Data protection and information governance
Information governance is to do with the rules that should be followed when we process information. It allows organisations and individuals to ensure information is processed legally, securely, efficiently and effectively. Information governance applies to all the types of information which organisations may process, but the rules may differ according to the type of information concerned.
Information governance is the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organisation's immediate and future regulatory, legal, risk, environmental and operational requirements.
It should determine the balance point between two potentially divergent organisational goals: extracting value from information and reducing the potential risk of information. Information governance reduces organisational risk in the fields of compliance, operational transparency, and reducing expenditures associated with e-discovery and litigation response.
An organisation can establish a consistent and logical framework for employees to handle data through their information governance policies and procedures. These policies guide proper behaviour regarding how organisations and their employees handle electronically stored information.
Data breach incidents and response plans
An incident response plan should be incorporated into the audit universe. We look at the features that should be included in the plan.
A new EU directive on data protection is imminent. Internal auditors need to understand how it will affect their organisation.
Data security in third party agreements
Asking a third party to provide a service or product can deliver important benefits – it also increases exposure to loss, theft and misuse of data.