Information Governance Requires a Combination of Policy, Process and People to Drive a Business Outcome
Information and Digital data is growing rapidly and moving beyond the enterprise with the following impact:
- Business value and risk is often unknown and unmanaged,
- Sharing information with partners and suppliers is routine,
- Social networking and mobile access is prevalent,
- Risk of security breach or information loss is growing.
Information Governance is a subset of corporate governance and can deliver the following business benefits:
- A strategic approach rather than tactical,
- Alignment of information management with business processes,
- Flexibility to provide proper control without limiting corporate responsiveness,
- Provide a threefold focus on information that manages the risk, reduces the cost and maximises the business value of information,
- Includes Information Lifecycle Governance.
The primary project deliverables of an Information Governance program include the IG Strategy, Framework and Roadmap. Collectively they will form the basis for Information Governance at an organisation.
The emerging field of information governance involves contributions from professionals in multiple disciplines, including: cybersecurity, legal, information technology, information management, records management, privacy, risk and compliance. In most organisations, it is almost impossible to get all these groups working to the one agenda without creating an Information Governance Framework in which to work.
One of the challenges enterprises currently face is the lack of management of all information across their business processes, from end to end. This can affect a number of business functions, including the ability to work with external teams, and the ability to provide employees with flexible arrangements such as mobility.
Understanding how your organisation leverages information holistically, from end to end, and the management of this information, can be realised with an Information Governance Program. An Information Governance program consists of the activities and technologies that organizations employ to maximise the value of their information, while minimising the associated risks and costs.
A key component of a digital strategy is understanding what information is consumed and created across your organization, aligning this with your business strategies, and understanding the governance requirements of this information.
An Information Governance Program needs to be continuous to support the business in the rapidly changing compliance landscape, both in Australia and globally. It should aim to align organizational policies, practices and procedures to ensure compliance. This alignment will empower the business and IT stakeholders to implement changes, enable employees to adopt the changes, and will ensure that all areas of the business are aware of their responsibilities. Individuals can be accountable for compliance.
The following are key components in developing an Information Governance Framework and ongoing program:
- Identify the relevant stakeholders and establish the Information Governance Steering Committee. Securing an executive sponsor at the senior management level is crucial to successful Information Governance programs. Without it, it will be difficult to obtain buy-in from all areas of the business.
- Ensure you have representation from a cross-functional team. At a minimum, you will need leaders from IT, records management, information security, compliance, risk management, human resources and executive management.
- Work with relevant stakeholders across the business to agree the required Information Governance Framework components and understand the current and desired future state for each Information Governance component.
- Capture high level requirements for each of the Information Governance Framework components including:
- Roles and Responsibilities
- Legislative requirements across jurisdictions
- Policies and Procedures
- Retention & Disposition
- Filing Structures (Taxonomy)
- Storage, infrastructure and other technologies/applications (e.g. mobile, cloud, social)
- Access, security and data protection
- E-Discovery and Legal Holds
- Identify the required actions to meet the requirements for each Information Governance component
- Undertake an audit of key enterprise information assets. This audit log will provide a baseline that evolves over time as the Information Governance Program gains momentum.
- Prepare the Information Governance Framework and issue to nominated stakeholders for review.
This article is intended as a starting point for Information Governance, not a step by step guide. Each organisation will have specifics, such as the different legislations that underpin their business model. At a high level, we can see that it is all about designing the enterprise policies and the supporting process, then enabling all staff to adhere to these and access the right information at the right time.
Overall, an Information Governance framework and program will provide businesses with the information they need to make informed decisions, protecting their critical and vital information systems. It gives organisations the tools they need to improve efficiency and responsiveness, delivering overall better business outcomes.