ISO 21502:2020 Clause7.16.2 Identifying which information should be managed

Project Management 4 Minutes

The necessary information and documentation should be identified and managed by data confidentiality, security and accuracy requirements. Information and documentation related to a project can include plans, progress assessments, reviews, audits, quality reviews, contracts, reports, communications and specialist information relating to the outputs such as designs, specifications and standards.

In information and documentation management, determining which information should be managed involves a structured process that typically includes the following steps:

  1. Needs Assessment: The project organization assesses its current and future needs for information. This involves understanding the goals, objectives, and requirements of the organization, as well as the information needs of different stakeholders.
  2. Stakeholder Analysis: Identifying and analyzing stakeholders helps in understanding their information requirements. Different stakeholders may have different needs, priorities, and preferences regarding the information they require.
  3. Regulatory and Legal Requirements: Compliance with regulatory and legal requirements is essential for many organizations. This includes requirements related to data privacy, confidentiality, retention, and disposal.
  4. Risk Management: Identifying and managing risks associated with information management is crucial. This involves assessing the potential impact of risks such as data breaches, loss of information, or non-compliance with regulations.
  5. Business Processes and Workflows: Analyzing business processes and workflows helps in understanding the flow of information within the organization. This includes identifying critical information inputs, outputs, and dependencies.
  6. Information Audit: Conducting an information audit helps in identifying and categorizing the existing information assets within the organization. This includes assessing the volume, format, quality, and accessibility of information.
  7. Technology Infrastructure: Assessing the organization’s technology infrastructure helps in understanding its capabilities and limitations for managing information. This includes evaluating existing systems, tools, and platforms for storing, organizing, and retrieving information.
  8. Strategic Objectives: Aligning information management initiatives with the organization’s strategic objectives ensures that the managed information supports the overall mission and goals of the organization.
  9. Continuous Feedback and Improvement: Information management is an ongoing process, and it is essential to continuously gather feedback from stakeholders and monitor the effectiveness of information management practices. This feedback loop helps in identifying areas for improvement and making necessary adjustments.

By following these steps, the project organization can systematically identify which information should be managed and develop appropriate strategies for managing it effectively.

The necessary information and documentation should be identified and managed by data confidentiality, security and accuracy requirements.

Data confidentiality, security, and accuracy requirements are crucial factors in determining which information should be managed within an organization. Here’s how these requirements help identify and manage necessary information:

  1. Data Confidentiality: Certain types of information within an organization may be sensitive or confidential, such as personal data, financial records, proprietary information, or trade secrets. Identifying and managing such information ensures that it is protected from unauthorized access, disclosure, or misuse. This involves implementing access controls, encryption, and other security measures to safeguard confidential data.
  2. Data Security: Beyond confidentiality, data security encompasses protecting information from various threats, including unauthorized access, cyber-attacks, malware, and insider threats. Managed information should adhere to security best practices, including regular security assessments, threat monitoring, and incident response protocols. By identifying and managing information based on security requirements, organizations can mitigate risks and maintain the integrity and availability of their data.
  3. Data Accuracy: Accurate information is essential for making informed decisions and conducting business operations effectively. Managing information based on accuracy requirements involves ensuring data quality, consistency, and reliability. This may include implementing data validation processes, error detection mechanisms, and data governance practices to maintain the accuracy of managed information.

By prioritizing data confidentiality, security, and accuracy requirements, organizations can effectively identify and manage the necessary information and documentation while mitigating risks and ensuring compliance with regulatory and legal standards.

Information and documentation related to a project can include plans, progress assessments, reviews, audits, quality reviews, contracts, reports, communications and specialist information relating to the outputs such as designs, specifications and standards.

Information and documentation related to a project encompass a wide range of materials critical for its success. Here’s a breakdown of the types of information and documentation commonly associated with project management:

  1. Plans: Project plans outline the scope, objectives, timeline, resources, and activities required to accomplish project goals. These plans may include project management plans, work breakdown structures, schedules, resource allocation plans, risk management plans, and communication plans.
  2. Progress Assessments: Regular assessments of project progress help track performance against established goals and milestones. Progress assessments may include status reports, progress dashboards, key performance indicators (KPIs), and milestone reviews.
  3. Reviews and Audits: Reviews and audits are conducted to evaluate project performance, adherence to standards, and compliance with requirements. These may include project reviews, quality assurance audits, financial audits, and compliance assessments.
  4. Quality Reviews: Quality reviews assess the quality of project deliverables and processes. This includes quality control measures, inspections, peer reviews, testing results, and customer feedback.
  5. Contracts: Project contracts outline the legal agreements between stakeholders, including clients, vendors, subcontractors, and partners. Contract documentation includes terms and conditions, statements of work, service level agreements (SLAs), and procurement contracts.
  6. Reports: Various reports provide insights into project status, performance, risks, issues, and outcomes. These may include progress reports, status updates, financial reports, risk registers, issue logs, and lessons learned reports.
  7. Communications: Effective communication is essential for project success. Communication documentation includes meeting minutes, emails, memos, presentations, and collaboration tools used to exchange information among project stakeholders.
  8. Specialist Information: Specialist information pertains to domain-specific knowledge, expertise, and technical specifications relevant to project outputs. This may include designs, specifications, standards, technical documentation, research findings, and best practices.

By managing and maintaining these types of information and documentation throughout the project lifecycle, project teams can ensure transparency, accountability, and alignment with project objectives, ultimately contributing to successful project delivery.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a ReplyCancel reply