Information management: packaged pre caution; Security safeguards and backups are only part of due diligence for laptop users, small businesses and corporate giants.

• Author: Marks, Susan J.
• Position: Q2 Tech

Rock Resorts, part of Vail Resorts Inc., wanted complete and better data from its different properties from Vermont to California so that it could compare information across resorts and in turn enhance its corporate decision-making. [??] Hewlett-Packard Co. needed a way to keep tabs on its far-flung internal projects--about 3,000 worldwide at any one time--and to do it without interfering with those projects or stifling employee creativity. [??] Denver Health Medical Center sought a way to guarantee the security of information on its systems and at the same time ensure regulatory compliance at its various facilities.

[ILLUSTRATION OMITTED]

Implementation of an information-management strategy proved the answer for these companies and has done the same for many others. In fact, in today's data-overloaded business environment, experts agree that formal information management--also known as information stewardship--has become a competitive necessity for all types of companies.

Information management encompasses a huge realm, far beyond someone simply knowing where to find a piece of data at any given time.

It's information security, backup and recovery, storage, data quality, data sharing, privacy and disclosure, and continuity planning, too. That's everything to do with the full lifecycle of a package of information, says Julia H. Allen, senior member of the technical staff at the Software Engineering Institute, at Carnegie Mellon University in Pittsburgh.

Yet the real bottom line for information management is security, adds Ed Vazquez, former information services security manager at Denver Health Medical Center. "If the proper checks and balances occur in the security arena, then the job of trying to manage the rest of it and assure the integrity of it, and ensure the availability of it almost fall into place by itself."

Companies that do any sort of business in a public venue whether they're publicly traded or simply a sole proprietorship need information management policy, says Vazquez.

While at Denver Health, he spearheaded creation of security and information management policy for the organization with its 5,500 to 8,700 employees (depending on the season) throughout the Denver metro area.

If a company doesn't specify what is and isn't acceptable practice relating to handling information--that means a list of "thou shalls and thou shall nots"--it's almost impossible to manage data flow, Vazquez adds. Information management then becomes little more than a haphazard arrangement of whatever is convenient vs. what is correct--not only to meet regulatory requirements but also to meet industry standards.

Businesses need guidelines or governing documents to formalize information-access and handling processes, and to provide protection from liability if a leak occurs, Vasquez said. Without formal documents and procedures, a company or organization could be held liable for employee misuse of...