Updated: Aug 1, 2020
Information governance is about better managing information assets, not just ensuring compliance. Information Governance (IG) seeks to meet the needs of the total organization (Compliance, IT, and lines of business) with optimized information management practices.
“Information governance includes decision rights and an accountability framework to encourage desirable behaviour in the valuation, creation, storage, use, archiving and deletion of information. Information governance reduces the cost and risk associated with information, increases the value of information, and therefore supports business growth” - Debra Logan, VP, Gartner
Benefits include better information availability, completeness, and trustworthiness, but also reduced operational, financial, and legal risks (see previous blog post about business benefits).
An IG program should have a coordinating role between multiple disciplines for managing information across the lifecycle – like in the below Information Governance Reference Model.
Office 365 includes a lot of features and technologies to help you manage and protect information (see previous blog post), but you still need a governance framework around this.
“Software is not a silver bullet for information governance. Look beyond vendor hype – information governance is not something to go buy so you can say your company has it. Look at information governance as an evergreen corporate objective, enabled by programmes, policies, people- and yes, a range of technologies.” - Cheryl McKinnon, Principal Analyst, Forrester
Effective information governance depends on:
Setting policies and standards over the information lifecycle
Assigning responsibilities and authorities for managing the information
Establishing and promulgating procedures and guidelines
Providing a range of services relating to the management and use of information
Designing, implementing and administering systems for managing information
Integrating information management into business systems and processes – the goal is often compliance by design
Monitoring and addressing non-compliance
Information governance is therefore an ongoing process – think 360° program for information governance. This often entail the following ongoing steps.
For ensuring information management compliance:
Executive direction: Leaders will need to lead by example and communicate the importance of information governance and compliance
Policies and procedures: Document what is expected from staff, but also ensure that policies and procedures are updated based on new regulations and standards
Communication: Ensure staff knows what is expected from them
Training: Staff and contractors are educated about what we expect them to do
Systems: Continuously work on automating information governance
For detecting non-compliance:
Key Performance Indicators: Establish metrics to measure compliance
Monitoring: Continuously check system and logs to detect non-compliance
Audits: Site visits to verify compliance among staff and executives
Workshops: Run workshops to identify ways to avoid compliance
For responding to non-compliance
Enforcements: Ensure staff and executives understand the implications of non-compliance
Improvements: The IG program needs to change when the requirements change. This could be changes to technology, lifecycle model, metadata model, policies, procedures, training, communication, etc.
Feel free to contact us if you need help establishing an information governance program, or if you need help creating a business case for setting up an information governance program.