Information Governance (IG) is more than today’s latest business buzz. It is a holistic practice to managing an organization’s information assets using a comprehensive series of policies and procedures which, when implemented correctly, increase productivity, lower costs and mitigate risk. It does this by providing consistency, integrity, security and availability of information assets.
In a recent Cohasset report, 85% of survey respondents indicate that their organizations have a records information management (RIM) program. However, a mere 25% report that their organizations have developed a strategy to enable a transformation to IG. A combined 51% of respondents indicate that the implementation of enterprise-wide IG policies is either underway or a priority in the next 12 months.
The good news is that having a RIM program is an important foundational step to establishing an IG program. Much of the confusion around IG concerns defining what it is. At its essence, IG can be broken down into four questions or “The Four Ws” as I call them. These are:
- What are your information assets?
- Where are they located?
- When can you dispose of them?
- Who owns them, manages them and has access to them?
The first three questions are answered with a solid RIM program, which includes the RIM Steering Committee. The first task in moving from RIM to IG is to expand the charter of this steering committee by answering the last question of who owns, manages and needs access to what assets. There are many more, but this task is usually a good place to start the transition process.
The industry standard for an IG Board is to establish two entities that have distinct roles that work together to ensure the strategic goals of the program are met. First, establish an Executive Board composed of Senior Management from all departments led by a C-suite sponsor who establishes IG policy. Second, establish a Working Committee of Subject Matter Experts from every department that establishes procedures to ensure the goals of the policy are achieved. This committee brings the institutional knowledge and resources to manage the daily business processes while communicating changes and challenges to the executive committee so that policies can be adjusted as needed. This committee is also responsible for prioritizing and communicating budgetary considerations so that resource and technology purchases are adequate to support the policy goals.
Determining who should own each of the information assets, who manages them and who needs access to what is a key factor of any IG program. This task is the perfect place to start with any new IG Board. This policy introduces discussions on collaboration, data loss prevention and cybersecurity to the committee moving forward. Information Governance is an ongoing process and it is the committee making it happen.