The heightened state of information security in recent years has instigated genuine collaboration, in many organizations, amongst its professionals in IT, records, security, risk, compliance, and other stakeholders in business management. After the various perspectives are heard, the need is clear – an Information Governance (IG) strategy.
What is IG? Wikipedia roughly defines IG as a set of multi-disciplinary structures, policies, procedures, processes, and controls implemented to manage information at an enterprise level, supporting an organization’s immediate and future regulatory, legal, risk, and operational requirements. This definition resonates with me and broadly covers the range of information-related concerns facing virtually all businesses today.
How do I move IG forward in my organization?
- Establish a steering committee. An effective IG program requires perspective, steering, and ultimately enforcement by a wide range of stakeholders such as the CEO, CIO, chief legal counsel, risk officer, compliance officer, and a variety of line-of-business executives.
- Communicate goals and objectives. While many of the objectives will relate to security, privacy, risk, and compliance, clearly stated goals that speak to operational efficiency, knowledge management benefits, reducing IT infrastructure costs, and more effective utilization of staff resources will more easily win the support of executive management and the organization as a whole.
- Formalize a policy. Keep the policy document as short and easy to digest as possible. The document will cover key policies, such as information security, privacy, legal compliance, records and information management. There is a real opportunity to include policies regarding document organization and naming standards, knowledge management, accuracy and completeness, and other information quality benefits. Roles will also be formalized in the policy document and appropriate authorities granted to support enforcement.
- Rollout and ongoing education. Key to the success of an IG program is enterprise-wide adoption. The rollout needs to touch just about everyone in the organization and ongoing training is a must to achieve stated goals and objectives.
Establishing an effective Information Governance program is no small task and this writing barely touches the iceberg. On the other hand, getting to a set of shared goals and objectives and realizing the benefits, from a risk mitigation and operational effectiveness perspective, is the first big step toward a successful implementation.