William Saffady - Böcker

Managing Information Risks: Threats, Vulnerabilities, and Responses identifies and categorizes risks related to creation, collection, storage, retention, retrieval, disclosure and ownership of information in organizations of all types and sizes. It is intended for risk managers, information governance specialists, compliance officers, attorneys, records managers, archivists, and other decision-makers, managers, and analysts who are responsible for risk management initiatives related to their organizations’ information assets. An opening chapter defines and discusses risk terminology and concepts that are essential for understanding, assessing, and controlling information risk. Subsequent chapters provide detailed explanations of specific threats to an organization’s information assets, an assessment of vulnerabilities that the threats can exploit, and a review of available options to address the threats and their associated vulnerabilities. Applicable laws, regulations, and standards are cited at appropriate points in the text. Each chapter includes extensive endnotes that support specific points and provide suggestions for further reading. While the book is grounded in scholarship, the treatment is practical rather than theoretical. Each chapter focuses on knowledge and recommendations that readers can use to:heighten risk awareness within their organizations, identify threats and their associated consequences, assess vulnerabilities, evaluate risk mitigation options, define risk-related responsibilities, and align information-related initiatives and activities with their organizations’ risk management strategies and policies. Compared to other works, this book deals with a broader range of information risks and draws on ideas from a greater variety of disciplines, including business process management, law, financial analysis, records management, information science, and archival administration. Most books on this topic associate information risk with digital data, information technology, and cyber security. This book covers risks to information of any type in any format, including paper and photographic records as well as digital content.

Managing Information Risks: Threats, Vulnerabilities, and Responses identifies and categorizes risks related to creation, collection, storage, retention, retrieval, disclosure and ownership of information in organizations of all types and sizes. It is intended for risk managers, information governance specialists, compliance officers, attorneys, records managers, archivists, and other decision-makers, managers, and analysts who are responsible for risk management initiatives related to their organizations’ information assets. An opening chapter defines and discusses risk terminology and concepts that are essential for understanding, assessing, and controlling information risk. Subsequent chapters provide detailed explanations of specific threats to an organization’s information assets, an assessment of vulnerabilities that the threats can exploit, and a review of available options to address the threats and their associated vulnerabilities. Applicable laws, regulations, and standards are cited at appropriate points in the text. Each chapter includes extensive endnotes that support specific points and provide suggestions for further reading. While the book is grounded in scholarship, the treatment is practical rather than theoretical. Each chapter focuses on knowledge and recommendations that readers can use to:heighten risk awareness within their organizations, identify threats and their associated consequences, assess vulnerabilities, evaluate risk mitigation options, define risk-related responsibilities, and align information-related initiatives and activities with their organizations’ risk management strategies and policies. Compared to other works, this book deals with a broader range of information risks and draws on ideas from a greater variety of disciplines, including business process management, law, financial analysis, records management, information science, and archival administration. Most books on this topic associate information risk with digital data, information technology, and cyber security. This book covers risks to information of any type in any format, including paper and photographic records as well as digital content.

Records and Information Management: Fundamentals of Professional Practice, Fourth Edition presents principles and practices for systematic management of recorded information. It is an authoritative resource for newly appointed records managers and information governance specialists as well as for experienced records management and information governance professionals who want a review of specific topics. It is also a textbook for undergraduate and graduate students of records management or allied disciplines—such as library science, archives management, information systems, and office administration—that are concerned with the storage, organization, retrieval, retention, or protection of recorded information.The fourth edition has been thoroughly updated and expanded to:Set the professional discipline of RIM in the context of information governance, risk mitigation, and compliance and indicate how it contributes to those initiatives in government agencies, businesses, and not-for-profit organizationsProvide a global perspective, with international examples and a discussion of the differences in records management issues in different parts of the world. Its seven chapters are practical, rather than theoretical, and reflect the scope and responsibilities of RIM programs in all types of organizations. Emphasize best practices and relevant standards.The book is organized into seven chapters that reflect the scope and responsibilities of records and information management programs in companies, government agencies, universities, cultural and philanthropic institutions, professional services firms, and other organizations. Topics covered include the conceptual foundations of systematic records management, the role of records management as a business discipline, fundamentals of record retention, management of active and inactive paper records, document imaging technologies and methods, concepts and technologies for organization and retrieval of digital documents, and protection of mission-critical records. In every chapter, the treatment is practical rather than theoretical. Drawing on the author’s extensive experience supplemented by insights from records management publications, the book emphasizes key concepts and proven methods that readers can use to manage electronic and physical records.

Records and Information Management: Fundamentals of Professional Practice, Fourth Edition presents principles and practices for systematic management of recorded information. It is an authoritative resource for newly appointed records managers and information governance specialists as well as for experienced records management and information governance professionals who want a review of specific topics. It is also a textbook for undergraduate and graduate students of records management or allied disciplines—such as library science, archives management, information systems, and office administration—that are concerned with the storage, organization, retrieval, retention, or protection of recorded information.The fourth edition has been thoroughly updated and expanded to:Set the professional discipline of RIM in the context of information governance, risk mitigation, and compliance and indicate how it contributes to those initiatives in government agencies, businesses, and not-for-profit organizationsProvide a global perspective, with international examples and a discussion of the differences in records management issues in different parts of the world. Its seven chapters are practical, rather than theoretical, and reflect the scope and responsibilities of RIM programs in all types of organizations. Emphasize best practices and relevant standards.The book is organized into seven chapters that reflect the scope and responsibilities of records and information management programs in companies, government agencies, universities, cultural and philanthropic institutions, professional services firms, and other organizations. Topics covered include the conceptual foundations of systematic records management, the role of records management as a business discipline, fundamentals of record retention, management of active and inactive paper records, document imaging technologies and methods, concepts and technologies for organization and retrieval of digital documents, and protection of mission-critical records. In every chapter, the treatment is practical rather than theoretical. Drawing on the author’s extensive experience supplemented by insights from records management publications, the book emphasizes key concepts and proven methods that readers can use to manage electronic and physical records.

Compliance is one of the component of the widely discussed GRC (governance, risk, and compliance) framework, which integrates three key elements of organizational strategy, the other two being governance and risk. The GRC framework encompasses all aspects of organizational strategy and operations, including those that involve the creation, collection, retention, disclosure, ownership, and use of information by companies, government agencies, and non-profit entities. Information governance develops strategies, policies, and initiatives to maximize the value of an organization’s information assets. Information risk management is responsible for identifying, analyzing, and controlling threats to those assets. Information compliance seeks to align an organization’s information-related policies and practices with applicable requirements. Academic researchers, legal commentators, and management specialists have traditionally viewed compliance as a legal concern, but compliance is a multi-faceted concept. While adherence to legal and regulatory requirements is widely acknowledged as a critical component of compliance initiatives, it is not the only one. Taking a broader approach, this book identifies, categorizes, and provides examples of information compliance requirements that are specified in laws, regulations, contracts, standards, industry norms, and an organization’s code of conduct and other internal policies. It also considers compliance with social and environmental concerns that are impacted by an organization’s information-related policies and practices. The book is intended for compliance officers, information governance specialists, risk managers, attorneys, records managers, information technology managers, and other decision-makers who need to understand legal and non-legal compliance requirements that apply to their organizations’ information assets. It can also be used as a textbook by colleges and universities that offer courses in compliance, risk management, information governance, or related topics at the graduate or advanced undergraduate level.

Compliance is one of the component of the widely discussed GRC (governance, risk, and compliance) framework, which integrates three key elements of organizational strategy, the other two being governance and risk. The GRC framework encompasses all aspects of organizational strategy and operations, including those that involve the creation, collection, retention, disclosure, ownership, and use of information by companies, government agencies, and non-profit entities. Information governance develops strategies, policies, and initiatives to maximize the value of an organization’s information assets. Information risk management is responsible for identifying, analyzing, and controlling threats to those assets. Information compliance seeks to align an organization’s information-related policies and practices with applicable requirements. Academic researchers, legal commentators, and management specialists have traditionally viewed compliance as a legal concern, but compliance is a multi-faceted concept. While adherence to legal and regulatory requirements is widely acknowledged as a critical component of compliance initiatives, it is not the only one. Taking a broader approach, this book identifies, categorizes, and provides examples of information compliance requirements that are specified in laws, regulations, contracts, standards, industry norms, and an organization’s code of conduct and other internal policies. It also considers compliance with social and environmental concerns that are impacted by an organization’s information-related policies and practices. The book is intended for compliance officers, information governance specialists, risk managers, attorneys, records managers, information technology managers, and other decision-makers who need to understand legal and non-legal compliance requirements that apply to their organizations’ information assets. It can also be used as a textbook by colleges and universities that offer courses in compliance, risk management, information governance, or related topics at the graduate or advanced undergraduate level.

Information governance is the framework an organization follows for managing, storing, archiving, and deleting information. Information governance depends on technology to organize and analyze information, manage the information lifecycle, retrieve information needed for a given purpose, and address risk management, compliance, and security requirements related to information. This book surveys nine technologies that support information governance initiatives: Electronic Content Management (ECM), Records Management Application (RMA) software, digital preservation application, email archiving systems, Digital Asset Management (DAM), web and social media archiving applications, e-discovery software, GRC software, and database archiving software. Some of these technologies are broadly applicable and widely implemented; others support specialized business operations. For each technology, the book explains its historical development and business purpose, identifies applicable standards and best practices, describes the basic and advanced features of commercially available products, and examines issues and concerns related to product evaluation, selection, and implementation. Written by an expert in the field, William Saffady, this book is intended for information governance specialists, information technology managers, records managers, and others who are responsible for evaluating, acquiring, and implementing technology that enhances the efficient and effectiveness of an organization’s information governance program and the work of its constituent disciplines.

Information governance is the framework an organization follows for managing, storing, archiving, and deleting information. Information governance depends on technology to organize and analyze information, manage the information lifecycle, retrieve information needed for a given purpose, and address risk management, compliance, and security requirements related to information. This book surveys nine technologies that support information governance initiatives: Electronic Content Management (ECM), Records Management Application (RMA) software, digital preservation application, email archiving systems, Digital Asset Management (DAM), web and social media archiving applications, e-discovery software, GRC software, and database archiving software. Some of these technologies are broadly applicable and widely implemented; others support specialized business operations. For each technology, the book explains its historical development and business purpose, identifies applicable standards and best practices, describes the basic and advanced features of commercially available products, and examines issues and concerns related to product evaluation, selection, and implementation. Written by an expert in the field, William Saffady, this book is intended for information governance specialists, information technology managers, records managers, and others who are responsible for evaluating, acquiring, and implementing technology that enhances the efficient and effectiveness of an organization’s information governance program and the work of its constituent disciplines.

The extensively updated fourth edition of this bestselling classic is an essential practical resource for anyone responsible for the creation, maintenance, management, control, and use of electronic records created by computer, audio, and video systems. Written by renowned author and educator William Saffady and co-published by ARMA International, this timely guide thoroughly examines the pertinent concepts, procedures, methods of protection, and daily management guidelines involved in this rapidly expanding field.Saffady provides start-to-finish guidance for initiating effective programs for storing, retrieving and controlling electronic records, with coverage of vital components including:Concepts and issuesStorage mediaFile formatsInventoryingRetention schedulesManaging vital electronic recordsManaging electronic files and mediaValuable appendices provide suggestions for further study and research, and a comprehensive glossary defines important terms as they relate specifically to the records management arena.