It’s 2025, and most every organization over a few hundred people likely has a Records Retention Schedule. It may have even been extended to include Non-Records, and their related retention and disposition requirements.
Most organizations will also have an enterprise architecture management system – a system that stores the applications the organization utilizes. And, more and more organizations have developed an enterprise Information Classification model, where the various departments have classified their information into one of three or four sensitivity categories.
So we have some of the organization’s information documented in the Retention Schedule, and we know what applications an organization has in the architecture management system.
But the Retention Schedule doesn’t typically include where the Records are stored, or their classification. The enterprise architecture management system doesn’t distinguish between Records and Non-Records, and most applications documented in that enterprise architecture management system can’t even apply retention.
And the Information Classification model can tell 365 Admins how to handle information containing specified data elements, but not if it should have been disposed of years ago (or is on hold, a whole additional layer to consider). Where is the information-centric catalog that lists all of an organization’s information types, if it is a Record (and how to manage its related Non-Records), where the information is stored (in both final and draft versions), it’s classification level, and other key metadata about the organization’s information? Enter the Information Asset Catalog.
And while Records absolutely need to be secured, so do your Non-Records – all of your information. They need to know the entirety of the organization’s footprint and where it resides. And up to 60% of breaches are caused by insiders – the proper access and handling controls need to be in place as outlined in the information classification model. This can’t happen effectively if there isn’t a complete catalog of all of your information and where it resides, in draft and final stage. Your Head of Litigation needs to read not only the final executed version of a key contract involved in litigation, but potentially the three prior draft versions (likely non-Records). So again, a complete Information catalog is needed. Your Records Management Group needs to understand the full scope of what needs to be retained and disposed of – this is more important than ever with the rate at which information is created daily. Your entire organization must be able to extract needed details from information to make decisions, and know where to look for it quickly. All of these examples underscore the need for a catalog, in a relational format, with the information assets as the primary key.
Information is the lifeblood of any organization – and is the riskiest part of that organization in the wrong hands, and a source of incredible value in the right hands. Organizations need to ensure they are not missing this critical view into their most important asset: their information. Take control of your information today. Whether you need expert advice, custom solutions, or guidance through information management challenges, we’re here to help you. Contact us at contact@infotechtion.com, to speak to one of our experts.
Our next blog will cover how to prepare for and execute an information asset catalog project – stay tuned!
