E-Book
38,99 €

Information Nation E-Book

Randolph Kahn

0,0

38,99 €

oder

Leseprobe lesen

Sammeln Sie Punkte in unserem Gutscheinprogramm und kaufen Sie E-Books und Hörbücher mit bis zu 100% Rabatt.

Mehr erfahren.

Herausgeber: John Wiley & Sons
Kategorie: Wissenschaft und neue Technologien
Sprache: Englisch

Beschreibung

This fully updated edition demonstrates how businesses can succeed in creating a new culture of information management compliance (IMC) by incorporating an IMC philosophy into a corporate governance structure. Expert advice and insight reveals the proven methodology that adopts the principles, controls, and discipline upon which many corporate compliance programs are built and explains how to apply this methodology to develop and implement IMC programs that anticipate problems and take advantage of opportunities. Plus, you'll learn how to measure information management compliance through the use of auditing and monitoring, following the proper delegation of program roles and components, and creating a culture of information management awareness.

Details

Sie lesen das E-Book in den Legimi-Apps auf:

Android

iOS

von Legimi
zertifizierten E-Readern

Seitenzahl: 362

Veröffentlichungsjahr: 2009

Bewertungen

0,0

Rezensionen(0 Rezensionen)

Leseprobe

Table of Contents

Title Page

Dedication

About the Authors

Credits

Acknowledgements

Introduction

Information Management Compliance

Notes

I - Laying the Foundations of Information Management Compliance

Chapter 1 - Why Information Management Matters

Sink or Swim

Notes

Chapter 2 - Building the Foundation:Defining Records

Determining If Information Is a Record

Defining Records

Why We Retain Records

Not All Information Has to Be Retained

Top 10 Reasons Not to Keep Everything Forever

Medium Does Not Matter

Intent Does Matter

Record Qualification Checklist

Survey: Employee Responsibility for Records and Information

Notes

Chapter 3 - An Overview of Records Management

Defining Records Management

The Lifecycle Approach

Information Assets

Components of a Records Management Program

Managing Electronic Records

Notes

4 Information Management Compliance (IMC)

What Is Compliance?

How Compliance and Information Management Fit Together

Sources of IMC Criteria

Establishing Your Compliance Criteria

Organizational Liability

A Case Study in IMC Failure: Morgan Stanley

Notes

Chapter 5 - Achieving IMC: Introduction to the Seven Keys

The Facts: Something Is Broken

What Exactly Is Broken?

The Federal Sentencing Guidelines

The Seven Keys

Notes

Chapter 6 - Sarbanes-Oxley and IMC

Doing Business in the Post-Sarbanes-Oxley Era: Everyone Is Affected

Destruction and Alteration of Information: SOX Section 802

Internal Controls: The Role of Information Management in Financial Reporting ...

Information Management and SOX

Notes

II - Seven Keys to Information Management Compliance

Key #1 - Good Policies and Procedures

Chapter 7 - The Purpose of Policies and Procedures

Laying the Foundation of IMC

The Difference between Policies and Procedures

Provide Clear Directives to Employees

Making a Statement to the World

Not Following Your Own Policy Is Bad Policy

If You Don’t Do It, Someone Else Will

Putting It Down in Writing

Limiting Corporate Liability for Employee Actions

The Legal Hold

Notes

Chapter 8 - Making Good Policies and Procedures

Create a Policy and Procedure Structure

Create Clear and Unambiguous Directives

Policies in the Real World

Policies Should Be Technology-Neutral

Guiding IT/IS with Policies and Procedures

Resist the Temptation to Make Catch-All Policies

Address Ongoing Changes in the Law

Addressing Policy Violations: A Four-Stage Program Courtesy of the FTC—

Notes

Chapter 9 - Information Management Policy Issues

Issue #1: Electronic Discovery

Issue #2: Privacy

Issue #3: Protecting Company Information—the Programmer’s Toolkit

Issue #4: Disaster Recovery and Business Continuance

Issue #5: Information Security

Notes

Key #2 - Executive-Level Program Responsibility

Chapter 10 - Executive Leadership, Sine Qua Non

Policy Comes from Above

Companies and Executives Pay the Price for Their Failures

Who Has Time for It?

Organizational Culture

It’s Not Just the CFO

Fighting the Tide Is a Job for Someone Strong

Consistency across Lines-of-Business

Put Your Money Where Your Mouth Is

Can the CEO Really Be Held Accountable for Information Management?

Notes

Chapter 11 - What Executive Responsibility Means

Creating a Culture of Information Management Awareness

The Executive Information Management Council

What Happens to Records When Executives Leave the Organization?

Notes

Chapter 12 - IT Leadership

IT Leadership Is Changing

The Impact of Sarbanes-Oxley on IT/IS Management

The Total Cost of Failure (TCF)

Notes

Key #3: - Proper Delegation of Program Roles and Components

Chapter 13 - Create an Organizational Structure to Support IMC

Sppecialization Is the Reality

Training and Certification Should Be Standardized

Competing Needs: Why Your Committees Need to Be Broad and Deep

Who Should Be Responsible?

Notes

Chapter 14 - A Sample Information Management Organizational Structure

About This Model

The Model

Key #4 - Program Communication and Training

Chapter 15 - Essential Elements of Information Management Communication and Training

Be Clear and Consistent

Clarity Is King

Be Concise

Be Visible

Be Proactive and Responsive

Offer Engaging and Interactive Training Programs

Make IMC an Employee Priority

Constantly Communicate and Train

Educate Employees about the Implication of New Technology

Notes

Key #5 - Auditing and Monitoring to Measure Program Compliance

Chapter 16 - Use Auditing and Monitoring to Measure IMC

Information Management Auditing and Monitoring

Find Out before Someone Else Does

Auditing and Monitoring Programs Help to Build Trust

Know What Is Happening on Your Own Networks

Auditing or Monitoring May Be Required by Law

Internal versus External Auditing and Monitoring Programs

Piracy: Don’t Look the Other Way

Monitoring Employee Activity

Notes

Key #6 - Effective and Consistent Program Enforcement

Chapter 17 - Addressing Employee Policy Violations

Make Sure Employees Understand the Consequences

Enforcement Must Be Consistent

Notes

Chapter 18 - Using Technology to Enforce Policy

Which Directives Can Be Automatically Enforced?

Managing the Administrators

Key #7 - Continuous Program Improvement

Chapter 19 - The Ongoing Work of IMC

Why Is Continuous Program Improvement (CPI) Required?

Changing Technology Means Changing the Program

Dealing with Flaws and Failure

Communicating Flaws and Failures

Notes

Conclusion

Index

Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com

eISBN : 978-0-470-49555-1

1. Management information systems—United States. 2. Information technology—United States—Management. 3. Business records—Data processing—Management. 4. Business records—Law and legislation—United States. 5. Disclosure of information—Law and legislation—United States. I. Blair, Barclay T. II. Title.

HD30.213.K34 2009 658.4’038—dc22 2008047044

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc. 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc. is not associated with any product or vendor mentioned in this book.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

To my amazing children, Dylan, Lily and Teddy,who bring me life’s greatest joy.

—Randolph A. Kahn

To Marianne and Jack

—Barclay T. Blair

About the Authors

Randolph A. Kahn is an internationally acclaimed speaker, consultant and award winning author of dozens of published works including Privacy Nation, Information Nation Warrior, Information Nation: Seven Keys to Information Management Compliance, and E-Mail Rules. Mr. Kahn was the recipient of the Britt Literary Award in 2004 for an article entitled “Records Management & Compliance: Making the Connection” and in 2005 for an article entitled “Stand and Deliver.” He is an internationally recognized authority on the legal, compliance, and policy issues of information technology and information, and trusted advisor and consultant to Fortune 500 companies, governmental agencies and court systems.

As founder of Kahn Consulting, Inc., Mr. Kahn leads a team of information management, regulatory, compliance, and technology professionals who serve as consultants and advisors to major institutions around the globe. Each year Mr. Kahn speaks dozens of times around the globe to corporate and government institutions. Mr. Kahn can be contacted at 847-899-8487 or [email protected].

Barclay T. Blair is a consultant to Fortune 500 companies, software and hardware vendors, and government institutions, and is an author, speaker, and internationally recognized authority on a broad range of policy, compliance, and management issues related to information and information technology.

Barclay is the award-winning author of the books Information Nation: Seven Keys to Information Management Compliance, Information Nation Warrior, and Privacy Nation. Barclay has written and edited dozens of publications, speaks internationally on information management compliance issues, and has instructed at George Washington University. Barclay has edited and contributed to several books, including: Email Rules; Secure Electronic Commerce; and Professional XML. He can be contacted at 403-638-9302 or [email protected].

Credits

Executive Editor Carol A. Long

Development Editor Gus A. Miklos

Senior Development Editor Kevin Kent

Production Editor Angela Smith

Copy Editor Foxxe Editorial Services

Editorial Manager Mary Beth Wakefield

Production Manager Tim Tate

Vice President and Executive Group Publisher Richard Swadley

Vice President and Executive Publisher Barry Pruett

Associate Publisher Jim Minatel

Project Coordinator, Cover Lynsey Stanford

Compositor Maureen Forys, Happenstance Type-O-Rama

Proofreader Josh Chase, Word One

Indexer J & J Indexing

Cover Designer Michael E. Trent

Acknowledgments

The authors would like to thank AIIM International for their support in publishing the first edition of this book and other works of ours. We would also like to thank Andrew Cohen for his insightful contribution on GRC. Finally, thank you to W. Lawrence Wescott II for his valuable assistance in developing this second edition.

Introduction

Since the publication of the first edition of Information Nation, several significant developments have occurred that we believe warranted the publication of the second edition. The most important of these developments has been the electronic discovery amendments to the Federal Rules of Civil Procedure, which became effective on December 1, 2006. Many states have introduced, or are in the process of introducing, similar amendments to their rules of civil procedure.

These new rules have important implications for all organizations. Companies may find themselves at a severe disadvantage if they are not able to produce electronic documents in response to discovery requests under the new rules. The Seven Key approach introduced in the first edition provides a framework for firms to organize their information assets so that they can find responsive information to such requests. The second edition demonstrates specifically, via citations to the new Rules and case law decided under the new Rules, how firms incorporating an information management compliance philosophy into their corporate governance structure can succeed in this new environment.

The Seven Keys themselves have undergone some changes. Although consideration of the Federal Sentencing Guidelines by judges in their sentencing decisions is no longer mandatory (see discussion in Chapter 5), their importance for Information Management Compliance (IMC) remains unchanged.

IMC failures in companies can have spectacular consequences. The first edition highlighted the problems of Arthur Andersen in the Enron case. The second edition discusses a series of challenges facing Morgan Stanley (see Chapter 4). The most notable of these challenges occurred in the Coleman case, in which their continuing discovery of responsive electronic evidence (after certifying that all had been found) exasperated the judge and ultimately led to a nearly $1.6 billion jury verdict against the firm (although it was ultimately reversed on other grounds). Other compliance problems in different areas led to the imposition of significant fines by the SEC upon the firm.

The Morgan Stanley example again illustrates the consequences of information management compliance failure. The process of instituting an IMC culture is not accomplished overnight. The dedication and hard work required, however, pays off not only in the ability to respond to legal and regulatory requests but also in the ability to work more simply, more cheaply, and faster.

The second edition also incorporates the governance, risk and compliance (GRC) methodology. A summary of the methodology is provided by Andrew M. Cohen, Esq., Associate General Counsel for EMC Corporation (see Chapter 11). Although IMC is only a small subset of the overall GRC structure, GRC offers a toolset to help focus IMC efforts more effectively.

These developments are the reasons for the second edition of Information Nation. They demonstrate that it is even more important than ever to make the changes to your company to create a culture of Information Management Compliance.

Information Management Compliance

This is a book about changes in the Information Management landscape, resulting largely from cases like these and dozens of lower-profile cases. Most importantly, it is about how we can learn to avoid similar problems in our own organizations by developing and implementing Information Management Compliance programs that anticipate problems and take advantage of opportunities.

This is a book about approaching all types of Information Management activities with a new methodology, one that adopts the principles, controls, and discipline upon which many corporate compliance programs are built. While the world of records destruction is the starting point for our exploration, the book examines a broad range of Information Management activities that serve both legal and business needs, and are central to your organization’s ongoing success.

This is a book about Information Management Compliance (IMC), which involves:

1. Developing Information Management criteria based on legal, regulatory, and business needs

2. Developing and implementing controls designed to ensure compliance with those policies and procedures

The first six chapters of this book define and explore the concepts of Information Management, Records Management, IMC, and the business and regulatory environments that we operate in today.

In the second part of the book we present the Seven Keys to Information Management Compliance—this is the practical, action-oriented part of the book. These Seven Keys are:

1. Good policies and procedures

2. Executive-level program responsibility

3. Proper delegation of program roles and components

4. Program dissemination, communication, and training

5. Auditing and monitoring to measure program compliance

6. Effective and consistent program enforcement

7. Continuous program improvement

As a model for these Seven Keys, we used a section of the Federal Sentencing Guidelines (“Guidelines”).1 The Guidelines are used by the federal courts to determine the appropriate punishment for individuals and organizations that violate the federal law. For many years, numerous companies have used the Guidelines to build general corporate compliance programs. However, until now, the Guidelines have generally been overlooked as a source of guidance for Information Management. The time has come to apply the compliance methodology outlined by the Guidelines to Information Management.

In this new era, Information Management requires a proactive approach that recognizes that legal protection and business value will result from taking a formal, disciplined, visible, funded, and sustained approach—an approach that begins with an understanding of how an organization’s Information Management activities are likely to be judged by the courts, regulators, auditors, and its own executives and shareholders.

IMC is about more than making sure information is not destroyed because of the malicious or inadvertent acts of a few employees. Rather, it is a holistic approach that covers many areas of concern, including:

• Storage management

• Privacy

• Business continuity and disaster recovery planning

• Records Management

• Information security

• Transaction Management

• Application development and integration

• Technology purchasing and acquisition

• System configuration and management

• And many other areas

We wrote this book for a broad range of readers who have an interest in Information Management issues, with a specific focus on readers who have direct or indirect responsibility for making sure that information is properly used and managed in their organizations. The sphere of people who have some responsibility in this area seems to grow every day, now encompassing everyone from the CEO who needs to sign off on financial reports in accordance with Sarbanes-Oxley, to the IT professional wondering how backup tapes should be managed, to the compliance offer trying to ensure compliance with emerging privacy laws, to the administrative assistant just trying to decide what to do with all the email messages that his boss has asked him to print out and file, to the lawyer guiding the company through troubled legal waters.

Information Management encompasses management, administrative, operational, technological, human resources, Records Management, legal, and many other areas of an organization. The Seven Keys to IMC that we advance are designed to help professionals in each of these areas understand their responsibilities and what they must contribute to their organization’s Information Management efforts.

Notes

1 United States Sentencing Commission, Guidelines Manual, §3E1.1, Nov. 2002.

Laying the Foundations of Information Management Compliance

Why Information Management Matters

In this first chapter, we will explore the concept of Information Management, how it has changed over time, and how it relates to other information-based activities across an organization. Understanding the essence of Information Management will lay the foundation for understanding Information Management Compliance (IMC).

Sink or Swim

In 2007, the digital universe (information created, captured, or replicated in digital form), was estimated to be 281 exabytes, or 281 billion gigabytes (GB). For an estimated world population of 6.6 billion, that is about 42.6 GB of data per person. About 210 billion e-mail messages are sent each day, along with 32.2 billion instant messages. The Radicati Group estimates that in 2008, a typical corporate e-mail account will send and receive about 18.5 MB of data per day. Forrester Research forecasts that the number of PCs worldwide will reach 2 billion by 2015. Exceptional growth is predicted in emerging markets, with a worldwide compound annual growth rate of more than 12 percent between 2003 and 2015.

Lesen Sie weiter in der vollständigen Ausgabe!

Tausende von E-Books und Hörbücher

Ihre Zahl wächst ständig und Sie haben eine Fixpreisgarantie.

Sie haben über uns geschrieben: