logo for information-management-architect.com
leftimage for information-management-architect.com

What is Data Security Policy?

Need to manage data security policy and want practical standards and best practices for information management governance and accountability?

What is data management?Data Security Policy

Data management is a sub-set of information management that governs organization and control of the structure and design, storage, movement, security and quality of information.

What is data security policy?

Data security is designed  to mitigate:
  • Strategic risk, the potential adverse business impact to the organization, both internally and externally, that may occur;
  • Operational risk, the risk of direct or indirect loss from failed or inadequate processes, people or systems, or exposure to external events;
  • Compliance risk, the risk of non-conformance to laws, rules and regulations;
  • Reputation risk, the risk to earnings or capital arising from negative public or employee opinion.
 Data Security Policy should address the following control objectives:
  • Safeguarding of assets – Defining requirements for protecting important resources including customer non-public personal information and corporate assets e.g. key corporate metrics used to manage performance of the organization are considered critical corporate assets, which require protection;
  • Economy/effectiveness of process – Ensuring the effectiveness and efficiency in the organization’s use of its assets and other resources; thru the reduction of duplicate or unnecessary data and information maintained within the organization;
  • Compliance with laws and regulations – Helping to ensure that the organization complies with applicable laws and regulations; specifically to guidance provided by regulatory agencies for the adequate control over the information management environment; and
  • Integrity and reliability of data – Helping to ensure that the integrity and reliability of the data and information is managed across the information management environment to enable management of performance, monitoring of risk, and management decisions.
Why is it important?

Data Security is required to ensure that personal data is not shared and is only available to people who have a right to access the information.

Organizations may need to comply with  international legislation such as the UK data protection act or security standards such as the International Standard Organization (ISO) security standard

In addition, some organizations may need to comply with Payment Card Industry (PCI) security standards

What standards and best practices are required?

The following security requirements should be reviewed and specified in corporate policy.


Before you return, remember...

Data management is a sub-set of information management that governs organization and control of the structure and design, storage, movement, security and quality of information.

Data security is designed to mitigate risk, ensure compliance with regulatory agencies and provide information continuity in effect of operational failure or catastrophic disaster.



footer for Information management page