Compliance is one of the component of the widely discussed GRC (governance, risk, and compliance) framework, which integrates three key elements of organizational strategy, the other two being governance and risk. The GRC framework encompasses all aspects of organizational strategy and operations, including those that involve the creation, collection, retention, disclosure, ownership, and use of information by companies, government agencies, and non-profit entities. Information governance develops strategies, policies, and initiatives to maximize the value of an organization's information assets. Information risk management is responsible for identifying, analyzing, and controlling threats to those assets. Information compliance seeks to align an organization's information-related policies and practices with applicable requirements. Academic researchers, legal commentators, and management specialists have traditionally viewed compliance as a legal concern, but compliance is a multi-faceted concept. While adherence to legal and regulatory requirements is widely acknowledged as a critical component of compliance initiatives, it is not the only one. Taking a broader approach, this book identifies, categorizes, and provides examples of information compliance requirements that are specified in laws, regulations, contracts, standards, industry norms, and an organization's code of conduct and other internal policies. It also considers compliance with social and environmental concerns that are impacted by an organization's information-related policies and practices. The book is intended for compliance officers, information governance specialists, risk managers, attorneys, records managers, information technology managers, and other decision-makers who need to understand legal and non-legal compliance requirements that apply to their organizations' information assets. It can also be used as a textbook by colleges and universities that offer courses in compliance, risk management, information governance, or related topics at the graduate or advanced undergraduate level.

Compliance is one of the component of the widely discussed GRC (governance, risk, and compliance) framework, which integrates three key elements of organizational strategy, the other two being governance and risk. The GRC framework encompasses all aspects of organizational strategy and operations, including those that involve the creation, collection, retention, disclosure, ownership, and use of information by companies, government agencies, and non-profit entities. Information governance develops strategies, policies, and initiatives to maximize the value of an organization's information assets. Information risk management is responsible for identifying, analyzing, and controlling threats to those assets. Information compliance seeks to align an organization's information-related policies and practices with applicable requirements. Academic researchers, legal commentators, and management specialists have traditionally viewed compliance as a legal concern, but compliance is a multi-faceted concept. While adherence to legal and regulatory requirements is widely acknowledged as a critical component of compliance initiatives, it is not the only one. Taking a broader approach, this book identifies, categorizes, and provides examples of information compliance requirements that are specified in laws, regulations, contracts, standards, industry norms, and an organization's code of conduct and other internal policies. It also considers compliance with social and environmental concerns that are impacted by an organization's information-related policies and practices. The book is intended for compliance officers, information governance specialists, risk managers, attorneys, records managers, information technology managers, and other decision-makers who need to understand legal and non-legal compliance requirements that apply to their organizations' information assets. It can also be used as a textbook by colleges and universities that offer courses in compliance, risk management, information governance, or related topics at the graduate or advanced undergraduate level.

Records and Information Management: Fundamentals of Professional Practice, Fourth Edition presents principles and practices for systematic management of recorded information. It is anauthoritative resource for newly appointed records managers and information governance specialists as well as for experienced records management and information governance professionals who want a review of specific topics. It is also a textbook for undergraduate and graduate students of records management or allied disciplines-such as library science, archives management, information systems, and office administration-that are concerned with the storage, organization, retrieval, retention, or protection of recorded information. The fourth edition has been thoroughly updated and expanded to: Set the professional discipline of RIM in the context of information governance, risk mitigation, and compliance andindicate how it contributes to those initiatives in government agencies, businesses, and not-for-profit organizations Provide a global perspective, with international examples and a discussion of the differences in records management issuesin different parts of the world. Its seven chapters are practical, rather than theoretical, and reflect the scope andresponsibilities of RIM programs in all types of organizations. Emphasize best practices and relevant standards. The book is organized into seven chapters that reflect the scope and responsibilities of records and information management programs in companies, government agencies, universities, cultural and philanthropic institutions, professional services firms, and other organizations. Topics covered include the conceptual foundations of systematic records management, the role of records management as a business discipline, fundamentals of record retention, management of active and inactive paper records, document imaging technologies and methods, concepts and technologies for organization and retrieval of digital documents, and protection ofmission-critical records. In every chapter, the treatment is practical rather than theoretical. Drawing on the author's extensiveexperience supplemented by insights from records management publications, the book emphasizes key concepts and proven methods that readers can use to manage electronic and physical records.

Managing Information Risks: Threats, Vulnerabilities, and Responses identifies and categorizes risks related to creation, collection, storage, retention, retrieval, disclosure and ownership of information in organizations of all types and sizes. It is intended for risk managers, information governance specialists, compliance officers, attorneys, records managers, archivists, and other decision-makers, managers, and analysts who are responsible for risk management initiatives related to their organizations' information assets. An opening chapter defines and discusses risk terminology and concepts that are essential for understanding, assessing, and controlling information risk. Subsequent chapters provide detailed explanations of specific threats to an organization's information assets, an assessment of vulnerabilities that the threats can exploit, and a review of available options to address the threats and their associated vulnerabilities. Applicable laws, regulations, and standards are cited at appropriate points in the text. Each chapter includes extensive endnotes that support specific points and provide suggestions for further reading. While the book is grounded in scholarship, the treatment is practical rather than theoretical. Each chapter focuses on knowledge and recommendations that readers can use to: -heighten risk awareness within their organizations, -identify threats and their associated consequences, -assess vulnerabilities, -evaluate risk mitigation options, -define risk-related responsibilities, and -align information-related initiatives and activities with their organizations' risk management strategies and policies. Compared to other works, this book deals with a broader range of information risks and draws on ideas from a greater variety of disciplines, including business process management, law, financial analysis, records management, information science, and archival administration. Most books on this topic associate information risk with digital data, information technology, and cyber security. This book covers risks to information of any type in any format, including paper and photographic records as well as digital content.

Managing Information Risks: Threats, Vulnerabilities, and Responses identifies and categorizes risks related to creation, collection, storage, retention, retrieval, disclosure and ownership of information in organizations of all types and sizes. It is intended for risk managers, information governance specialists, compliance officers, attorneys, records managers, archivists, and other decision-makers, managers, and analysts who are responsible for risk management initiatives related to their organizations' information assets. An opening chapter defines and discusses risk terminology and concepts that are essential for understanding, assessing, and controlling information risk. Subsequent chapters provide detailed explanations of specific threats to an organization's information assets, an assessment of vulnerabilities that the threats can exploit, and a review of available options to address the threats and their associated vulnerabilities. Applicable laws, regulations, and standards are cited at appropriate points in the text. Each chapter includes extensive endnotes that support specific points and provide suggestions for further reading. While the book is grounded in scholarship, the treatment is practical rather than theoretical. Each chapter focuses on knowledge and recommendations that readers can use to: -heighten risk awareness within their organizations, -identify threats and their associated consequences, -assess vulnerabilities, -evaluate risk mitigation options, -define risk-related responsibilities, and -align information-related initiatives and activities with their organizations' risk management strategies and policies. Compared to other works, this book deals with a broader range of information risks and draws on ideas from a greater variety of disciplines, including business process management, law, financial analysis, records management, information science, and archival administration. Most books on this topic associate information risk with digital data, information technology, and cyber security. This book covers risks to information of any type in any format, including paper and photographic records as well as digital content.

Records and Information Management: Fundamentals of Professional Practice, Fourth Edition presents principles and practices for systematic management of recorded information. It is anauthoritative resource for newly appointed records managers and information governance specialists as well as for experienced records management and information governance professionals who want a review of specific topics. It is also a textbook for undergraduate and graduate students of records management or allied disciplines-such as library science, archives management, information systems, and office administration-that are concerned with the storage, organization, retrieval, retention, or protection of recorded information. The fourth edition has been thoroughly updated and expanded to: Set the professional discipline of RIM in the context of information governance, risk mitigation, and compliance andindicate how it contributes to those initiatives in government agencies, businesses, and not-for-profit organizations Provide a global perspective, with international examples and a discussion of the differences in records management issuesin different parts of the world. Its seven chapters are practical, rather than theoretical, and reflect the scope andresponsibilities of RIM programs in all types of organizations. Emphasize best practices and relevant standards. The book is organized into seven chapters that reflect the scope and responsibilities of records and information management programs in companies, government agencies, universities, cultural and philanthropic institutions, professional services firms, and other organizations. Topics covered include the conceptual foundations of systematic records management, the role of records management as a business discipline, fundamentals of record retention, management of active and inactive paper records, document imaging technologies and methods, concepts and technologies for organization and retrieval of digital documents, and protection ofmission-critical records. In every chapter, the treatment is practical rather than theoretical. Drawing on the author's extensiveexperience supplemented by insights from records management publications, the book emphasizes key concepts and proven methods that readers can use to manage electronic and physical records.

The extensively updated fourth edition of this best-selling classic is an essential practical resource for anyone responsible for the creation, maintenance, management, control and use of electronic records created by computer, audio and video systems. Written by renowned author and educator William Saffady and co-published by ARMA International, this timely guide thoroughly examines the pertinent concepts, procedures, methods of protection and daily management guidelines involved in this rapidly expanding field. Saffady provides start-to-finish guidance for initiating effective programs for storing, retrieving and controlling electronic records, with coverage of vital components including: Concepts and Issues; Storage Media; File Formats; Inventorying; Retention Schedules; Managing Vital Electronic Records; and Managing Electronic Files and Media. Valuable appendices provide suggestions for further study and research, and a comprehensive glossary defines important terms as they relate specifically to the records management arena.