All organisations, whether they are from the private, public or third sector, have obligations to demonstrate that they are managing their information correctly. These obligations may originate from legislation, from organisational form, or from scrutiny by external bodies or stakeholders. An enterprise must be aware of, and apply, the principles of information assurance to ensure that all appropriate controls, from physical, technical, through to administrative, are used to accomplish assurance, minimise risk and capitalize on its information. Information assurance is so much more than putting in technical controls and requires a much more holistic approach that addresses information issues first and foremost.
Metataxis has considerable experience in the area of managing risk related to an organisation’s information. We can advise on the following areas covering information use, processing, storage and transmission of information:
- Information inventories: finding out what information your organisation holds is an important step in understanding and managing it.
- Governance: critical to governance is the allocation of defined information roles and responsibilities.
- Policies and procedures: providing staff with clear, practical and unambiguous frameworks and guidance to manage your information assets.
- Protective marking: an important component of information security is having a protective marking scheme that your staff can easily understand and implement.
- Information risk management: delivering the trust required to ensure that any risk to your information assets are identified and a risk mitigation action plan implemented.
- Compliance: providing the internal audit frameworks (such as Privacy Impact Assessments) to check staff are managing your information according to your information assurance guidelines.
- Vital information: identifying your organisation’s vital information and associated processes and ensuring they are protected appropriately.
- Monitoring: without the appropriate auditing and monitoring framework, organisations will not be able to provide assurance on the effectiveness of their information and data management controls. Active and ongoing monitoring helps drive continuous improvement in the management of their information assets