It starts at the top

John Mancini, in his digital landfill blog, makes the point that if we want management to care about information governance, they need to know why.

I think the Board needs to tell them, and if the Board doesn’t, then it’s a Board failure.  If management disagrees with the Board, they have the option of leaving.

I argue that the Board has a duty to take reasonable steps to protect the assets of the company, including the information assets.  And the corporation has a duty to comply with the law.  And the Board needs to take steps to verify that management is taking steps to protect the assets and comply with the law.  Given the number of laws that apply, it would be difficult for a company to do a pretty good job of protecting and complying if the Board doesn’t make a single person accountable for protecting the information assets and complying with the information-related laws.

So, why not a Chief Information Management Officer?  The CIO doesn’t do it, and the CISO (Chief Information Security Officer) only does a part of it.


Leave a comment

Filed under Duty of Care, Governance, Protect assets, Requirements

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s