Planning the future of Information Governance
Accommodating workplace operations to coronavirus raises the question of implications for critical infrastructures like data security and information governance. Any business handling sensitive customer data must accommodate remote working challenges to data security requirements.
While the global pandemic has put information management capabilities to the test, in many cases, prior investments in disaster recovery and business continuity planning and the infrastructure required for agile working have paid off.
Many have been able to adapt reasonably well to remote working under the circumstances without a significant impact on service delivery. There are critical areas where gaps have shown a need for policies and procedures actions to minimize security risks. These include:
Availability of laptops, monitors, peripherals and other remote working equipment for all staff
Secure remote access to documents in managed information repositories for all employees in compliance with policies
Defense against cyberattacks and an increase in COVID-19-related phishing scams.
Adoption of electronic signatures and notarization
Adoption of secure document scanning apps on employee smartphones
Use of image-on-demand services to retrieve paper-based records
Migration from paper-based billing to a digital invoicing
Collaborative review of certain types of documents
Consistency of application delivery across all platforms
For ISO certified operations, changes to internal processes must be made such that continued compliance with information security standards and regulatory requirements is ensured. There should be attention to where employees are storing data, and whether paper files are being properly secured or disposed of in home offices.
Actions should be undertaken to ensure that progress made in adopting good remote working practices not be lost when things return to normal. Companies are learning new things about their day-to-day business operations and should make decisions about how best to invest in preparations for future business interruptions.
There should also be consideration as to what IT direction changes should be applied or accelerated.
What is the future of desktop units versus laptops or notebooks
Training on the nuances of remote access and remote application use. More formal disaster recovery processes and procedures.
Digitizing remaining paper-based processes.
Requiring all processes to be accessible regardless of location.
Accelerate the implementation of and compliance with retention and destruction policies including remote work location issues.
Transition to a fully digital, remote-capable work environment, if possible, goes beyond setting up laptops and VPNs. For some, culture and behavior must be addressed. Some staffers find operations are more difficult when the team is no longer within shouting distance.
There are modern technology that allow:
Centralized management of multiple information repositories – including electronic documents and physical records— with an integrated view via a secure web-based systems
Automating classification of documents and assignment of the correct retention policies
Enforcement of retention policies by identifying physical and electronic records due for disposition and managing workflows for review, approval, and destruction
Reducing the volume of physical records stored and transition to a paperless or paper-lite environment
Ensuring compliance with regulatory and client requirements and capture an audit trail of all activity