Information Flow Analysis is the means by which all the relevant data subject to regulation or other control, and its movements, are inventoried, for purposes of defining areas of potential risks to security, and for understanding where discoverable information may exist within business operations.
An Information Flow Analysis is necessary to properly prepare for compliance with information security regulations and standards, and is an essential part of the Integrated Information Security Management Process necessary for continued compliance over time.
An Information Flow Analysis involves reviewing existing system and process documentation and interviewing key players in order to locate all official and unofficial uses of information. Uses that are found outside of a defined business process may be subject to greater threats to security, or may be difficult to properly produce during a civil suit.
All uses of information that is subject to regulation must be cataloged and described so that proper precautions can be taken to ensure compliance.
Through the use of narratives, lists, and diagrams, the various systems and flows are described and identified for further analysis and assessment of risks following completion of the Information Flow Analysis.
Find out more about the Integrated Information Security Management Process
Find out more about Risk Analysis and Risk Assessment
Find out more about Compliance Assessment Services
Go to the Services Overview