View
2.048
Download
0
Category
Tags:
Preview:
DESCRIPTION
This tool is designed to assist organisations in managing their Information Assets and with whom the Information Assets are shared.
Citation preview
Managing Information Asset Register
By
Ben Oguntala. LLB, LLM
Ben.oguntala@dataprotectionofficer.comHow many Information data do you have, what are they and with whom are they shared?
1
Our 5 simple steps
5
2
3
4
1
Solution roll out
Create your IAR & supplier register
Map current IAR to Suppliers & ISA
Create the relevant processes
Define the key stakeholders
2
Privacy team
Compliance team
Information security
Business units IA
R
Pro
ject
re
gist
er
3rd
par
ty
regi
ster
ISA
www.dataprotectionofficer.com
Business unit 1
Projects IAR 3rd parties ISA
13 9 12 6
Business unit 2
Projects IAR 3rd parties ISA
13 9 12 6
Business unit 2
Projects IAR 3rd parties ISA
13 9 12 6
THE KEY STAKEHOLDERS Access given these teams to ensure a consolidated coverage.
CREATE YOUR IAR/PR/3PR & ISAThe databases provided: - IAR – information Asset register - Project register - 3rd party register- ISA – information sharing agreements
Business units can be structured according to the hierarchy of your organisation
Overview of the framework
3
Privacy team
Compliance team
Information security
Business units
Procurement team
Team Role
Supply the ISA template, PIA & approval
Supply compliance baseline
Supply risk assessment function
Supply Information Assets projects &
changes
Supply of the list of suppliers
1 Define the key stakeholders
Benefits
As part of compliance the ISA is used with all 3rd party data
exchanges.
Compliance ensures all policies and procedures are
adhered to.
Play an operational role in assessing projects & changes
to your organisation
All business units listed including sub business units
and Partners
Procurement are best placed to know which suppliers you
deal with
4
2 Create your IAR & supplier register
Privacy team
Compliance team
Information security
Business units IA
RP
roje
ct
regi
ster
3
rdp
arty
re
gist
er
ISA
Procurement team
Team Role
Supply the ISA template, PIA
& approval
Supply compliance
baseline
Supply risk assessment
function
Supply Information
Assets projects & changes
Supply of the list of
suppliers
5
Business unit: Organisation hierarchy
2 Create your IAR & supplier register
6
The Asset Register
Buena Ventura
2 Create your IAR & supplier register
7
Editing the Information Asset Register
Risk impact assessment
Asset details include format, location, input & output.
2 Create your IAR & supplier register
8
3rd
parties
Detailed view
List of 3rd parties that the information asset is shared with
3 Map current IAR to Suppliers & ISA
9
Details of the Asset Register
3rd
parties
Each asset is risk assessed, classified, owner assigned and no. of 3rd parties shared with listed
3 Map current IAR to Suppliers & ISA
10
Business units
IAR
Projects
3rd parties
ISA
List of Information Assets
Project/Asset mapping
Projects
IAR
32
87
IAR
New/change project
Pro
ject
s
Project/asset/supplier mapping
3rd
par
ties
New supplier registration
New information Asset registration
Compliance
Project
Information asset
ISA
4 Create the relevant processes
11
Privacy team
Bu
siness
un
it Total no. of Assets
Types of assets
Risk rating
Types of assets
Info
rmat
ion
A
sset
re
gist
er
Project/Asset
Project/Asset
3rd
par
ty
sup
plie
r
Data Protection officer
Information security compliance
Incident management
3rd
parties
• Privacy impact assessment• contract • Information sharing agreement
Business units Asset ID Owner Classification Record type ISA Suppliers Review date
HR 901 A smut Restricted Full customer info 5 MOJ 23/09/10
Sales 789 S Red Unrestricted Customer financials 7 OMG 13/12/10
Marketing 456 N Ball financial Customer 3 Detica 02/06/11
Procurement 123 W Ed Restricted Record type 1 Logica 04/01/11
4 Create the relevant processes
12
5 Solution roll out
Business unit 1
Projects IAR 3rd parties ISA
13 9 12 6
Business unit 2
Projects IAR 3rd parties ISA
13 9 12 6
Business unit 3
Projects IAR 3rd parties ISA
13 9 12 6
Business unit 4
Projects IAR 3rd parties ISA
13 9 12 6
Privacy team
Compliance team
Information security
Business units
Procurement team
Stakeholders
Pilo
t
Ph
ased
ro
ll o
ut
Op
erat
ion
13
Contact details
To know what Information Assets you have and with whom you are sharing them, contact
• Ben Oguntala, LLB, LLM
• Ben.oguntala@dataprotectionofficer.com
• 07812 039 867
• www.dataprotectionofficer.com
14
Recommended