The explosive growth of information is our era’s most significant defining characteristic. In this Age of Information, the amount of data, the uses for that data, the number of data sources and the routes it travels all grow at exponential rates. The growth creates new industries for defining, collecting, accessing, processing and curating information.
In such an environment, everybody recognizes the essence of Information Governance, but how to undertake this massive task is harder to grasp.
Today’s organizations experience explosive growth in the volume and variety of the data they collect, process and store. Unfortunately, many do not understand the types of data they handle and what value it has, which means they cannot use or maintain it properly. As a result, they fail to achieve the success level they would have if they kept proper management over the data.
Organizations can also suffer serious financial, legal and reputational consequences over poor data management. Information Governance helps to avoid a similar fate.
So, what is Information Governance (IG) and what role does it play in today’s business environment? This guide sheds some light on IG – an emerging data management area that focuses on business processes and compliance.
IG refers to a strategic approach to maximize the value of data and mitigate the risks associated with the creation, use and sharing of enterprise information. It recognizes the information as an organizational asset that requires high-level oversight and coordination to ensure accountability, protection, integrity and appropriate preservation of enterprise information.
IG aims to break down silos and avoid any fragmentation in information management, which ensures that it remains trustworthy and that organizations experience ROI in the processes, technology and people they use to manage information.
Information governance has many formal definitions, but Gartner’s is the most widely accepted. It defines IG as an accountability framework that ensures appropriate behavior in the creation, valuation, use, archiving, deletion and storage of information. It includes the standards and metrics, roles and policies, and the processes required to ensure effective and efficient information use and enable organizations to achieve their goals.
IG processes help manage the use of information records, such as customer information, employee records, medical records and intellectual property. Your company’s Information Governance professionals should work with your leadership and any other stakeholders in the creation of policies that specify how your employees should handle all corporate information assets.
The critical goals of Information Governance include the following:
To help you clearly define Information Governance goals and processes, you can develop frameworks to outline your organization’s approach formally. The framework outlines and answers who, what, where, when, how and why questions.
You should tailor your framework to fit your organization’s unique needs, but it should define the areas discussed below:
It is also vital to establish how organizations operate and share information with their partners, stakeholders and suppliers. Your framework should define the policies and procedures established for sharing information with third parties, how the Information Governance process influences contractual obligations and how you will determine whether your partners and third parties meet your IG goals.
What's more, your framework should clearly outline procedures in the event of data breaches, including how to report violations and information losses, disaster recovery processes, incident management specifics, business continuity strategies, and how you will audit these disaster recovery and business continuity processes.
Finally, your framework should outline your process of continuous monitoring. Include plans for quality assurance of information governance processes such as how you will monitor information access, measure regulatory compliance adherence, conduct risk assessments, maintain adequate security and review the IG program as a whole.
Many people, and organizations, consider Information Governance and data governance as the same thing. Although both are essential for companies to achieve their business objectives, and despite some overlap between them, they are not identical.
Information Governance gets organizations business value from their data assets. It’s the technologies and activities that organizations employ to maximize their information value while minimizing associated costs and risks.
On the other hand, data governance refers to the control of information at business-unit levels to ensure it is accurate and reliable. Its programs involve procedures to manage data usability, availability, integrity and security.
In short, data governance keeps rubbish from getting in, while information governance refers to the decisions you make in using data.
Here are some examples of the types of activities involved in both areas to help illustrate the differences.
Data governance is the responsibility of IT, but Information Governance has a broader scope. You can use IG to meet business and compliance needs concerning the use and retention of data, which makes it a strategic discipline that plays a significant part in your corporate governance.
Applying IG and data governance together can result in information management practices that help you deliver higher business value.
Information is a vital resource in any organization or business. Without it, business operations are not possible. Accordingly, companies make investments in processes, technology and people to ensure that information can support the enterprise.
Due to the significant investments associated with the creation, use, protection and sharing of information, organizations view it as a type of business asset, not unlike the equipment, buildings and financial resources needed to run the business.
Oversight and stewardship of resources or assets is the primary aim of any business governance. What’s more, just like any other asset, the information requires management to ensure that you address its value and associated risks responsibly.
Information Governance provides businesses with a disciplined approach to managing the risks and value associated with information.
Since IG is still an emerging field, numerous questions exist around its role in business processes. However, a properly implemented IG program allows organizations to do the following:
For example, due to the challenges that the healthcare industry is currently facing, with relation to changes in care, payment models, requirements to partner with others, new customer expectations, technology and increased regulation, Information Governance is now more critical than ever. It is the best way for healthcare and related organizations to ensure that their information is reliable and that they can trust it to meet all their diverse needs.
IG allows you to make decisions driven by the needs of your organization and not technology. It also eliminates accidental decision-makers (people who happen to possess data at a particular point during its cycle) because they tend to make decisions independently of other stakeholder needs.
To identify the best place to start your IG initiative, you need to figure out a way to support your organization’s strategic efforts with reliable information and data.
Organizations usually have a mission and vision that guides them along as they conduct business and develop strategies to help achieve their goals. Thus, taking a careful look at those business strategies and goals can give you a strong hint about where and how to start your IG initiative.
Since you cannot achieve any organizational goal without useful information, the best place to start your IG initiative is identifying a problem (pain point) with information that requires addressing, or even a business opportunity that reduces costs and enhances revenue.
Such strategic alignment means that you should put your IG needs as part of a broader strategy that will help achieve your organizational goals. Your goals can be extensive and varied, such as better management of space (real estate), expanding service offerings through the acquisition and integration of other businesses, creating new customer service protocols or reducing your costs.
Since IG is a set requirement of responsibility and rights to allow the suitable function of various information aspects, the provision of decision rights determines data ownership and who has the right to make decisions about it.
Therefore, by defining owners and decision-makers, you can assign responsibility and accountability to data decisions, which is probably an essential concept to implement when creating your IG policy. Accountability is vital since as data dependence grows, you can make business decisions by default, usually by selecting the easiest path and often in isolation from other considerations.
You should consider the following key areas when creating your Information Governance policy:
Usage policy: You can contain a lot of security risk using a well-defined usage policy that specifically details who can access data and under what circumstances.
Accountability: You should create a position such as Chief Data Officer or dedicate a department to the creation of standard policies to ensure that someone in your organization is responsible for data-handling policies.
Records Management: Large organizations could store up to 10 petabytes of information annually, which is costly. Using IG, you could save on storage costs by identifying and storing data that has value.
Compliance: Laws, business needs and regulations govern how you keep your information. After that, you should discard it as per an established lifecycle schedule base on legal, regulatory and business requirements.
Education: As with all other company policies, the training of your employees, partners and vendors about your IG program competes the circle.
Technology: A complete IG can also address IT governance. It can provide IT specialists with policies such as the creation of storage hierarchies or obtaining appropriately scaled access schemes.
As corporate data volumes grow and technological innovations continually expand business capabilities, regulations that put strict laws and mandates on the IG process have become the norm. This is true for data security and privacy since personally identifiable information (PIN) has recently become a massive target for nefarious online actors and hackers.
Privacy laws have started expanding globally, creating new information security governance obligations. Many industries have become subject to regulations requiring the retention of electronic communications and records for a minimum period. These regulations include directives from federal agencies such as the Department of Justice and Environmental Protection Agency or the Securities and Exchange Commission.
Regulatory reporting requirements also mandate organizations to provide a detailed annual account of compliance. A sound business records management process provides evidence to demonstrate compliance.
What’s more, compliance rules such as the Foreign Corrupt Practices Act, require organizations to attest the authenticity of their IG programs and records.
There exist numerous industry and government requirements related to data security, records management and data retention that can affect your IG strategy. Below are some of the essential laws that all organizations operating in the USA need to know.
Assessment tools such as the IG Maturity Model and the IG Reference Model help companies measure the progress of their Information Governance progress. The IG Reference Model provides corporations, industry associations, analyst firms and other interested parties a tool that allows them to communicate to and with stakeholders concerning processes, practices and responsibilities of their IG program.
On the other hand, the IG Maturity Model is based on ARMA’s eight Generally Accepted Recordkeeping Principles. The maturity model defines the characteristics of various recordkeeping program levels that range from substandard to transformational IG. The goal of organizations is to reach the top transformational level where IG strategies are integrated into the overall corporate infrastructure or business processes to help boost cost containment, client services and competitive advantage.
IG is a set requirement of responsibility and rights to allow the suitable function of various aspects of information that include creation, valuation, use, storage, deletion and archiving. To use data effectively, IG includes policies, purposes, processes and standards that help organizations achieve their goals.
Information Governance brings organizations significant benefit and value, especially as their data collection and stores grow and regulatory oversight increases. The development and implementation of a sound IG strategy help organizations ensure data availability, control costs, mitigate cyber risks and meet regulatory challenges. Get started today before your organization suffers a security breach, faces a lawsuit, fails an audit or suffers reputational damage.