Information Governance
Compliance overview
Information governance and IT security remain a high priority for all organisations. Many organisations find NETconsent automated policy management software helps to raise awareness of, and measure understanding of policies and procedures relating to the Information governance legislation and standards.
NETconsent supports information governance through:
Electronic acceptance of policies at logon – the most practical, reliable, and cost-effective method of ensuring that all users read and accept information assurance, as well as other IT usage policies.
Recording information about when a user accepted or declined a policy – so there is no ambiguity over policy version control.
Showing how well a user has understood each policy – by testing their understanding, thereby identifying knowledge gaps and enabling risk mitigation.
Managing user privileges – ensuring data and information is locked down, and permissions allocated by job type.
Multiple communication options – the end user can access documents in a number of different ways both voluntarily or by corporate enforcement.
Real-time management reports – that show overall levels of compliance crucial to improving IT governance.
Ensuring people understand the value of security policies and procedures has a lasting impact on information assurance and regulatory compliance.
Requirements of information governance
Information governance challenges
Organisations are legally obliged to take all appropriate technical and organisational measures to avoid accidential loss or disclosure of the information it holds, as well as unauthorised or unlawful processing of data. Helping employees to become aware of potential threats is paramount in the fight for improved information governance.
Due to the accelerating pace of technology, it is becoming increasingly impossible for IT departments to keep one step ahead of new security threats through technology enforcement alone. The evolving work environment, and growing importance of social networking applications is changing the computing habits of employees, opening up ever more threats to information governance.
About information governance
Complying with regulatory requirements is essential to avoid reputational damage, fines, high cost of litigation, as well as the costs of putting issues right. Examples of legislation and standards requiring adherence:
Data Protection Act 1998
Human Rights Act 1998
Freedom of Information Act 2000
The 1990 Computer Misuse Act
Regulation of Investigatory Powers Act 2000
Payment Card Industry Security Standards Council
Caldicott Report
HSC 1999/053 Records Management
N3 – Information Governance Toolkit