A key IT policy to protect your information assets

An information asset is any information that has value to your organisation, regardless of how or where it is stored and what form it takes. Within the suite of IT policies provided in Policy Management as a Service is a well written Information Management Policy that can be tailored to help protect your information assets.

What is an information management policy?

An information management policy gives clear direction regarding the creation, capture and management of information assets in order to satisfy business, legal and stakeholder requirements and is just one policy within the suite of IT policies.

Want to learn more? Contact our Experts today to book a live demo of the Policy Management as a Service.

What does an information management policy include?

• The information management responsibilities of users, managers and technical staff
• Management of information
• Deletion of information
• The collection and dissemination of information
• Information access

Testimonial - Rother District Council

“Now we have the Essentials version of policies in place from PPS it provides an excellent incentive for everyone to strive to do things properly. The policies will form a key part of Council’s ongoing training on GDPR and cybersecurity awareness” - Graham McCallum, IT Manager

How to determine what should be classed as an information asset?

Examples of key questions to consider are:

What value does the asset have to the organisation?

Do we understand what the asset is, and what it is used for?

Could there be a legal, reputational or financial repercussion if the asset cannot be reproduced when required?

Would business operations be affected if the asset could not be easily accessed?

The IT security policy framework that Policy Management as a Service delivers includes a range of related IT policies that support the Information Management Policy - examples include an Access Control Policy, Cloud Computing Policy and Legal Compliance Policy.

Testimonial - Tower Hamlets Community Housing

“I assessed our requirements in the area of IT Policies and it was very evident that we had a lot of work to do if we were to draft content that was easy to read and understand, whilst being aligned with best practice. My estimate was that it would take 12-18 months to do this exercise in house and that was time we didn’t have, particularly as we were immersed in deploying new technology. I began researching options and identified Protocol Policy Systems (PPS) as a specialist provider in this area.“ - David Sheehan, Head of IT

The difference between Information Governance and Information Management

To develop an effective Information Management Policy to sit within your suite of IT Policies, you need to have a clear understand of what Information Management does and does not consist of;

Information governance (IG) is focussed on the organisational policies, processes, technologies and strategies that are employed to use information to meet its business needs, comply with legal and industry regulations whilst minimising risks. IG is focussed on the control of information, its creation, valuation, usage, storage, and deletion.

Information management is focussed on the lifecycle of information—the acquisition of information from different sources, custodianship of information, the distribution of information, and the deletion or archiving of information as documented in an organisation’s information governance policies.

Testimonial - Buckinghamshire Council

“The policies form part of our Document Library which we look to maintain to the requirements of ISO standards. The commitment in terms of reviewing them and ensuring that latest versions are published is now far less onerous, as is ensuring that they reflect latest changes to legislation and good practice” - Sarah Barnes, Head of Information Technology Operations

Assistance

Contact Protocol Policy Systems to learn how we assist organisations to put the foundations in place for a secure computing environment.