The following is a basic framework for a training program in Information Management.
To ensure that security is strong within an organisation, employee training should include the following:
- Being made aware of their responsibilities in regard to information security.
- Trained to make decisions on the protection and classification required for information.
- Trained to understand how to deal with sensitive material.
- Trained to be aware of the appropriate methods of communication and destruction of sensitive material.
- Trained to understand the importance of being required to remove or change the level of protection or classification of information.
- Being made aware that they are responsible for managing information within the organisation.
- Trained that effective information management ensures that information is available, protected and disposed of in accordance with company policy and legislative requirements.
- Trained to delete transitory records i.e. information sources that are only required for a limited period of time or to complete a routine action.
Good quality information management will yield the following rewards:
- Quality information is created and provided.
- Organisation programs and services are efficient.
- Decisions are documented and the information is available for future use.
- Information is protected in accordance with company policy and legislative requirements.
- Information is disposed of in accordance with company policy and legislative requirements.
Employees should be trained in the following with respect to dealing with their e-mails.
- Being made aware of their responsibilities with respect to e-mail.
- Being made aware that email messages can be part of official company records and what messages are transitory and should therefore be disposed of.
- Trained to recognise when an e-mail should be saved
- Trained to understand what type of e-mails should be saved.
- Trained to be familiar with Information Management email best practices. Such practices include using meaningful and descriptive titles on email attachments to ensure accuracy in filing/classifying the message.
Privacy and Personal Information
Personal information is considered to be high risk information and should be dealt with accordingly. Employees should be trained in the following with respect to privacy and personal information:
- Trained in the general guidelines required for the collection of personal information.
- Being made aware of their responsibilities with respect to the protection and management of personal information.
- Being made aware of relevant policy or legislation that directly related to privacy and personal information.
Training for Information Management in MNC’s
It is important for organisations to ensure that their training plan on information management remains current, as it is easy for training plans to become out-of-date or invalid. Typically, training is based on retrospective behaviour and situations and may not be sufficient to direct the desired actions. In order to overcome such problems, managers are trained via socialisation practices that guide and indoctrinate members to work as the organisation requires. Such approaches are considered to be effective means of controlling the behaviours of organisational members and are central to the notion of manager’s management.
Martinez and Jarillo note that “Socialisation is an informal and subtle mechanism that can be added to the structural and formal mechanisms to help MNCs cope with their complex environments.” They further state that “Socialisation practices incorporate two control mechanisms: corporate acculturation and the transfer of parent company nationals to foreign subsidiaries. Both rely on corporate culture as a means of control, although in different ways.”
Training for the Incident Response Manager
The Incident Response Manager is responsible for implementing the incident response policy and procedures. This individual should work with management to ensure all users are trained in their response role. Continuous awareness training and monitoring are important for strong computer security. Response drills are good tools to test the plan.
Training for Accountability
All staff should receive training in Information Management accountability. The role of the Information Management is to support these staff by ensuring that the appropriate training and support is available. Highly specialised service providers that handle more sensitive data, such as health and financial data, may require particularly thorough awareness training.
Training for Data Handlers
All individuals with responsibilities that include data handling should be properly trained in the procedures and best-practices used to protect information. This should included one-on-one training on IT security and data stewardship.
This article outlines a basic framework for an information management training program.
CIPP Exam Preparation
In preparation for the Certified Information Privacy Professional/United States (CIPP/US) exam, a privacy professional should be comfortable with topics related to this post, including:
- Information management training from a US perspective – training (I.C.d.)