I attended the annual ARMA International Conference last week in Las Vegas. As you may have guessed the talk of the conference centered on Information Governance. There were plenty of educational sessions, software solutions, and industry experts which helped spread the word on information governance. So, I decided to ask about a dozen people to define information governance. And to my surprise only two out of twelve persons wanted to answer that question. This was very puzzling to me, especially when information governance is the prominent theme in the ARMA world today. Records Information Management (RIM) professionals are in the ideal position to help organizations embrace information governance, it should be every RIM professionals “sweet spot”. We as RIM professionals must have a clear understanding of what information governance is, so we can help our organizations manage its information. We all know the Gartner definition of information governance:
“Gartner defines information governance as the specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.”
Let’s focus on one aspect of this definition, “information”. It basically says that organizations are responsible for managing and controlling its information throughout its lifecycle. Information Governance is more than just a new “buzz” word for records management. Good governance requires good record keeping. However, records management is only the foundation and a starting point. Information is stored everywhere and it needs to be controlled and managed. It’s not enough to manage just “records”, organizations must manage all its information regardless of where it is stored, regardless of medium and whether it is a records or not.
Information Governance is a strategic discipline that requires RIM professionals to think outside the box and expand their thinking beyond just managing records. A truly holistic and comprehensive view is needed.
By Embracing Information Governance, RIM professionals will help their organizations in the following four (4) ways:
- Manage information risk and ensure compliance with business requirements.
- Develop an IG strategic plan and framework that works
- Gain control of information and optimize its value
- Reduce cost by disposing of information when it’s no longer needed
Let’s briefly discuss each of these one at a time…
Manage information risk and ensure compliance with business requirements
In order to manage your information risk, you need to know which legal and regulatory requirements effect your organization. Every organization is different, no two are the same. Why not schedule a meeting with your head of legal and other key stakeholders to identify which laws and regulations apply to your organization. You also may want to conduct some research on your own to see how other organizations in your specific industry are managing information and then benchmark those findings against your organization. See how you stack up! After you have had those meetings with head of legal and other key stakeholders, you are not done. An internal risk and compliance assessment tool needs to be developed to ensure on-going compliance.
Develop an IG strategic plan and framework that works
Here is where obtaining executive sponsorship is key. You don’t have to create your IG plan and framework by yourself. In fact, if you try to, it won’t work. Use the key stakeholders from legal, IT, risk and compliance, who were involved in helping you analyze your organizations risk profile. Keep them involved and in the loop! If you do, then your IG plan and framework will be customized to meet your own unique goals and fit into your corporate culture.
Gain Control of Information and Optimize its Value
People want access to their information when they need it. If they can’t find the information they need, you are not doing your job. What can help? One way to control your organizations information is to set restrictions or privacy parameters on who can gain access to specific information in your organization. A chain of custody procedure must be developed, so you know where your information is at every point in its lifecycle.
Reduce cost by disposing of information when it’s no longer needed
What organization doesn’t want to reduce cost? The simple fact is that the more information you have, the more $$$ it is costing your organization. An automated and defensible disposition process needs to be developed to get rid of information you no longer are required to keep. That’s right, it’s OK to let go of your information.
If you would like to take a deeper dive into any of the topics discussed, please feel free to ping me at firstname.lastname@example.org or (646) 584-7687.
Jim Merrifield, Director of Information Governance at FileTrail, Inc.