How Governance Can Address Compliance ChallengesBy Guest Author | Posted 2016-05-27 Email Print
Corporations must prepare for regulatory inquiries and arm against data breaches. That should start with proactive, strategic information governance practices.
Because sensitive data resides across a wide range of platforms in a corporate network, it is imperative to understand every system and repository that contains regulated information, and to implement comprehensive policies—and technology systems—that can ensure nothing sensitive is deleted or subject to tampering.
Creating a data map of information assets across cloud applications and other systems helps separate obsolete data from sensitive data, making it much easier to maintain compliant data preservation. When establishing these processes, stakeholders can take inventory of and address existing and anticipated regulatory and legal obligations on data prior to its disposal, and then standardize processes accordingly.
3. Enforce the information governance policy.
The key to enforcing policy is to understand current retention and deletion protocols, how backup data is handled, and what security controls are already in place. Once these steps have been taken, IT and compliance teams should closely monitor the systems to ensure that the policies—plus preservation and deletion obligations—are being sustained across all business units and data repositories.
Going one step further, processes can be established to flag noncompliance and enable teams to respond when issues arise. When policies are consistently followed and documented, and the organization can demonstrate enforcement, it becomes much easier to prove and defend compliance.
Finally, it is critical for corporations to be prepared to handle an evolving regulatory landscape. They should take the first step of examining the regulations and new cyber-security efforts closely to fully understand the expectations and pitfalls of maintaining compliance.
When problems arise, it's helpful to work with outside experts to conduct a postmortem to identify weak points in the overall information governance and compliance structure. Findings can inform key stakeholders of where improvements need to be made and can help toward obtaining buy-in from executives who may be reluctant to invest time and money into IG.
Jake Frazier is a senior managing director at FTI Consulting, based in Houston. He heads the information governance and compliance practice in the technology segment. Frazier is a founding member of the Electronic Discovery Reference Model and is also a member of the Sedona Conference.