LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Sender:	Records Management Program <[log in to unmask]>
Subject:	Re: RIM and Information Security
From:	"Gervais, John" <[log in to unmask]>
Date:	Fri, 17 Dec 2004 06:50:58 -0500
Content-Type:	text/plain; charset="windows-1252"
MIME-Version:	1.0
Reply-To:	Records Management Program <[log in to unmask]>
Parts/Attachments:	text/plain (52 lines)

Natasha's Question:  My question is: what do you think about the
relationship between RIM (as well as compliance, HR, security), and
Information Security? Do you feel that the position of independent
Information Security officer is necessary (as our Central Bank strongly
recommends)?

My response is that there is an integral and necessary relationship between
all the aforementioned practitioners.  IT and RM both work with information
and data.  They both are concerned with structured and unstructured
information, as well as data.  IT Security is concerned with the security of
and transmission of information.  We in IM here at the CRA are responsible
for the IM Policy, Electronic Networks Policy and E-mail Policy.  These
policies concern the guidelines for managing e-mail and the security of
information on our networks.  There is also the Code of Ethics involved with
the types of information employees receive and transmit.  This is where our
HR comes in.  The compliance component would fall under the auspices of our
Information Management Policy.

With regards to an Independent Information Security Officer, we have IT
Security Officers, but it is everyone's responsibility to ensure the
security of information.  Our IM Policy area drafts policies, guidelines and
standards to try and mitigate any risk.  We also use an Information
Management Risk Assessment Tool which addresses this risk.  Also under the
umbrella of our IM Policy there is a governance framework which has built in
senior management accountabilities and responsibilities for IM.  We have
well communicated, concise policies on IM and communications tactics are
important to ensure all employees are aware of the importance of IM and the
security of Information and data.

Why is getting Christmas presents for your kids just like a day at the
office?
You do all the work and the fat guy in the suit gets all the credit.

Have a nice day folks.

John A. Gervais
Program Manager
Policy and Standards Section
Information Policy and Governance Division
Intergovernmental and International Affairs Directorate
Policy and Planning Branch
Canada Revenue Agency
25 Nicolas Street, 16th Floor
Ottawa, Ontario, Canada, K1A 0L5

' 1-613-688-9302
* mailto:[log in to unmask]
"  http://www.cra-arc.gc.ca/

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US