records are identified and approved for disposal, as well as the processes for destruction can protect against inadvertent disclosure or improper destruction.
Audit policies and make the organization accountable. Driving enterprise-wide adoption of the records and information management program requires a culture of accountability. Evaluate the success of that program through regular audits that follow defined metrics for success. Make employees accountable for their role in ensuring consistent adherence to policies, and provide visibility, encouragement and support for the overall program at the highest levels of the organization.
Spotlight
Is it time to professionalize information security?
Posted on 23 May 2013. | The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
