Before you look at how to protect your valuable information it is important to be clear on what information you need to protect and where it sits in your organisation. This is a vital first step in the Information Risk Management process (see Ascentor’s 4 step Information Risk Management Process )and one that is sometimes forgotten.
Things change fast with business and information
Many organisations carried out a data audit when privacy legislation first came in (this was a requirement of the Data Protection Act of 1998 ) but this was a long time ago now. It was a snapshot in time, and things change fast when it comes to business and information.
As your company grows, so do your information risks. Information volumes creep up over time: strategic decisions, new projects, new partnerships, new technology – all have an impact and require careful change management.
Is that new information more or less valuable than that previously held; does that new contract require more or less rigour in the protection of the customer’s data? Important questions that need an answer.
The need for regular audit
In the way that good stock control starts with an understanding of what stock is held and where it can be found, so the management of information and consequently information risks must start with knowing what information is held and where. But this can’t be a ‘once and done’ activity.
Organisation’s need a regular audit process that allows for the recording of all information and where it sits. Regular information audits will help you to understand the value of your information – a crucial process to embed in the business, ideally undertaken every year; sometimes more often in high risk or dynamic environments.
Good decisions require good information
Knowing what and where your valuable information is will enable you to make better investment decisions on how to protect it, ensuring money is spent on controls that mitigate the risks you care about the most, not the ones the hardware and software resellers want you to spend money on.
Managing information risks gives you the visibility and confidence you need to make the right decisions to protect your information and strengthen your business. It all starts with knowing what information, where.
Is it time for an information audit?
Article by Dave James , MD of Ascentor