In Review

Keys to Unlocking an Information Management Compliance Culture

Information Nation:
Seven Keys to Information Management Compliance, Second Edition
Author: Randolph A. Kahn and
Barclay T. Blair
Publisher: Wiley Publishing Inc.
Publication Date: 2009
Length: 256 pages
Price: $50
ISBN-13: 978-0-470-45311-7
Source: www.wiley.com/compbooks

Christine "Chris" Hohman

Bookmark and Share

Randolph A. Kahn and Barclay T. Blair’s Information Nation: Seven Keys to Information Management Compliance, Second Ed. was written for a broad range of readers who are interested in ensuring their organization’s information is properly managed. It outlines the components needed to create a culture of information management compliance (IMC), which the authors describe as “a fusion of the Compliance discipline with Information Management activities.”

“IMC is about more than making sure information is not destroyed because of the malicious or inadvertent acts of a few employees,” Kahn and Blair write. “Rather, it is a holistic approach that covers many areas of concern, including:

  • Storage management
  • Privacy
  • Business continuity and disaster recovery planning
  • Records management
  • Information security
  • Transaction management
  • Application development and integration
  • Technology purchasing and acquisition
  • System configuration and management
  • And many other areas.”

The first six chapters of the book lay the groundwork for information management, which the authors refer to as an umbrella term for a variety of disciplines and activities related to information and to management, and which broadly “touches on every business activity where information is received or created.” The second part demonstrates the need and benefit of managing information to reach compliance requirements.

Going Beyond Records Management

The authors guide readers to consider their roles as information managers rather than merely records managers, whose focus is more narrowly on the proper retention of records for legal, compliance, and business purposes and on its disposition when no longer needed.

How and why information management matters are clearly demonstrated in section one of the book, which describes how information has a lifecycle, or distinct phases, from creation to disposition. It also explains the current use of the buzzwords information lifecycle management (ILM) as the “combination of procedures and technology” to manage information flow.

“ILM is partly an old concept in a new wrapper, as the ‘lifecycle’ approach to managing information has long been a central tenet of Records Management,” the authors write.

The book discusses how to protect, store, share, and destroy information based upon its lifecycle. Many of the rules around the information lifecycle are determined by compliance requirements (e.g., Health Insurance Portability and Accountability Act, Sarbanes-Oxley Act, Federal Rules of Civil Procedure, Financial Industry Regulatory Authority, Gramm Leach Bliley Act). Examples that illustrate the cost of failing to follow compliance requirements are provided throughout the book.

While records management is integral to managing the information assets of an organization, the authors’ message moves beyond the sole focus of records management and, more broadly, expresses the importance of creating an organizational culture that considers information management a priority in the day-to-day processes for all employees.

To accomplish this, sound policies and procedures need to be established, the authors write. “Written policies and procedures make a statement to the outside world that an organization cares strongly about an issue. Widely disseminating policies and training employees on their implementation serves to emphasize an organization’s commitment to addressing Information Management issues.”

How Information and Compliance Intersect

The authors also identify how information management and compliance fit together to lay the foundation for IMC. The difference between these two disciplines, Kahn and Blair explain, is that compliance focuses on risk management.

Section two introduces the seven keys to IMC referred to in the title. These keys begin with good policies and procedures and progress through executive-level program responsibility, delegation of roles, communication and training, auditing, enforcement, and continuous program improvement.

The authors do an exceptional job of supporting the need to constantly monitor an organization’s IMC program to identify areas for growth or improvement. All too often, organizations put a policy into place, but they don’t follow through with auditing or assessing the validity of the program.

Written at a fairly basic level, Information Nation: Seven Keys to Information Management Compliance, Second Ed. provides numerous examples, tips, and checklists to assist readers in gaining control of their information assets for the purpose of achieving information management compliance.

The book is a good resource for professionals who are not well versed in records management, but have an understanding of the importance of good business practice when managing organizational information. Executives who are promoting and producing records and information management policies and procedures that will protect the organization will also find the book a useful tool.

Download the PDF version here.

Christine “Chris” Hohman can be contacted at chris.hohman@perceptivesoftware.com.

From September-October 2010