Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- D4.1: Structured account of approaches on interoperability.
- D4.2: Set of requirements for interoperability of Identity Management Systems.
- D4.4: Survey on Citizen's trust in ID systems and authorities.
- D4.5: A Survey on Citizen’s trust in ID systems and authorities.
- D4.6: Draft best practice guidelines.
- D4.7: Review and classification for a FIDIS identity management model.
- D4.8: Creating the method to incorporate FIDIS research for generic application.
- D4.9: An application of the management method to interoperability within e-Health.
- D4.10: Specification of a portal for interoperability of identity management systems.
- D4.11: eHealth identity management in several types of welfare states in Europe.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
Information management principles domain
The five principles discussed below underpin the work behind the modelling and are intended to serve as guidelines for those involved with the design and operation of information systems, irrespective of the technology being deployed.
The principles bring together the high-level internal policy issues and the detailed operational levels of any business. They are intended to provide a framework within which managers and others can develop detailed operational procedures. Alternatively they may be used as a template to check for the completeness or adequacy of an existing set of procedures and job descriptions.
The five principles take the form of a set of statements of objectives for information management. These are intended to act as guidelines for a set of procedures that any institution should be capable of devising and operating as an extension of their current standard operating procedures, or of their quality management processes. In other cases some of the recommended controls may already exist as part of a set of industry regulations.
Thus, instead of attempting to specify in detail what these procedures should be, it is understood that different industry sectors will have different requirements and may only need to use the principles as a checklist to test the completeness of their current regulations.
Five Principles of Information Management
The Five Principles are:
1 Recognise and understand all types of information
2 Understand the legal issues and execute "duty of care" responsibilities
3 Identify and specify business processes and procedures
4 Identify enabling technologies to support business processes and procedures
5 Monitor and audit business processes and procedures
The ordering of the principles also reflects a cascade from the high level classification of information streams to responsibilities, and then on to technology and operational considerations.
Information
To ensure that the institution:
Recognises, understands and controls data and information through its classification, structure and the way it is represented
Chooses appropriate methods to capture, store and transmit data within the institution and across its boundaries to, and from, its business partners
Evaluates the information that it holds and takes appropriate measures to protect its information resources.
Implements appropriate levels of security for managing its information.
Duty of Care
To ensure that the institution:
Informs appropriate staff of pertinent legislation and regulations which apply to the way information and data is handled within their industry and business activities
Executes its responsibilities under the duty of care principle.
Processes and procedures
To ensure that the institution:
Identifies, documents and describes its processes and procedures.
Monitors and controls changes to standard procedures using the documented descriptions of its operations.
Enabling technologies
To ensure that the institution:
Identifies, assesses and applies appropriate technologies to support and enable its business processes and procedures
Establishes procedures to monitor and control potential exposure to risks arising from the misuse or failure of its computer systems
To ensure that the institution:
Employs appropriate measures to monitor and document its operations and any deviations from its designated standards and methods of operation as established by its industry’s regulatory bodies.
10 / 16 |