Compliance is one of the component of the widely discussed GRC (governance, risk, and compliance) framework, which integrates three key elements of organizational strategy, the other two being governance and risk. The GRC framework encompasses all aspects of organizational strategy and operations, including those that involve the creation, collection, retention, disclosure, ownership, and use of information by companies, government agencies, and non-profit entities. Information governance develops strategies, policies, and initiatives to maximize the value of an organization’s information assets. Information risk management is responsible for identifying, analyzing, and controlling threats to those assets. Information compliance seeks to align an organization’s information-related policies and practices with applicable requirements. Academic researchers, legal commentators, and management specialists have traditionally viewed compliance as a legal concern, but compliance is a multi-faceted concept. While adherence to legal and regulatory requirements is widely acknowledged as a critical component of compliance initiatives, it is not the only one. Taking a broader approach, this book identifies, categorizes, and provides examples of information compliance requirements that are specified in laws, regulations, contracts, standards, industry norms, and an organization’s code of conduct and other internal policies. It also considers compliance with social and environmental concerns that are impacted by an organization’s information-related policies and practices. The book is intended for compliance officers, information governance specialists, risk managers, attorneys, records managers, information technology managers, and other decision-makers who need to understand legal and non-legal compliance requirements that apply to their organizations’ information assets. It can also be used as a textbook by colleges and universities that offer courses in compliance, risk management, information governance, or related topics at the graduate or advanced undergraduate level.
William Saffady is an independent records management and information governance consultant and researcher based in New York City. He is the author of over three dozen books and many articles on records management, record retention, document storage and retrieval technologies, and other information management topics. His latest books are Managing Information Risks: Threats, Vulnerabilities, and Responses, which was published by Rowman & Littlefield in 2020, and Records and Information Management: Fundamentals of Professional Practice, Fourth Edition, which was published by Rowman & Littlefield in 2021.
Chapter 1: Information Compliance: Terms and Concepts
Chapter 2: Information Creation and Collection
Chapter 3: Information Retention and Disposition
Chapter 4: Information Storage and Preservation
Chapter 5: Information Access and Disclosure
Chapter 6: Information Security and Protection
Chapter 7: Ownership of Information
About the Author
The relationship between records management and compliance is both relevant and topical, and can not be overestimated for business, academia, government and private/public entities. This book provides background, frameworks and tools to understand the dynamics of that critical relationship. Saffady has crafted a holistic and pragmatic tome.
Information Compliance: Fundamental Concepts and Best Practices takes the reader through the multifaceted requirements of compliance from information creation, retention, preservation, access, security and ownership. With his ability to simplify concepts and define key issues regarding laws, regulations and industry standards, Saffady has written a book for all professionals concerned with compliance and managing information assets.
6/1/23, ChoiceReviews: This title was included in a roundup of forthcoming titles in Library & Information Sciences.Link: https://www.choice360.org/choice-pick/forthcoming-titles-in-library-information-sciences-2023/