Book contents
- Frontamtter
- Contents
- List of Acronyms
- List of Figures and Tables
- List of Case Studies
- Introduction
- 1 Copyright and Related Rights
- 2 Data Protection
- 3 Freedom of Information
- 4 Governance, Audits and Risk Assessment
- 5 Policies
- 6 Procedures: Copyright and Related Rights
- 7 Procedures: Using and Negotiating Licences for Access to Information Resources
- 8 Procedures: Data Protection and Freedom of Information
- 9 Tools and Templates
- 10 Awareness and Engagement
- 11 Some Speculations About the Future
- Appendix 1 Carrying out an Information Asset Audit
- Appendix 2 Sample IP Policy
- Appendix 3 Sample Data Protection Policy
- Appendix 4 Possible Contractual Terms for Online Access to Database Service
- Appendix 5 Data Protection Privacy Notice Template
- Bibliography
- Index
4 - Governance, Audits and Risk Assessment
Published online by Cambridge University Press: 29 July 2020
- Frontamtter
- Contents
- List of Acronyms
- List of Figures and Tables
- List of Case Studies
- Introduction
- 1 Copyright and Related Rights
- 2 Data Protection
- 3 Freedom of Information
- 4 Governance, Audits and Risk Assessment
- 5 Policies
- 6 Procedures: Copyright and Related Rights
- 7 Procedures: Using and Negotiating Licences for Access to Information Resources
- 8 Procedures: Data Protection and Freedom of Information
- 9 Tools and Templates
- 10 Awareness and Engagement
- 11 Some Speculations About the Future
- Appendix 1 Carrying out an Information Asset Audit
- Appendix 2 Sample IP Policy
- Appendix 3 Sample Data Protection Policy
- Appendix 4 Possible Contractual Terms for Online Access to Database Service
- Appendix 5 Data Protection Privacy Notice Template
- Bibliography
- Index
Summary
Introduction
Management of information should be a strategic concern in all organisations. They need information to function effectively and for decision-making. Increasingly, information has been recognised as an asset to be exploited as, for example, in intellectual property. This was first publicised in the KPMG report Information as an Asset: the board agenda (Hawley, 1995), confirmed through research (for example see Oppenheim,
Stenson and Wilson, 2002) and revived in 2019 through CILIP. Information law compliance takes place within broader information governance frameworks. Information governance refers to control of the use of information throughout its lifecycle from creation to preservation or destruction. The goal of information governance is to ensure the following:
◆ identification of information assets, their quality and their value to the organisation
◆ that the information is secure and is available and accessible however and whenever it is required and, at the same time, no unauthorised person can access it
◆ development, communication and implementation of policies and procedures for information management that address organisational goals, comply with all legal and regulatory frameworks and are responsive to change
◆ people within the organisation have the necessary knowledge, skills and authority to be aware of, and implement, appropriate policies and procedures.
Information governance frameworks
Information governance frameworks are concerned with the management of information in all its forms, information systems and information security, within the organisation. The scope of information governance frameworks also encompasses legal, regulatory and any external information that has an impact on the organisation's obligations. All staff involved in the creation, management, use and sharing of information should be covered by these frameworks, which set out policies and procedures and the rights and roles of staff, suppliers, users, customers and all other stakeholders.
Information governance frameworks should include a range of policies, recognising all aspects of information management and use. Such policies should include information, records and archives management; information systems and security; compliance with information-related laws, such as data protection, and copyright; and information sharing, including FoI in the case of public bodies. Staff training and development policies are also crucial to ensure policies are implemented correctly.
- Type
- Chapter
- Information
- Information LawCompliance for Librarians, Information Professionals and Knowledge Managers, pp. 51 - 64Publisher: FacetPrint publication year: 2020
- 1
- Cited by