When it comes to enforcing an IG strategy, I am often asked, “What is the one thing you would do to improve my program?” Without exception, my response is to always include the information governance department in the procurement process.
At first, it might seem like an odd requirement for a program, until you step back and look at the rapid deployment of technology within an organization. By now, most organizations have a data warehouse or two, either on premises or in the cloud, and are planning big investments in artificial intelligence, blockchain and the internet of things. Therefore, it is absolutely vital that the organization’s IG department be involved in the planning of these systems to ensure the data is accounted for and protected.
The Shadowy Reality
From this perspective, it is obvious that including the IG department in the procurement process makes perfect sense as part of the overall IG strategy. Most of these projects have high visibility from a budgetary perspective and are expected to have a huge impact on daily business processes. But what about those smaller projects within individual departments that are required to meet some immediate business need?
These needs are met, more often than not, by Software as a Service (SaaS) products. The software is readily available — maybe too much so. Anyone with a connection to the internet and a company credit card can sign up for a 30-day free trial of the latest trending tool that will solve their every problem with just a few clicks. Finding and procuring software in this way is called Shadow IT, and it is a reality in almost every organization. The issue only becomes known in the course of a software audit or, worse, during the discovery process of a legal matter. This is the epitome of that old saying: “You don’t know what you don’t know” — and, boy, do you need to know!
Update Software Policies
Shadow IT may be impossible to stop, but you can make accommodations for it in your organization’s overall IG strategy. Make it mandatory for any software purchase to be submitted to the information technology committee for approval before any new system is added to the organization’s infrastructure. SaaS systems can even be fast-tracked for an immediate need so that the request doesn’t slow things down. Include the IG department in the process as advisers, and authorize them to give approval for all software purchases. This way, the system can be noted in the data map, and any information asset can be identified and tracked, thereby covering all the bases in your organization’s IG strategy.
Nobody likes surprises when it comes to their business. Including the IG department in the decision-making process is the best way to deal with Shadow IT and still maintain control of your organization’s information assets. Adding this simple step in the process will make your organization’s information governance strategy much more effective in the long run.