Evaluate and plan your information governance programme
What’s the problem?
Regulatory, legislative and operational requirements continue to increase, with information governance risks regularly appearing on the Board agenda.
Does your organisation have an appropriate information governance programme in place and a plan to improve it?
Understanding what you currently have in place, combined with an Action Plan to help you reduce risk, improve your information governance maturity, and strengthen your operational resilience, is what our Information Governance Maturity Assessments deliver.
Our Maturity Assessments are technology-agnostic and based on sound information governance principles, meaning they provide guidance tailored to your organisation rather than a ‘buy Product X and all your problems are solved’ approach.
An Oyster IMS Information Governance Maturity Assessment comes as a standard package, including a Gap Analysis against best practice, recommendations for your type of organisation, and a tailored Action Plan.
Where should we be?
Next, we will plot your current status against where we think you should be.
This recommended level will be a function of a number of factors, including:
- Your organisation size and business sector
- If you are in a regulated industry
- If you process personal data
- Your vendor and supplier relationships
- If you have a large number of outsourced processes
You’ll be able to see where the big gaps are and work out what you should deal with first.
How are we going to get there?
A prioritised, phased Action Plan tailored to your organisation
This will tell you how to go about bridging the gaps and will be prioritised and phased to ensure that you can focus on the most important activities first.
These activities can be carried out by your own team or in conjunction with Oyster IMS, the choice is yours.
In addition, Oyster IMS will highlight any areas where a deeper dive may be required into any identified areas of risk.
Example phase one: Disposition Actions
- Identify your systems where the data disposition policy is not applied and implement disposition processes.
- Update the data disposition policy to include the capability to suspend data disposition.
- Document processes to facilitate data disposition suspensions.
- Identify all data systems that do not have the capability to provide secure data deletion.
- Develop a plan to replace data systems that cannot support secure data deletion.
