Managing Information Asset Register
6 likes3,896 views
The document outlines a 5 step framework for managing an organization's information asset register. Step 1 involves defining key stakeholders like privacy, compliance, and information security teams. Step 2 has organizations create an information asset register and supplier register. Step 3 maps current assets to suppliers and information sharing agreements. Step 4 establishes relevant processes around risk assessment, projects, and third parties. Step 5 involves a phased rollout of the solution across business units. The overall framework provides guidance on classifying, risk assessing, and tracking an organization's information assets and how they are shared.
Managing Information Asset Register
- 1. Managing Information Asset Register By Ben Oguntala. LLB, LLM Ben.oguntala@dataprotectionofficer.com How many Information data do you have, what are they and with whom are they shared? 1
- 2. Our 5 simple steps 1 Define the key stakeholders 2 Create your IAR & supplier register 3 Map current IAR to Suppliers & ISA 4 Create the relevant processes 5 Solution roll out 2
- 3. Overview of the framework Privacy Compliance Information THE KEY STAKEHOLDERS Business units team team security Access given these teams to ensure a consolidated coverage. www.dataprotectionofficer.com CREATE YOUR IAR/PR/3PR & ISA The databases provided: - IAR – information Asset register 3rd party register register Project - Project register IAR ISA - 3rd party register - ISA – information sharing agreements Business unit 1 Business unit 2 Business unit 2 Projects IAR 3rd parties ISA Projects IAR 3rd parties ISA Projects IAR 3rd parties ISA 13 9 12 6 13 9 12 6 13 9 12 6 3 Business units can be structured according to the hierarchy of your organisation
- 4. 1 Define the key stakeholders Team Role Benefits Procurement Procurement are best placed Supply of the list of team to know which suppliers you suppliers deal with As part of compliance the ISA Privacy team Supply the ISA template, is used with all 3rd party data PIA & approval exchanges. Compliance Compliance ensures all Supply compliance team policies and procedures are baseline adhered to. Information Play an operational role in Supply risk assessment security assessing projects & changes function to your organisation Business units Supply Information All business units listed Assets projects & including sub business units changes and Partners 4
- 5. 2 Create your IAR & supplier register Team Role 3rd party register Procurement Supply of the team list of suppliers Supply the ISA Privacy team template, PIA ISA & approval Compliance Supply team compliance IAR baseline Information Supply risk security assessment function register Project Supply Business units Information Assets projects & changes 5
- 6. 2 Create your IAR & supplier register Business unit: Organisation hierarchy 6
- 7. 2 Create your IAR & supplier register The Asset Register Buena Ventura 7
- 8. 2 Create your IAR & supplier register Editing the Information Asset Register Risk impact assessment Asset details include format, location, input & output. 8
- 9. 3 Map current IAR to Suppliers & ISA List of 3rd parties that the information asset is shared with Detailed view 3rd parties 9
- 10. 3 Map current IAR to Suppliers & ISA Details of the Asset Register 3rd parties 10 Each asset is risk assessed, classified, owner assigned and no. of 3rd parties shared with listed
- 11. 4 Create the relevant processes List of Information Assets IAR New information IAR Asset registration Project/Asset IAR 87 mapping Projects 32 Business Projects Projects New/change units project Project/asset/sup 3rd parties plier mapping parties 3rd New supplier registration Project ISA Compliance ISA Information asset 11
- 12. 4 Create the relevant processes Risk rating Incident Types of assets management Information Business 3rd party supplier register Information security Asset unit 3rd parties Total no. of Assets compliance Project/Asset Data Protection officer Types of assets Project/Asset • Privacy impact assessment • contract • Information sharing agreement Privacy team Business units Asset ID Owner Classification Record type ISA Suppliers Review date HR 901 A smut Restricted Full customer info 5 MOJ 23/09/10 Sales 789 S Red Unrestricted Customer financials 7 OMG 13/12/10 Marketing 456 N Ball financial Customer 3 Detica 02/06/11 Procurement 123 W Ed Restricted Record type 1 Logica 04/01/11 12
- 13. 5 Solution roll out Business unit 1 Stakeholders Projects IAR 3rd parties ISA Procurement 13 9 12 6 team Business unit 2 Privacy team Phased roll out Projects IAR 3rd parties ISA Operation 13 9 12 6 Pilot Business unit 3 Compliance team Projects IAR 3rd parties ISA 13 9 12 6 Information Business unit 4 security Projects IAR 3rd parties ISA 13 9 12 6 Business units 13
- 14. Contact details To know what Information Assets you have and with whom you are sharing them, contact • Ben Oguntala, LLB, LLM • Ben.oguntala@dataprotectionofficer.com • 07812 039 867 • www.dataprotectionofficer.com 14