Loading ...

Ask an expert. Get a professional answer.
100% satisfaction guarantee.

Get An Answer
Home » Management » How do you make a system of business information management for your company?

How do you make a system of business information management for your company?

Written By

David Finney

Managing Director at The Energy of Conversation

Briefly Speaking

Read these 5 crucial steps to successfully make your company's system of business information management.
0 Comments

To make your company’s system of business information management, I would recommend writing an Information Management Policy before anything else – i.e. a statement of intent from top management with regards to the management and security of information across the business.

Then a logical course of action would be to follow the Information Classification control in ISO 27001, the information security standard (the Control Reference is 7.2). This control is essentially about the categorisation and handling of information. Here is an introductory step by step guide to achieving this:

  1. Devise a simple classification system of business information management

    EXAMPLE: 
    Security Level 1 – for all ‘personal’ or other critical information
    Security Level 2 – for all client and company confidential information
    Security Level 3 – for all information that can be viewed by the general public

    For each level, you would devise a procedure that instructs staff how to handle information in each category – i.e. a procedure appropriate to that level of security. You can give each level a name that is easy for staff to remember – e.g. Secret for Level 1 or maybe a code, SL1.

  2. List all (information) assets in the company (ISO 27001 would also include ‘physical’ assets)

    EXAMPLE: Customer Contracts, Customer Invoices, Customer Bank details, Staff Appraisals, Staff Salaries, Supplier Records, Project Procedures, Company Strategy, Marketing Brochures, Trade Magazines, etc. etc.

  3. Assign an owner to each

    EXAMPLE: 
    Customer Contracts (Head of Sales)
    Customer Invoices (Finance Director)
    Customer Bank Details (Finance Director)
    Staff Appraisals (Head of HR)
    Staff Salaries (MD)
    Supplier Records (Purchasing Manager)
    Project Procedures (Quality Manager)
    Company Strategy (MD)
    Marketing Brochures (Marketing Manager)
    Trade Magazines (Office Manager)
    Etc.
     

  4. Label each asset with the appropriate category

    EXAMPLE: 
    Customer Contracts (SL2)
    Customer Invoices (SL2)
    Customer Bank Details (SL1)
    Staff Appraisals (SL1)
    Staff Salaries (SL1)
    Supplier Records (SL2)
    Project Procedures (SL2)
    Company Strategy (SL1)
    Marketing Brochures (SL3)
    Trade Magazines (SL3)

  5. Train staff to use the system of business information management and then check that they are doing it correctly. Adopting this 5-Step approach in information management has multiple benefits:
  • Members of staff are clearer on how to manage the different types of information
  • There is a greater quality and consistency in managing information across the organisation
  • Clients have increased confidence and trust in the organisation as a supplier

To fully implement a culture of information security, it is recommended that an organisation works in partnership with a qualified trainer or consultant. As an introduction to information management, the above guide should help to point the way forward and enable businesses to at least make a start.

Read More: Setting Up A Business
Is this article helpful?
Yes No
0 Reader Comments

Share your thoughts.

Log in or Sign up

Please sign in below. If you don't have an account, please create one.

I don't remember my password

Sign Up

Create an account below.

Passwords should be 6 characters or more.

Send feedback

Let us know what you think - good, bad, or ugly.

Coming soon!

We haven't released this to everyone yet, but we're almost ready. Please leave your email so we can let you in first.