By: Brett Tarr, eMag Solutions

Organizational risks are threats, negative effects or problems that can occur as a result of an event or an action within a company. During turbulent economic times, organizations need to be especially vigilant to minimize potential risks that could ultimately affect the bottom line or shareholder ROI.

Organizational risk can include many types of risk (e.g., investment risk, budgetary risk, program management risk, legal liability risk, safety risk, inventory risk, and the risk from information systems).

Managing organizational risk is not an exact science. It brings together the best collective judgments of the individuals responsible for the strategic planning and day-to-day operations of organizations to provide adequate security and risk mitigation.

There are two main categories of risk: internal and external. Internal risks can result either from processes or from the management of information, while external risks result from changes in the environment of the company (political, economic, technological, sociological changes) that can exercise a negative influence on the objectives and the strategies of the company.

Managing Organizational Risk

Managing organizational risk in tough times means taking a holistic view. This requires an integrated cross-departmental framework of controls, checks and balances. Key examples of issues facing organizations that impact corporate risk include fraud, new technology implementation, and the advent of global markets.

For full article, click here.

This article may be re-published as long as the following resource box is included at the end of the article and as long as you link to the email address and the URL mentioned in the resource box:

Article by eMag Solutions. For more articles on eDiscovery and Data Restoration, subscribe to our e-mail Newsletter by sending a blank email to newsletter@emaglink.com or by going to http://www.emaglink.com.

By: Brett Tarr

Information data security is a critical topic in the current environment of ever-growing technology and information overload. Data security is much more than just a compliance mechanism; it protects organizational data, helps ensure the survival of business entities, and provides the tools for building and sharpening a competitive edge in the marketplace. ISO 27001 represents a new standard in data security that not only maps directly to multiple regulatory compliance controls but also provides a framework for organizations to build an effective information security program. ISO 27001 standard help organizations to create a secure data infrastructure that is scalable, and more importantly, drive a management standard to ensure the confidentiality, integrity, and availability of data and services.

Organizational data consists of many layers of information, many of which are considered confidential, necessitating the installation of controls that are secure and adaptable. Key examples of confidential data that requires protection include: Intellectual property, trade secrets, internal communications, customer lists, strategic plans, financial plans/information, and client information. Clearly, certain compliance standards exist for the protection of certain types of confidential information, but for the organization's competitive survival, data security needs to be much more than a mechanism to ensure compliance, as this information is the lifeblood of the organization. For most organizations, the ability to protect proprietary and confidential information ensures the very survival of the organization and its ability to compete the local, regional, national, or global arena.

ISO 27001 represents the only auditable international standard to define the requirements for Information Security Management Systems, and ISO 27001 certification is achievable only by companies that demonstrate the highest competency in information security management.

ISO 27001 is a guideline for management system that identifies, manages and minimizes a range of threats to business information. It provides guidelines for implementing a constructive risk management process, setting up policies, and ensuring a secure infrastructure is in place. This standard shows that a business has taken preventative measures to protect clients' data, and demonstrates to customers and prospects that the business is observing a duty of care.

Some of the key government regulations and fiduciary requirements around corporate governance that can be tied into ISO27001 include: the Health Insurance Portability and Accountability Act (HIPAA), Sarbannes-Oxley, Visa Cardholder Information Security Program/Payment Card Industry Security Standard (VISA CISP/PCI), The Fair and Accurate Credit Transactions Act (FACT), Gramm-Leach-Bliley Act (GLBA), FISMA/NIST, The UK Data Protection Act, the EU Directive on Protection of Personal Data, and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).

For full article, click here.

Reprinted with permission of the authors and the Association of Corporate Counsel as it originally appeared: Author names, "Article Title," ACC Docket volume Number, issue Number (Month Year): Page Range. Copyright © Year, the Association of Corporate Counsel. All rights reserved. If you are interested in joining ACC, please go to www.acc.com, call 202.293.4103 x360, or email membership@acc.com.