The Business Case for Microsoft Information Governance
Updated: Nov 29, 2020
In the information age, information is an asset that can be used to add value, identify new opportunities, reduce costs, minimize risks. Knowledge workers are information workers that create, collaborate, analyze, and share information, and Information Governance ensures information availability, trustworthiness, and completeness while reducing operational risks and costs. It is a framework to connect people, information, and insights with transparent and inherent compliance and security. For companies to invest in information governance, they need to see the value of it. The more it provides value, the more important it gets.
Information Governance for M365 enables users to easier find and trust information they find, and it minimizes risks by ensuring M365 is compliant with business standards and regulations.
What problems do Information Governance solve?
For companies to invest in Information Governance, it needs to solve one or more problems. Without an identified problem, there is no point pitching a solution. Below are some generic questions you can ask to identify the value of Information Governance for M365.
For ensuring information availability, trustworthiness, and completeness:
Is it easy for people to find the correct Teams or site to store or discover information? If not, what is the consequence of this? In 5 years from now, will it be better or worse?
Is it easy for people to find all relevant information across multiple Teams or sites? If not, what is the consequence of this? In 5 years from now, will it be better or worse?
Is it easy for people to trust the information they find in Teams and sites? If not, what is the consequence of this? In 5 years from now, will it be better or worse?
For reducing operational risks and costs:
Is M365 compliant with business requirements for defining information ownership, security classification, archiving, etc? What is the consequence of this? In 5 years from now, will it be better or worse?
Is M365 compliant with regulations like GDPR defining how information about people should be managed, e.g. data minimization and storage limitation? What is the consequence of this? In 5 years from now, will it be better or worse?
Is M365 able to replace legacy systems to reduce operational costs and risks? How much could be saved over 3 or 5 years if we did replace the relevant legacy systems? What would be the benefit for users?
Analyze the as-is situation
The business case for information governance requires us to analyze the problems of the current situation, and the consequences of the problems.
The analysis may include interviews with business, IT, legal, and compliance leaders to identify the problems of the as-is situation
The analysis may include maturity assessments to document the gap, e.g. workshops where the business rate as-is of current state and value of to-be
The analysis will also identify information management requirements that needs to be met, e.g. business standards and regulations
Examples of questions that we ask different stakeholders:
For the business: Are they able to find and trust the information they need in and beyond M365? Have there been incidents where lack of information created risks or costs for the business? Surveys and maturity assessments are techniques that can be used.
For the Compliance team: Do they see the risks of non-compliance with different regulations in M365 and beyond, e.g. GDPR? Are there other companies like us that have already been fined for non-compliance? And if we failed an audit, what would this mean for our reputation and stock price?
For the Legal team: What are their annual eDiscovery costs, and what could be saved by reducing the time and money spent on reviewing non-relevant information? And have they ever experienced that contracts and agreements could not be found? If so, what are the potential cost implications of this?
For the IT team: Are there legacy systems that can be replaced with M365? As an example, a client paid more per year for an ECM system for 1500 users than the cost of the E5 Information Protection and Governance add-on license for 30,000 users. Proof-of-concepts also found the Microsoft solution offering more integrated controls and a better user experience.
Identify the to-be situation
M365 Information Governance goals are agreed upon based on business and IT goals and priorities. The bigger the problem, the better is the business case.
The business case of information governance needs to cover strategic, operational, and tactical benefits
The business case may be for a program that include many small projects, e.g. governance for new Teams and site, add governance to pre-existing, replace legacy IT with M365
The better it support the strategic goals, the less important is an actual ROI
Soft savings may include improved productivity and better knowledge sharing
Hard savings may include reduced operating costs due to sunsetting of legacy systems and reduced litigation costs to better governance and more in-house processes
The Infotechtion client engagement focuses on establishing IG strategy and business case based on business and IT goals and requirements. Based on this we recommend an architecture as foundation for automation that usually contain a number of Microsoft features, e.g. Retention labels, Sensitivity labels, DLP, SharePoint Syntex.
The IG Adoption Strategy often covers the following components:
The IG Solution Blueprint Design often covers the following components:
Feel free to contact us if you need help establish a business case for IG. Below are some blog posts that may be of interest.