LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Content-Transfer-Encoding:	quoted-printable
Sender:	Records Management Program <[log in to unmask]>
Subject:	RIM and Information Security
From:	"A.Khramtsovsky" <[log in to unmask]>
Date:	Fri, 17 Dec 2004 12:51:00 +0300
Content-Type:	text/plain; charset="Windows-1252"
MIME-Version:	1.0
Reply-To:	Records Management Program <[log in to unmask]>
Parts/Attachments:	text/plain (38 lines)

Dear All,

Information Security becomes rather hot topic at my place. One of our regulators, the Central Bank of Russia, recently published its own standard on information security in financial sector. Of course, the standard is voluntary, but the Central Bank hinted that it will enforce it through its regulations.

As might be expected, the standard is IT-influenced – it speaks a lot about sites, servers, networks, passwords, access rights and other favorite IT toys. It says next to nothing about paper records – and that’s in a country where only records of legal value are the paper ones (so all important information is printed and filed).

My position (backed by some clauses of ISO 17799 standard on information security) is that all RIM activities are connected with information security, and that RIM is 100% responsible for information security of paper records. I am sure that as much as modern RIM is about management of all the documents and records, in all formats or media, - so the Information Security is about the protection of all company’s information assets, including paper records and knowledge "stored" in the employees' heads.

By the way, ISO 17799 never mentions records management (though it does have a clause about “Safeguarding of organizational records”).

My question is: what do you think about the relationship between RIM (as well as compliance, HR, security), and Information Security? Do you feel that the position of independent Information Security officer is necessary (as our Central Bank strongly recommends)?

Any your input will be highly appreciated.

Natasha Khramtsovsky
Records Manager,
APR-Bank,
Goncharnaya ul. 15, stroenie 2,
Moscow, 119240, Russia
[log in to unmask]

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US