Bernstein Data Develops Solutions to Address Information Governance Challenges.
Solutions are built from a comprehensive set of Information Governance capabilities utilizing our proprietary IG Operating Framework.
The foundational capabilities for effective Information Governance include information lifecycle management, technology governance, the identification and classification of data, and risk management. Examples of Key Capabilities in each include:
Information Lifecycle Management
- Information Governance/Records Management Policies & Procedures – IG policies, including retention and disposal, archiving, personal data and privacy, information security, retained and surveilled persons, preservation and legal holds, metadata, and electronic communications usage.
- Processes to Facilitate Defensible Disposal of Digital and Physical Records and Information – Processes to support and assure the defensible disposal of records and information that are no longer required, especially personal information.
Information Technology Governance
Assure that the development and use of technology, to store, retrieve, transmit, and manipulate data or information, is governed and managed to meet its Information Governance risk and compliance needs.
- IT Governance that Assures IG Requirements – IG standards, policies, and processes incorporated into IT change and IT asset management governance and operations (such as SDLC processes) to assure that new and changing technology solutions remain in compliance with IG requirements (such as continuing to capture records in archives).
Legal Requirements and Regulatory Obligations
Identify Information Governance and Records Management requirements (laws, regulations, and standards) that apply to an organization’s information, driving retention and disposal timeframes and efforts across all mediums and locations (structured data, unstructured data, physical storage facilities, etc.).
- Knowledge Base of Regulatory Requirements – A system for capturing and maintaining Regulatory Intelligence and for capturing and maintaining the organizational location (businesses and systems) of records, personal data, and other relevant information.
- Communicate Requirements to the Organization – A consistent means to communicate laws and regulations impacting retention and privacy requirements to business units, as well as ensure that the information flows to operations functions and processing systems.
Data Identification, Classification, and Retrieval
Identify data subject to IG policies and data response requirements, including courts, regulators, and consumers exercising their Data Subject rights.
- Identify Internally Hosted Data – Processes and technology to identify records and personal data in existing data stores, applications, and business tools.
- Identify and Review External Hosted Data – Procedures to identify “externalized” data subject to IG concerns (including cloud-based storage, SaaS, BYOD, and social media platforms) and apply IG policies and procedures to such data.
- Respond to Courts, Regulators, and Consumers – Knowledgeable personnel, robust processes, and adequate technology solutions to respond to requests for data.
IG Risk Management, Controls, and Monitoring
Monitor and substantiate that Information Governance requirements are taken seriously by the organization and third-party vendors, are complied with, and are incorporated into enterprise risk management frameworks, such as operational, regulatory, and third-party risk management.
- Records Management Training – Training for new hires and annual recurrent training for existing employees; stand-alone course or module within company training syllabus.
- Vendor Selection and Management Processes – Due diligence, selection and onboarding, ongoing management, and monitoring, including vendor risk profiling.
- Management Assurance – Controls and monitoring to assure that the organization remains in compliance with its IG policies and objectives and that senior management is aware of compliance status and risk, such as the reliability of records and personal data inventories and data source catalogues.