It’s no longer enough just to build stronger walls to protect corporate information. Today’s Chief Information Security Officers (CISOs) must also address information management as part of their day-to-day practice, as a complement to the more traditional focus on building stronger defenses against breaches. One part of information management is to make sure repositories contain as little sensitive data as possible, and appropriate access rights have been assigned that information.
I’ve been posting on Doculabs’ information management program framework—i.e. what you need to do to execute information management successfully and help minimize the impact of a breach. The five components of the framework are as follows:
With this post, we’re now on to the third item on the list: procedure alignment.
The defensible disposition playbook (outlined in the first post in this series) defines the parameters within which a purge or migration needs to operate in order to be legally defensible. My second post showed how to align that playbook with corporate policies for managing information. Now, with your defensible disposition playbook done and information management policies aligned to it, it’s time to make sure the procedures your technical employees are following to migrate and purge their data are aligned to the playbook and the policies.
These procedures will be very specific to your organization, because they will be based on the technology currently in use to purge or migrate data. The procedures should provide detailed, step-by-step guidance for how to purge or migrate data—procedures which, if followed, will make it reasonable for a future court or regulatory body to assume that the policies and playbook are also being followed.
These procedures should be granular; you don’t want a procedure for “migrating content.” Instead, you want to specify a series of procedures to guide your technical resources in migrating content. For example:
If you’re looking for expert assistance in assessing and remediating your organization’s migration and purge procedures, we’d be happy to help. Doculabs has worked with firms in a wide range of industries across the Fortune 1000, applying its expertise to review their information management policies and procedures, helping them remediate those policies and procedures to address the client’s unique needs. Check out our information security services, and see what we can do to help you make sure your planned content purge or migration addresses the required legal standards.