Information Governance

Information Governance (IG)

Information Governance (IG) is an evolving discipline that includes several key areas of expertise: law, records management, information technology, risk management, privacy and security, and business operations. IG provides the framework to make good decisions about what information to keep, how long to keep it, and who should have access to that information.

Why Do Organizations Need IG?

To ensure legal and regulatory compliance – To lower the cost and liability of litigation eDiscovery – To dispose of redundant, obsolete, or trivial documents or email – To improve data storage housekeeping habits within the organization – To identify and protect private or sensitive information from theft or intrusion

Risk Assessment

Chorus Consulting utilizes an “intelligent agent” software utility that is quickly and easily installed on servers, file shares, laptops and desktop computers. Once installed, a full text and metadata index is silently created in the background and updated daily with new or modified information. The automated classification engine performs a daily sweep for PII information such as national identity, credit card numbers, and bank routing information and the risk dashboard provides a customized “risk score” and gives users a current and thirty-day historical view providing at-a-glance risk trends across an enterprise.

Information Governance
Expertise and Services

  • Identification and Deletion/Destruction of Unnecessary Information (electronic and hard-copy)
  • Organization-wide Records Retention Policy Development
  • Department Level Record Retention Schedules
  • Data Mapping and Data Inventory Creation
  • Legal Retention Requirements Research and Compliance Audits
  • Identification of PII and Other Sensitive Information
  • Implementation of Secure Records Repository Applications

Data Management

A data map is an internal assessment performed by the company’s Subject Matter Experts (SME’s) in each department about the data that it has collected, why it’s being collected, the location where the data is stored, the format of the data, and with whom it has been shared (internally and externally with third-parties).

Although you will not find these words in the California privacy laws, a data inventory and/or data map is considered one of the first steps in preparing for compliance with the CCPA. If an organization is not aware of all of its data collection, processing, storage, and sharing, it will be difficult to accurately comply with the CCPA “data subject” request requirements.

Chorus Consulting experts are experienced in assisting organizations create a data map for each of their departments, listing the types of information saved within specialized applications, shared servers, desktop and laptop computers, email, shared document repositories, and hard-copy documents.

Data Inventory

Data inventories are metadata and/or full text indexes of electronic and hard-copy
information stored throughout the enterprise. Chorus Consulting experts can create an enterprise data inventory of the organizations paper files stored locally or offsite. We can also inventory structured data stored within specialized database applications (e.g. Timekeeping and Billing, Customer Relationship Management, HR Employee
Information, Building Security, Student Registrations). In addition, we utilize specialized automated utilities to locate, classify and “risk rank” all unstructured data that exists across the enterprise. We deliver a full suite of services to clients that will address data governance, records retention compliance, and data breach risk management.

Data Remediation

Data remediation is an activity that’s focused on identifying and classifying stored
information. The process typically involves detecting personal data and protecting it by redacting, moving, encrypting or deleting. It also involves identifying unnecessary duplicates or other obsolete documents for deletion or destruction. Chorus Consulting experts work with the client’s subject matter experts in each department to perform data remediation tasks manually, with cleansing tools or a combination of these methods.

Information Governance Reference Model (IGRM)