Full RSS Feed
Receive
the Free CMSWire NewsletterWe all know that all companies risk losing or leaking information. But do we really know what to do about enterprise risk management? Best practices aren't always relevant to enterprise environments, nor do companies always have the proper benchmarks in place to implement them.
Taken together, GRC is an oft-used acronym that refers to the way in which organizations manage, store and share information. Taken individually, there are integral pieces of the process.
Governance + Risk Management + Compliance
Governance begins long before the first datum is gathered. It starts with a strategy that outlines and defines the mechanisms an organization uses to ensure that its constituents follow established processes and policies. Without policies and procedures in place, risk and compliance are rather irrelevant.
However, once governance is established, risk management, the way that an organization sets the risk tolerance, can work to identify potential risks and prioritizes the tolerance for risk based on the organization’s business objectives. Effective risk management works to leverage internal controls to manage and mitigate risk throughout the organization.
Finally, compliance records and monitors the controls needed to ensure compliance with legislative or industry mandates, as well as internal policies.
When all parts of the process work well, organizations can reap the rewards of being able to manage risk and maintain a level of compliance that brings trust and integrity to the enterprise.
Making the GRC Equation Work
It all seems easy enough, but when you delve into the process, it's not hard to become overwhelmed by the details involved with determining the policies and procedures by which you will govern, manage and comply.
CMSWire has compiled a list of processes and tools needed to ensure that issues of governance, risk and compliance are addressed effectively. Incorporating the policies and guidelines that will oversee the way your organization will manage risk is daunting. It requires you to be part visionary, technology guru and investigator all at once. But it can be simplified if you think about the ways that make information easy to manage, store and share.
Compatibility
Since computers became basic office essentials, there have been many iterations of software and updates galore that can make information inaccessible and unreadable. Be prepared to have information saved in a compatible format.
This will require you to think long term about technology needs so that information strategies that include the use of format standards (e.g. TIFF or PDF/A) and audited content refresh cycles, will ensure that information remains accessible for the whole period that it is being kept for.
Keep these processes in mind when talking with vendors and other third-party contractors.
Disaster Recovery
It's called disaster recovery for a reason. Whether it's a hurricane or the delete key, organizations need to create electronic and manual processes to back up data when obstacles arise. In a controlled environment, the system also needs to provide specific “hold” or “freeze” mechanisms which prevent normal information disposition schedules from inadvertently removing critical information, for example, when litigation is in progress.
Searchability and Discoverability
Companies generate a lot of information. How will you be able to find exactly what you need? Effectively organizing, categorizing and prioritizing (metadata, keywords) your files will not only let you find what you need when you need it, but should you ever be subject to litigation it will come in handy.
Continue reading this article:
Email It
