We are at a key inflection point, and going through a once in a generation change in how we do business, and this creates a unique opportunity to integrate Information management best practices and behaviors into the new operating model. If we act now, we can also leverage the ongoing digital transformation and develop a high level of engagement and awareness about information management. We can build on this to ensure the embedding of good IM behaviors, drive a better organization, accessibility, and usage of information across the enterprise, and position you/us to face the complexities of an evolving and changing global landscape.
Information Governance Scope
Information Governance and Records Management
Let’s look at the scope of Information Governance.
Governance is one of the ‘building blocks’ applied across the information lifecycle.
Every organization is unique in its way of working, and there are many different ways in which the business processes will flow through the information lifecycle, but the building blocks remain the same and combined with Information governance principles form the foundations for the maturing of information management practices and behaviors in future.
By maturing information governance as a foundation, ensures the right information is retained and available for the business to both extract better value from, as well as use it to support an agile and customer-centric organization.
Finally, I also wanted to use this slide to highlight the difference in the purpose of information governance vs records management. You cannot demonstrate compliant records management without a robust IG foundation. And, there is a lot that can already be achieved in meeting your IM compliance objectives with the IG scope and how it relates to Microsoft licensing.
The Core Principles
A definition of key governance principles is always a good starting point to set the direction of travel.
Information Governance Principles
The Vision: Clear understanding of objectives, priorities, and commitments
Customer and End-user first: Ensure the business and end-user is central to Information governance design.
Embed Behaviour: Like Health and Safety, Information governance is part of the Company’s DNA and second nature to people’s habits.
Ownership and Accountability: Clear ownership, accountability, and authenticity of information
Simplicity: Simple designs and solutions for the end-user to understand
Increased Clarity: with simple designs, the ability to navigate and find information
Consistency & Standardisation: Essential for guaranteeing the reliability of information and its transparent management
Secure, protected, and discoverable: Ensure all products and applications have basic ‘Compliance by design’ controls from the outset
The outcome of these core principles will be delivered through a long-term planning mindset, and in partnership between your IT partners, legal and business. This partnership should establish a core architecture as a foundation for a long term roadmap to lift your IM maturity over time and to objectively benchmark progress.
Architecture as Foundation for Automation
I want to talk about the importance of Information Architecture, it ensures that you have a standard approach to structure your information. How your collaborative spaces (Teams, SharePoint, etc.) are provisioned, configured to maximize teamwork, and how people share information, sets the foundation for future improvements. The prize is that by an architectural foundation, you instill confidence in the use of information and effective decision-making by the business.
Architecture as a Foundation for Automation
Part of establishing a good architecture foundation is enriching it with useful data about the information. Metadata plays a key role, it is an investment in the future findability of information.
Information Architecture and Enrichment: The more you invest time in developing the information, the more important it is to ensure you and your colleagues can find and reuse the information. You need therefore standardized metadata to manage unstructured information, which you can further leverage for improved business decision making. With Microsoft search, you can then show metadata as filters when users search for information. Make it easier to navigate, find, and sort files based on the business area, process area, country, etc.
Sharing and Protection: The next level is defining Sharing and access control to classify files with automatic watermarking and, encryption and access management. This not only protects information when it is in Microsoft 365 but outside too. Protection stays with the file where it goes!
Data Privacy Compliance: Using sensitive information types, Data loss prevention, and regular compliance search we can identify, assess, and apply prevention controls to information centrally. Many organizations don’t invest in these features as they require additional configuration and often lack the translation of privacy rules to actual conditions for policy configuration.
Retention management: If one of the key but most overlooked architecture facet which can solve a wide range of compliance issues. This requires a significant behavior shift to know your information and automate the decision making related to Keep what you need, delete what you don’t need.
Legal Discovery: is my final architectural component. When supported by overall governance architecture as you see on the screen, the eDiscovery, preservation, and HOLD capabilities in M365 standard discovery can streamline the overall cost of eDiscovery.
Let’s have a look at how this translates to enterprise architecture for governance and the foundation for automation.
Maximise E3 license Investment
Architecture is vital to strategic IG in several ways:
It can improve information findability and understanding for staff and customers.
It can enable better eDiscovery and (for the public sector) FOIA responses.
It can facilitate data privacy protection and compliance.
It can enable people and technology to capture, present, preserve, protect, organize, and manage information assets to fulfill their mission.
My final word on this topic. Architecture is the foundation of automation. Autoclassification and analytics tools can process and index enormous amounts of information with greater speed and consistency than humans, but they still depend on processes, information stores, content types, categories, and labels defined by your architecture.
So, what’s the best way to check your architecture score against these best practices?
Compliance Assessment Tools
We want to introduce one of the many Microsoft tools and accelerators we have been involved in as design partners with Microsoft!
Microsoft compliance analyzer is a new product that automatically assesses your tenant configurations against the governance best practices. The assessment is baselined on the geographical location of your tenant. This is a great tool, and I am very excited about this because we now are not only able to tell you the correct configurations but also give you customized compliance, protection, and overall governance suggestions based on your tenant location and the local regulations which may be relevant to your organization. We are actively working with customers to preview this tool and work with Microsoft to include more policy suggestions whether these are Data loss prevention or retention policy suggestions. So, if you are interested in trialing this to benchmark your governance, please drop us a quick note at firstname.lastname@example.org.
Most of the governance architecture work must be done upfront, and a plan to maintain and improve over time. When people can find the information they need, when they can collaborate effectively, when content and data are preserved appropriately, and when your information assets are securely managed, you can be sure that your governance investment is well worth the investment