• Compliance Officer/Records Information Manager • Legal Counsel • Security Officer • Chief Risk Officer • Senior IT Management • Business Users
Eric Osterhold authored a Blog Post entitled "Establishing classification types without going overboard". Eric states: "I’ve found that creating too many levels for classifying data defeats the process - users will not use a system with 6 or even 5 different classification levels. I often propose establishing 3 levels". He goes on to name "Restricted", "Sensitive" and "Public". Is this really enough?
While it definitely is a reasonable first step in order to manage information for data security purposes, it clearly is insufficient for implementing a broader information management initiative.
Why is that? Well, within an organization, there are many constituents – each of whom has a different objective for effectively managing information:
– Needs to comply with government and corporate regulations for retention and access
– Needs to find the right information at the right time for legal and patent issues
– Needs to manage enterprise-wide information security and risk (for access control, encryption, digital rights management)
– Needs to address corporate risk management
– Needs to optimize storage costs
– Needs to locate information
Because of these disparate needs, a single classification will not be sufficient to effectively manage information across all stakeholders.
And this is why most information management initiatives fall short. Because one size does not fit all.
Tuesday, March 31, 2009
Labels: Information Management
Post a Comment