Designing an Information Asset Register
Your mission is to build an information asset register
Designing an information asset register (IAR) sounds easy. But as soon as you start, a number of questions emerge.
What are the business drivers?
Compliance requirements? Findability problems? Privacy and Data Protection? Operational efficiency? Best practice?
No matter what the major driver is, there are multiple reasons for needing an IAR. Which suggests that multiple stakeholders with an interest in your project will emerge over time. It makes good business sense to incorporate all of their requirements into the design of your IAR, unless you want to have competing registers.
Using relational database software like a.k.a. software makes the task so much easier, because you start with a simple design and build in additional requirements over time. At any point you can expand the design to meet everybody’s needs.
Over many years Synercon has helped clients designing information asset registers, from the very simple to more complex models . Here are some examples of how we have incorporated multiple requirements into a coherent data model.
Click on images to expand.
Identification and ownership requirements
- Identifying information assets
- Categorizing information assets
- Documenting ownership of the information assets
- Understanding who creates and uses the information assets, and how they are used.
Linking information assets to mandates and master data
- Identifying and linking information assets to mandates: legislation, standards, policies that impact how the asset is managed.
- Identifying and linking assets to taxonomies and data catalogs used to classify information assets.
Understanding the business value of the assets to the organization
- Linking to business function
- Understanding the business purpose
- Assessing the business value
- Identifying intellectual property
- Identifying public sector information
Managing the liabilities and risks associated with information assets
- Protecting privacy protected records
- Identifying vital records and intellectual property
- Controlling access
Ensuring digital information continuity through business and technology changes
- Identifying supporting applications and their dependencies
- Migrating information through technology upgrades
Managing the growth in volume of digital information
- Reducing redundancy and duplication
- Managing locations and storage
- Linking to retention and disposal rules
With a.k.a., you can expand the design of your Information Asset Register (IAR) to meet the needs of all stakeholders by providing a comprehensive and transparent view of your organization’s information assets:
IT and security teams who are responsible for protecting an organization’s information assets from threats and vulnerabilities. An IAR can help identify potential risks and vulnerabilities in the organization’s information assets, allowing them to take action to mitigate those risks and improve security.
Compliance teams who are responsible for ensuring that an organization is complying with relevant mandates and standards related to information management. An IAR can help identify areas where the organization may not be compliant and develop plans to address those issues.
Legal teams responsible for ensuring that the organization is not exposed to legal risks. An IAR can help these teams identify potential legal risks, such as data privacy issues, and take action to address those risks.
Business leaders are responsible for making decisions about resource allocation and strategy development. An IAR can help these leaders make informed decisions about their information assets, such as which assets to prioritize for protection or which assets are no longer needed.
External stakeholders such as researchers, customers, shareholders, or the general public, who need to know what information resources are availableAn IAR can help to build trust with these stakeholders by providing a transparent view of the organization’s information assets and demonstrating that the organization is taking steps to manage and protect those assets.
By providing an enterprise wise view of the organization’s information assets, an IAR can expand to meet the needs of all stakeholders.