top of page

Do not miss new blog posts! Subscribe to new posts, news, and updates.

Thank you for joining our Blog subscription!

An Information Governance Maturity Assessment to Establish a Business Case for Change

Updated: Mar 24

An information governance maturity assessment is an excellent technique to document what users struggle with (e.g. finding information, trusting the information they find, securing sensitive information, sharing information externally), and the importance of improving how information is accessed, shared, and managed. This will help you establish a business case for change, but also prioritize your efforts.

Information governance maturity assessment

You have several information management or information governance maturity models to choose from. Below are some examples, but this is not a complete list.

For Information Governance:

  • The Principles Maturity Model (Maturity Model) from ARMA is based on their Generally Accepted Record keeping Principles® (Principles), as well as the extant standards, best practices, and legal/regulatory requirements that surround information governance and describes for each Principle the characteristics of effective information governance at five distinct levels of development.

For Enterprise Information Management:

  • The Mike2 information management maturity model proposes five levels of maturity that an organisation may be assessed at based on their information management practices.

  • The ECM3 maturity model was developed jointly by Wipro, The Real Story Group (formerly CMS Watch), Smigiel Consulting Group, and Hartman Communicatie, but it is in need for an update since it doesn´t cover analytics/machine learning or the impact of the cloud.

  • The Gartner Enterprise Information Management maturity mode provides you with the building blocks for establishing an information management program. This entail a vision, strategy, metrics, governance, organization and roles, life cycle, and infrastructure

For Data Management:

  • The CMMI Institute´s Data Management Maturity Model provides guidance for improving an organization’s capability to build, improve, and measure their enterprise data management program. These best practices help organizations benchmark their capabilities, identify strengths and gaps, and leverage their data assets to improve business performance.

Define your maturity levels

For doing an information governance maturity assessment, you need to determine the maturity levels that makes most sense for you based on your program scope. The above maturity models often contain good descriptions of each level. As example, this is how the MIKE2 model describes the different information management maturity levels:

  • A Level 1 organisation has no common information practices. Any pockets of information management maturity that the organization has are based on the experience and initiatives of individuals.

  • A Level 2 organisation has little in the way of enterprise information management practices. However, certain departments are aware of the importance of professionally managing information assets and have developed common practices used within their projects. At the enterprise level, a level 2 organization reacts to data quality issues as they arise.

  • A Level 3 organisation has a significant degree of information management maturity. Enterprise awareness, policies, procedures, and standards exist and are generally utilized across all enterprise projects. At level 3, the information management practices are sponsored by and managed by IT.

  • A Level 4 organisation manages information as an enterprise asset. The business is heavily engaged in information management procedures and takes responsibility for the quality of information that they manage. A level 4 organisation has many mature and best-in-class practices and utilizes audits to ensure compliance across all projects.

  • A Level 5 organisation considers information to be as much an enterprise asset as financial and material assets. A level 5 organisation has best-in-class information management practices that are utilized across all enterprise projects. The distinguishing characteristic of a level 5 organisation is the focus on continuous improvement. At level 5, all data management practices and assets are regularly measured and the results are analysed as the basis for process improvement.

Define your areas to cover

For doing an information governance assessment, you also need to determine the areas or dimensions to cover. As an example, the ECM3 model covers the following 13 areas:


  • Business Expertise - Employee and executive education and understanding of core ECM precepts

  • IT Expertise - Ability to properly take advantage of incumbent and new systems

  • Process – Extent to which enterprise has analyzed its content-oriented business processes

  • Alignment – Extent of effective Business – IT collaboration, understanding, and synchronization


  • Content/Metadata – Extent to which enterprise has analyzed its content and metadata

  • Depth - Completeness of content lifecycle management

  • Governance- Extent of policies and procedures addressing information management

  • Re-use - Extent realization of content re-use opportunities

  • Findability - Ability to find the right content at the right time


  • Scope – Relevant range of ECM functional capabilities (DM, BPM, DAM, etc.) adopted

  • Breadth – Evolution from departmental to enterprise-wide management systems, where necessary

  • Security – Extent to which actual content access reflects enterprise entitlements

  • Usability -- Application fitness to purpose

Consider adding any missing areas that are relevant for you, e.g. Analytics and/or Cloud.

Define your method of analysis

The maturity assessment can be done as a quantitative or qualitative study. Consider asking users to describe the as-is maturity level, and if it is important for them that this is improved (to-be maturity level). The results will help you document the business problems of the current situation, and the importance of improving certain areas for users.

Quantitative study using an online survey tool

  • Pros: Easy to reach many users

  • Cons: Users may misunderstand questions and possible answers

Qualitative study with virtual or in-person workshops

  • Pros: Possible to explain questions and possible answers

  • Cons: Requires more resources to run the assessment

Next Steps

You may also find the following blog posts of interest:

Feel free to contact us if you need help planning or running an information governance maturity assessment to develop a business case for change. This will also help you to establish the business case for implementing Office 365 compliance features.

bottom of page