The digital information age is characterized by great business value being placed on creating, controlling and accessing data -- and lots of it. As companies make this conversion to increasingly digital processes, governance, risk and compliance (GRC) challenges proliferate.
During April's #GRCchat Twitter discussion, SearchCompliance asked participants to share their tips for keeping track of IT data assets and building defenses with proper information lifecycle governance. Before diving too deep, @ITCompliance asked how information governance processes ensure GRC in the digital age -- an era where deciding whether more data is better is under constant debate.
A2 Get rid of non-GRC data- what you no longer have can't hurt you. BUT careful not to get rid of info needed for GRC audits #GRCChat— Ben Cole (@BenjaminCole11) April 17, 2014
#GRCchat I mean, not all data is created equal, so shouldn't information governance be tailored to the data & BTW, who's in charge of that?— Linda Tucci (@LTucci) April 17, 2014
Not all corporate information holds the same gravity, so retaining each data point isn't necessary -- or resourceful -- in upholding GRC obligations, according to our tweet jammers.
Whether they dispose of unnecessary data or not, companies are dealing with more information with each passing day. To take some of encumbrance off security professionals, employees play a crucial role in staying compliant and avoiding data-related risk:
A3 (cont) Employees need to know how their data-related actions pose security risks, so they can protect it accordingly #GRCChat— Ben Cole (@BenjaminCole11) April 17, 2014
A3 A big one. As security experts are wont to say, data's only as secure as your weakest link. #GRCchat— Nicole Laskowski (@TT_Nicole) April 17, 2014
Company employees play a key role in maintaining governance, risk and compliance on their end, but that doesn't mean security professionals are off the hook. To uncover who is responsible on a grander scale, SearchCompliance asked "what positions and departments are responsible for maintaining corporate compliance and risk-related information governance?"
These responses shouldn't come as a surprise. Employees across industries and departments require a little hand-holding when it comes to navigating the complicated world of IT security and compliance. There isn't just one person responsible for guiding the way. It's an all-hands-on-deck effort that requires cooperation from top to bottom.