Video: Customer Communication in the World of Alexa
March 27, 2017
Video: Customer Communications Solutions Hosted in the Cloud
April 3, 2017

Aligning Your Corporate Information Management Procedures with Your Approach to Disposition

It’s no longer enough just to build stronger walls to protect corporate information. Today’s Chief Information Security Officers (CISOs) must also address information management as part of their day-to-day practice, as a complement to the more traditional focus on building stronger defenses against breaches. One part of information management is to make sure repositories contain as little sensitive data as possible, and appropriate access rights have been assigned that information.

I’ve been posting on Doculabs’ information management program framework—i.e. what you need to do to execute information management successfully and help minimize the impact of a breach. The five components of the framework are as follows:

  • Defensible content disposition playbook
  • Policy alignment
  • Procedure alignment
  • Content cleanup
  • Change management

With this post, we’re now on to the third item on the list: procedure alignment.

The defensible disposition playbook (outlined in the first post in this series) defines the parameters within which a purge or migration needs to operate in order to be legally defensible. My second post showed how to align that playbook with corporate policies for managing information. Now, with your defensible disposition playbook done and information management policies aligned to it, it’s time to make sure the procedures your technical employees are following to migrate and purge their data are aligned to the playbook and the policies.

These procedures will be very specific to your organization, because they will be based on the technology currently in use to purge or migrate data. The procedures should provide detailed, step-by-step guidance for how to purge or migrate data—procedures which, if followed, will make it reasonable for a future court or regulatory body to assume that the policies and playbook are also being followed.

These procedures should be granular; you don’t want a procedure for “migrating content.” Instead, you want to specify a series of procedures to guide your technical resources in migrating content. For example:

  • File analytics procedure: to guide technical resources in using file analytics tools to find “junk,” stale, and sensitive content
  • Migration procedure: to guide technical resources in using migration tools to migrate the in-scope content from the source to target systems
  • Testing procedure: to guide technical resources in how to test the results of the migration to determine where it went according to plan, and where it didn’t
  • Remediation procedure: to guide technical resources on how to remediate the migration if it didn’t go as planned

If you’re looking for expert assistance in assessing and remediating your organization’s migration and purge procedures, we’d be happy to help. Doculabs has worked with firms in a wide range of industries across the Fortune 1000, applying its expertise to review their information management policies and procedures, helping them remediate those policies and procedures to address the client’s unique needs. Check out our information security services, and see what we can do to help you make sure your planned content purge or migration addresses the required legal standards.