A key IT policy to protect your information assets

An information asset is any information that has value to your organisation, regardless of how or where it is stored and what form it takes. Within the suite of IT policies provided in Policy Management as a Service is a well written Information Management Policy that can be tailored to help protect your information assets.

What is an information management policy?

An information management policy gives clear direction regarding the creation, capture and management of information assets in order to satisfy business, legal and stakeholder requirements and is just one policy within the suite of IT policies.

What does an information management policy include?

• The information management responsibilities of users, managers and technical staff
• Management of information
• Deletion of information
• The collection and dissemination of information
• Information access

How to determine what should be classed as an information asset?

Examples of key questions to consider are:

What value does the asset have to the organisation?

Do we understand what the asset is, and what it is used for?

Could there be a legal, reputational or financial repercussion if the asset cannot be reproduced when required?

Would business operations be affected if the asset could not be easily accessed?

The IT security policy framework that Policy Management as a Service delivers includes a range of related IT policies that support the Information Management Policy - examples include an Access Control Policy, Cloud Computing Policy and Legal Compliance Policy.

The difference between Information Governance and Information Management

To develop an effective Information Management Policy to sit within your suite of IT Policies, you need to have a clear understand of what Information Management does and does not consist of;

Information governance (IG) is focussed on the organisational policies, processes, technologies and strategies that are employed to use information to meet its business needs, comply with legal and industry regulations whilst minimising risks. IG is focussed on the control of information, its creation, valuation, usage, storage, and deletion.

Information management is focussed on the lifecycle of information—the acquisition of information from different sources, custodianship of information, the distribution of information, and the deletion or archiving of information as documented in an organisation’s information governance policies.

Assistance

Contact Protocol Policy Systems to learn how we assist organisations to put the foundations in place for a secure computing environment.