|
|
Davis warns that “the long term cost of chaos is always greater than the cost of establishing order,” and he maintains that data governance policies should be reviewed, and if necessary bolstered now. “They will not be effective if introduced as a panic measure in the middle of a downsizing process. People need to know in advance what they have to do, and how they should do it.”
Ovum says the increased risk associated with the downturn comes mainly from internal factors, although external relationships can also be impacted by the loss of records of agreements and transactions, and by any deterioration in services for customers and partners.
Davis’ co-author, Graham Titterington goes even further, saying that an organisation has “both a moral and a legal obligation to take care of information held by the organisation that belongs to others. Loss or leakage of information may cause a violation of legal or regulatory compliance that may have consequences beyond the immediate penalty imposed on the organisation.”
Both analysts say policies are required to protect an organisation and there is, for example, a question of whether a redundant employee should leave immediately or complete their current tasks. They suggest each case should be considered on its merits, as there is no “right” answer that covers all cases, and that most employees have information that exists only in their head and it’s a challenge to retain this information in the organisation.
However, according to Davis and Titterington, when employees do leave there should be a thorough “de-provisioning” process from access to corporate resources. They recommend information on an employee’s PC and mobile devices should be brought back into corporate servers, and devices should be thoroughly “cleaned” before being re-assigned or disposed of.
And, they say, this process is more complicated if the device is the personal property of the employee, and that an ongoing legal agreement for the employee to return, delete and desist from using corporate information assets is likely to be the best protection that the organisation can achieve.
In a cautionary note, they say that even greater risks relate to the disposal of redundant servers and storage media. “A downturn causes rapid changes in the way in which an organisation operates, and there is a danger of the infrastructure developing in an unplanned way. Uncontrolled development leads to higher long term costs and endangers information integrity,” says Titterington.
Davis says contracts with external service providers may also be terminated as part of this rationalisation and that it is important to ensure that all information is returned to the organisation and secured.
