This page contains a Flash digital edition of a book.
similar approach. “We start thinking about records and how they support business functions. We help companies create something we call a records retention schedule, which becomes a business doc- ument policy for how long data needs to be kept,” she explains.


One of the biggest mistakes many com- panies make, according to Trembley, is taking on the task of classifying and man- aging data themselves. “We’ve seen customers work for years internally and try to inventory their records,” she details. “You can cut down from 18 months to three to four months — both for the classification scheme and the legal aspect.”


Speaking of legalities, companies need to adhere to them not only for what infor- mation needs to be kept, but also for how long. The challenge in Canada is that there are both federal and provincial laws that govern data management and privacy. Bradley notes that in Canada there’s no single law for retention practice, so compa-


nies must first classify the data and then re- search the laws regarding how long it must be maintained. Trembley further explains that when it comes to retention, ideally, companies should look at the applicable rules, whether federal or provincial, and then select the longest term for all and that becomes the retention schedule. “The other aspect of classifying data deals with personal information,” Trembley says. “Here you must identify confidentiality is- sues, media, and what you can actually send across the border. It all comes back to having done the work to classify data and under- standing how long it needs to be kept.” Establishing what data needs to be kept is another challenge. After all, housing thousands upon thousands of legal boxes or storing trillions of bytes of data can add up in a hurry. “We use a retention schedule,” Bradley says. “If you don’t have one, you need to keep everything, especially if you’re in a heavily regulated environment.” Trembley adds that when it comes to knowing how


long to keep data, she generally looks at three perspectives: what is the company’s mission and mandate and how it’s gov- erned. “Every business has social and legal obligations,” she continues. “What you keep has to do with the mandate.” Digital records management is another hot topic of conversation, and it’s be- coming more prevalent every day. But ac- cording to Bradley, “Technology is just a tool. You may have a different way of cre- ating information, but the concern is on the capture not how you create it.” In the end, managing records is much like anything else — by establishing a process that fits a business’s distinct needs. “The challenge is to make [the process] as easy as possible so it doesn’t get in the way of how people do their jobs,” Trembley concludes. “It sounds daunting but it can be done. It’s an on- going process.”


Bryan Soroka is a freelance writer in T


oronto, Ont.


“The Business of Security” Annual National Conference September 19-21, 2010 Crowne Plaza Hotel Ottawa Ontario


It is no secret that security technology has evolved throughout the decades and will continue to do so. This does not change the fact that the true fundamentals of security continue to be the protection of people, property and information. The key to these fundamentals is how they are delivered and managed for a specific site or business and their flexibility to adapt to inevitable change. If one were to remove procedures, physical and electronic equipment and controls from the security equation, the true foundation for a successful security operation is personnel and training. Thus the “Business of Security,” whether it is delivered by a security service provider or through a proprietary operation, is about successful recruiting, training and managing. From the Vancouver Olympic and Paralympic Games to the International Summits taking place this year in Ontario, our conference will focus on the lessons learned from these large security undertakings and how they might be adapted as a best practice and applied to our security operations.


For information on registration, accommodation, speakers and sponsorship opportunities visit our website www.csis-scsi.org or contact 1-800-461-7748.


WWW.SECURITYMATTERSMAG.COM JULY/AUGUST 2010 • SECURITY MATTERS 19


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32
Produced with Yudu - www.yudu.com