Information governance is about better managing information assets, not just ensuring compliance. Information Governance (IG) seeks to meet the needs of the total organization (Compliance, IT, and lines of business) with optimized information management practices.
“Information governance includes decision rights and an accountability framework to encourage desirable behaviour in the valuation, creation, storage, use, archiving and deletion of information. Information governance reduces the cost and risk associated with information, increases the value of information, and therefore supports business growth” – Debra Logan, VP, Gartner
Benefits include better information availability, completeness, and trustworthiness, but also reduced operational, financial, and legal risks (see previous blog post about business benefits).
An IG program should have a coordinating role between multiple disciplines for managing information across the lifecycle – like in the below Information Governance Reference Model.
Office 365 includes a lot of features and technologies to help you manage and protect information (see previous blog post), but you still need a governance framework around this.
“Software is not a silver bullet for information governance. Look beyond vendor hype – information governance is not something to go buy so you can say your company has it. Look at information governance as an evergreen corporate objective, enabled by programmes, policies, people- and yes, a range of technologies.” – Cheryl McKinnon, Principal Analyst, Forrester
Effective information governance depends on:
- Setting policies and standards over the information lifecycle
- Assigning responsibilities and authorities for managing the information
- Establishing and promulgating procedures and guidelines
- Providing a range of services relating to the management and use of information
- Designing, implementing and administering systems for managing information
- Integrating information management into business systems and processes – the goal is often compliance by design
- Monitoring and addressing non-compliance
- Continuous improvements
Information governance is therefore an ongoing process – think 360° program for information governance. This often entail the following ongoing steps.
For ensuring information management compliance:
- Executive direction: Leaders will need to lead by example and communicate the importance of information governance and compliance
- Policies and procedures: Document what is expected from staff, but also ensure that policies and procedures are updated based on new regulations and standards
- Communication: Ensure staff knows what is expected from them
- Training: Staff and contractors are educated about what we expect them to do
- Systems: Continuously work on automating information governance
For detecting non-compliance:
- Key Performance Indicators: Establish metrics to measure compliance
- Monitoring: Continuously check system and logs to detect non-compliance
- Audits: Site visits to verify compliance among staff and executives
- Workshops: Run workshops to identify ways to avoid compliance
For responding to non-compliance
- Enforcements: Ensure staff and executives understand the implications of non-compliance
- Improvements: The IG program needs to change when the requirements change. This could be changes to technology, lifecycle model, metadata model, policies, procedures, training, communication, etc.
Feel free to contact us if you need help establishing an information governance program, or if you need help creating a business case for setting up an information governance program.