ASSESSMENT FOR INFORMATION RISKS®
The Assessment for Information Risks® is a tightly-structured professional service that enables companies to rapidly and accurately gain deep insights into all aspects of data and records management practices.
The world-class surveys and highly efficient service delivery model enable scores of actionable insights to be accurately generated in less than a month:
- Full data inventories and privacy data maps for litigation and privacy readiness
- Retention benchmarking against industry-specific requirements and standards
- Insights into email usage, sensitive content and retention practices
- A path towards better litigation readiness that covers data and email minimization, hold management, program defensibility gaps and more
- Cyber gaps due to employee practices and compliance levels
- Cyber gaps due to current levels of third-party diligence and sufficiency
The underlying web-based service technology and best practice questions sets make the process fast, easy and highly accurate. Projects are completed in an average of 30 days.
Specific surveys are directed to internal subject matter experts regarding a range of current information privacy and governance practices. Unlimited department managers provide deep insights into current practices and profiling for every record type and application used within their areas.
The workflow is entirely supported by Jordan Lawrence. The results are predictable and invaluable for identifying risks and opportunities for mitigating or eliminating some of the most costly situations facing companies today.
Our work process is tightly structured to ensure consistent insights to map against benchmarking standards for risk identification and reduction. Our question sets and survey standards are based on more than 1,000 client projects over the past decade, which we’ve adapted and enhanced with the world’s leading cybersecurity frameworks and models. We have created what we believe are the most effective and defensible surveys available. The three distinct groups of survey standards are:
The Subject Matter Expert standards that build directly off our extensive client experience, the NIST Cybersecurity Framework, NIST SP 800-171, as well as the intentions of the EU GDPR and U.S. privacy and cybersecurity regulations.
The Department Manager Overview standard that provides deep insights into the information handling, training and other aspects of how data and records are being controlled within each department.
The Record Type & Application Profiling standard that enables departmental participants to provide deep “valuation” and “sensitivity” insights into each record type and application used within their area. Nearly 100 insights are collected for each and include topics covering retention, media usage (including email), sensitive content elements (employee, customer and corporate data), movement and storage (authorized and unauthorized) and dozens of others.
In less than a month, we deliver dozens of invaluable, detailed reports based directly on interrelated insights provided by your participants. Reporting covers critical information risk areas including:
- Executive Highlights Report of the findings and recommendations for the most pressing issues at your company.
- Information Privacy reports on the interrelated issues around over-retention of sensitive content, unauthorized movement and storage of data, employee practices in information handling, third-party diligence and other topics.
- Litigation Readiness reports covering opportunities to reduce risks by eliminating unnecessary email and other records, hold management processes, and establishing better and more enforced records management standards.
- Information Governance reports that outline simple and effective steps you can take to dramatically and appropriately eliminate unneeded email and records, establish a consistent and compliance-centric enforcement pattern with employees, and direction on retention rules that are proven, applicable and more defensible than other alternative approaches.