E-Policies Assessments
Managing risk requires a comprehensive understanding of your business needs (current and anticipated) and applicable legal requirements. For example, are you:
- obtaining and managing confidential information owned by others (e.g., customers’ design specifications, or employees’ medical records)?
- using service bureaus to process your payrolls or medical insurance plans?
- operating in a sector where there are specific regulations governing retention of Instant Message logs?
- frequently having to find and produce email messages in the course of litigation?
The first step in approaching e-policy development is to determine what information is carried in your networks and how long you need to hold on to this information. (After all, if there’s no longer a reason to retain information, and if you’ve properly disposed of it, you’ll have less risk of losing it and less cost associated with storing it.) We’ll help you inventory the information assets you require, and help you determine how long you need to retain each information type (measured by both operations needs and legal requirements). Then, we’ll help you implement information management policies for:
- information security
- employee use of company IT tools
- information privacy, and
- record-retention programs
We’ll produce easy-to-implement training programs to accompany all policy pronouncements, and give you the ability to “train-the-trainer” so you can push these techniques down into your organization.
