Most companies must manage large amounts of information and computer resources. This requires an effective management plan. Data management is the strategy that is used for organizing and managing data within an organization. A good plan should be based on four key elements of information management — ownership, security, retention policy, and enhancement policies.
A change control board is a special group that manages changes to a company's information technology systems. This board is typically responsible for the organization's data management control. The CCB ensures that system changes have been approved and tested before changes in the production system are made. This board meets on a regular basis and verifies and prioritizes all system change requests for the organization.
Data management typically includes security to protect the company's data assets. These steps vary depending on the type of data being maintained. Data security policies will normally include access controls, encryption procedures, and the retention polices.
Most government institutions have strict data management procedures. These steps are required to ensure adequate security for military technologies and government secrets. Data security for sensitive data may include special physical access controls, which makes the data unavailable to the general public. This type of data is typically locked in secret facilities managed by armed guards.
Data privacy protection has become increasing important with the popularity of the Internet. Data management controls typically include the privacy restriction procedures designed around sharing data obtained through the Internet. Businesses are typically required to obtain approval from customers before privacy data can be shared with other companies.
Data retention polices are the rules that govern the length of time data should be managed and saved before it is destroyed. These rules vary depending on the company and department using the data. Data management polices define the retention requirements for a company. This retention requirement is extensive for financial institutions and law enforcement agencies, which are required to manage data for decades.
Data management also includes the granting and management of passwords for computer programs. These are the ownership and governance rules around the data of an organization. The procedures define how an individual can gain access to the data. This typically includes formal procedures and vetting processes.
Data access controls should include procedures for employees who leave a company. An access-removal process is required when an employee is terminated. Data security procedures should include auditing steps that ensure terminated employees do not have access to the company's sensitive data.