Information Governance is the effective use and management of an organisation’s information assets to derive maximum value while minimising information-related risk. It encompasses all of the rules, regulations, legislation, standards, and policies an organisation needs to comply with when it creates, shares, and uses information.
There is a wide range of benefits, find out more about the benefits here
Yes, learn more about the pitfalls and how to avoid them here
The goal of Information Governance is to release the value of business information so that your organisation can:
- Comply with regulatory, legal, audit and discovery requests
- Access the right information from wherever it is needed
- Share business information both inside and outside the organisation
- Secure customer and enterprise confidential and personally identifiable information
- Control the unnecessary proliferation of information
- Remove duplicate or useless information
- Dispose of information as soon as it reaches its legal and business usefulness
- Classify information under the correct record code
- Store information in a single enterprise storage platform or record-keeping repository (where possible)
- Confirm the authenticity and integrity of information
- Align all line of business systems with Information Governance standards
- Educate employees about their Information Governance roles and responsibilities
- Document/Content Management
- Records Management
- Classification and auto-classification
ECM expert Chris Walker has identified 10 principles that form the basis of Information Governance:
- Information is an asset
- Information has purpose
- Information has sources and targets
- Information has deadlines
- Information has consumers
- Information carries obligations
- Information carries risks
- Information has many forms
- Information isn’t immortal
- Information demands accountability
You can read more in Chris’s informative blog here.
There are over 100,000 global regulations – governmental, industry and voluntary – which any organisation may need to comply with. In addition, the amount of legal events that an organisation faces continues to grow on a yearly basis. The ability to store, search and retrieve information effectively for regulatory audit of legal discovery purposes is a key driver for Information Governance. However, many organisations are finding that the disciplines and controls imposed through Information Governance can identify and unlock the value of business information to drive improved performance in areas such as customer experience, decision-making, product development and business agility.
No, organisations of any size can benefit from Information Governance. Just think of the amount of junk information held in email inboxes alone! Smaller organisations may often be unaware of the penalties of poor regulatory compliance and so may only discover how badly they are managing information when it is too late.
All information is different but the lifecycle it travels through is the same. Most commentators suggest there are six stages that information can pass through. These are:
How long each piece of information takes to pass through each stage of the life cycle will depend upon its type and content. Important considerations, such as document retention periods. will impact on the information life cycle.
Information Governance requires clear, effective management and accountability structures, governance processes, documented policies and procedures, trained staff and adequate resources. This requirement should be clearly set out in your Information Governance Framework. The Framework establishes roles and responsibilities and outlines how Information Governance policies and procedures will integrate with other company policies, such as Information Security. The standards and processes created through the Information Governance Framework are often implemented using an Information Governance Toolkit, this can be thought of as a “road map” enabling organisations to plan and implement best practice standards, as well as measure and report compliance on a regular basis.
Find out more about Creating an Information Governance Framework.
Information Governance owns the “big picture” of information issues, while Data Governance focuses on individual data pieces. Information Governance creates the accountability framework and decision-making responsibilities to ensure effective and efficient use of enterprise-wide information. Data Governance focuses on data quality and the policies and practices that provide the necessary elements to ensure data accuracy, validity, completeness, timeliness and integrity.
It is widely agreed that Information Governance and Records Management are closely related. Think of Records Management as an essential sub-set of Information Governance, managing the most important records through their life cycle. Information Governance encompasses wider elements such as information security, search, data privacy and business continuity. Most importantly, Information Governance addresses the full range of controls that an organisation wishes to have over its information, not simply the record retention of unstructured data.
An Information Governance Steering Committee, often called a Steering Council, is a multi-functional committee whose role is to set out the framework, strategy and plans for an Information Governance programme. It should always aim to include executive level members and business users from departments directly affected, as well as legal, HR and IT, ideally from day one. Involving business users is always a good idea, as they are best placed to understand the value held within the business information. Once established, the Steering Committee must spend sufficient time defining the purpose, scope, and authority of the committee and its plans. Oversight for Information Governance programmes typically includes the Steering Committee and working level groups.
The transition to an enterprise-wide model of Information Governance is a journey that takes vision, preparation, and effective execution. Any short best practices list should consider the five points below:
Assess information across the organisation and create a compelling set of short-term priorities while building the case for more comprehensive Information Governance.
To establish an Information Governance Framework, secure an executive sponsor, convene a multi-disciplinary Steering Committee, and devolve pre-work projects to smaller sub-teams.
- Break Silos
Eliminate information silos and focus on a consistent, policy-driven approach to manage information across the enterprise.
Develop and maintain unified information management policies that incorporate relevant standards and best practices.
- Dive Right In
Your Information Governance programme doesn’t need to be absolutely perfect. It is better to take a few small steps in the right direction than spend years creating the ultimate plan that is never executed.
Regulatory compliance is a key driver for Information Governance. However, some organisations are beginning to manage their information through ‘Active Compliance’. By practicing Active Compliance, organisations ensure their business adheres to industry-established best practices and procedures.
Find out more about ‘Active Compliance’.
There are many tools and technologies available that underpin Information Governance. Before you determine which is best for you, it is important to remember that there are three components to Information Governance – people, process and technology. They should be addressed in that order. Six of the tools and technologies to look at should include:
- Document/Content Management
- Records Management
- Collaboration platforms
- Storage and Archiving
If you are interested in learning more, see Selecting tools and technologies.
Statistics show that Information Governance improves decision-making by as much as 81%. It plays a critical role in making data available to all parties, enabling them to access, mine, and utilise data in readable, usable and searchable formats. Information Governance also helps overall with data analysis and aids in the mining of complex “Big Data” by supporting decision makers in applying rules and guidelines.
Find out more about Information Governance and Big Data.
A data warehouse will have its own data management processes for lifecycle management. An over-arching Information Governance policy takes these processes into account and actively addresses areas such as who has access to the warehouse data, and what its long-term retention schedule should be.
Enterprise Content Management (ECM) is a formalised means of organising and storing an organisation’s documents as well as other content that relate to the organisation’s processes. The term encompasses strategies, methods, and tools used throughout the lifecycle of the content. ECM is one of the key facilitating approaches for Information Governance.
For the most part, structured data refers to information with a high degree of organisation, such that inclusion in a relational database is seamless and readily searchable by simple, straightforward search engine algorithms or other search operations. Unstructured data is essentially the opposite. Unstructured data (or unstructured information) refers to information that either does not have a pre-defined data model or is not organised in a pre-defined manner. Unstructured information is typically text-heavy, but may contain data such as dates, numbers, images and video. For organisations, the key element of unstructured is almost always email.
Auto-classification is a feature found in some Record Management and Content Management Systems (CMS) that automatically scans the contents of a document and assign categories and keywords based on the document contents. As the information within an organisation explodes the ability to manually classify content is almost impossible and fraught with risk. Not only does auto-classification take a great deal of the information management burden from business users, it can be administered to automatically trigger actions as the information passes its lifecycle. One example is assigning the content for disposal when it has passed it’s retention deadlines.
Retention periods will depend on the type of business document and the regulatory requirements. Some of these will change depending on the specific geographical region.
Electronic discovery (or eDiscovery) refers to discovery in civil litigation or government investigations which deals with the exchange of information in electronic format (often referred to as electronically stored information or ESI). Some industry estimates have calculated eDiscovery to cost between $1.5-3 million per terabyte of stored information. Information Governance helps to ensure that only relevant information is returned from an eDiscovery request, saving a great deal of time, effort and cost – especially when you consider that current estimates suggest that for every 1044 pages of evidence preserved, captured, copied, collated, reviewed and handled in eDiscovery only one is actually produced!
Find out more about eDiscovery.
Defensible Disposal is the process (manual or automated) of disposing of unneeded or valueless data in a way that will stand up in court as both reasonable and consistent. The process is vital for Information Governance as it keeps information within the organisation to a minimum and streamlines the eDiscovery process, while ensuring that there are no ‘nasty surprises’ lurking in long forgotten data within the organisation. Courts in most jurisdictions offer Safe Harbor for information that was deleted in good faith but the organisation has to be able to demonstrate that there were policies and procedures in place for the management and disposal of that information.
Learn more about Defensible Disposal.
Legal Hold is a process used by companies to preserve all forms of relevant information when litigation is reasonably anticipated. Information Governance ensures that this information can be quickly identified and then placed under Legal Hold. As importantly, it can also ensure that the information passes through its life cycle once the Legal Hold is released. Surveys show that many organisations without Information Governance in place often have information under Legal Hold even though the potential litigation event has long since expired.