Elevate the power of your work
Get a FREE consultation today!
As a national critical services operator, maintaining compliance with the Security of Network & Information Systems Regulations (NIS Regulations) remains a top priority as the UK looks to increase cybersecurity and systems resilience.
As a national critical services operator, maintaining compliance with the Security of Network & Information Systems Regulations (NIS Regulations) remains a top priority as the UK looks to increase cybersecurity and systems resilience.
However, the organisation had experienced major change with considerable loss of knowledge and resources, a situation not helped by unexpected redundancy and furlough schemes introduced by the pandemic.
“Over the last few years we’ve seen significant increase in big data, compliance pressures, and cyber and security threats,” said a company spokesperson.
“At the same time, our workforce has almost halved creating gaps in organisational structure and process. So, we began looking for an information governance specialist to help identify areas of potential weakness that posed the biggest risks, as well as those that were performing well.”
Information Governance (IG) is a subset of corporate governance, which describes how well an organisation manages the totality of its information – from creation, retention and disposition to robust policies and technologies.
IG extends right across the business including disciplines such as information security, data privacy and protection, records and information management, litigation readiness, regulatory compliance, long term digital preservation, analytics and infonomics. “It was an opportunity to take a close look at information, access policies and internal processes,” the spokesperson added. “And, to do that objectively through the eyes of an impartial expert.”
Following a competitive tender with subsequent solution demonstrations and conversations with vendors’ clients, the organisation engaged with Iron Mountain® Information Governance Advisory Services.
“Iron Mountain ticked far more boxes than the rest,” the spokesperson explained. “They presented a very solid methodology with clear milestones and tasks. By the end of our first meeting we’d established a joint working group with cybersecurity, IT, privacy, risk, finance and other key stakeholders.”
Specifically tasked with focusing on digital information and records, Iron Mountain specialists set about assessing IG maturity using Iron Mountain’s IGHealthRate™ tool. Along with reviewing current IG policies and procedures, they rigorously examined core IT systems used to manage records and information.
Next, Iron Mountain worked closely with the client to produce an effective IG strategy and business case. This was underpinned by a practical roadmap to deliver the improvement programme, plus a short term action plan to remediate high and very high risk practices across the organisation.
Although detailed findings from IG assessments always remain classified, examples of the business outcomes achieved can be shared.
The roadmap focused on the need to improve lG leadership and governance, data ownership and accountability, data classification, retention, destruction and IG culture and behaviours. The client is also exploring how machine learning and AI technology could improve their information governance.
Healthcare
The client, a heavily regulated UK critical national infrastructure organisation, wanted to understand the current state of information governance (IG) maturity and create a practical roadmap for improvement.
Iron Mountain IG Advisory Services enabled them to assess existing policies and processes, and benchmarked them against world-leading best practice in data retention, protection, compliance and risk management.
Get a FREE consultation today!