Compliance is one of the component of the widely discussed GRC (governance, risk, and compliance) framework, which integrates three key elements of organizational strategy, the other two being governance and risk. The GRC framework encompasses all aspects of organizational strategy and operations, including those that involve the creation, collection, retention, disclosure, ownership, and use of information by companies, government agencies, and non-profit entities. Information governance develops strategies, policies, and initiatives to maximize the value of an organization's information assets. Information risk management is responsible for identifying, analyzing, and controlling threats to those assets. Information compliance seeks to align an organization's information-related policies and practices with applicable requirements. Academic researchers, legal commentators, and management specialists have traditionally viewed compliance as a legal concern, but compliance is a multi-faceted concept. While adherence to legal and regulatory requirements is widely acknowledged as a critical component of compliance initiatives, it is not the only one. Taking a broader approach, this book identifies, categorizes, and provides examples of information compliance requirements that are specified in laws, regulations, contracts, standards, industry norms, and an organization's code of conduct and other internal policies. It also considers compliance with social and environmental concerns that are impacted by an organization's information-related policies and practices. The book is intended for compliance officers, information governance specialists, risk managers, attorneys, records managers, information technology managers, and other decision-makers who need to understand legal and non-legal compliance requirements that apply to their organizations' information assets. It can also be used as a textbook by colleges and universities that offer courses in compliance, risk management, information governance, or related topics at the graduate or advanced undergraduate level.
Industry Reviews
Information Compliance: Fundamental Concepts and Best Practices takes the reader through the multifaceted requirements of compliance from information creation, retention, preservation, access, security and ownership. With his ability to simplify concepts and define key issues regarding laws, regulations and industry standards, Saffady has written a book for all professionals concerned with compliance and managing information assets.
The relationship between records management and compliance is both relevant and topical, and can not be overestimated for business, academia, government and private/public entities. This book provides background, frameworks and tools to understand the dynamics of that critical relationship. Saffady has crafted a holistic and pragmatic tome.
