In an information governance model, there are business-focused components and aspects, and there are technology-focused components and aspects. Information Governance isn’t just technology driven, nor is it solely business driven. It is a partnership between business and technology. Both must be present in the program.

The Business Side

Diving into the business side, the first major aspect to Information Governance are the stakeholders. There are many, many stakeholders to Information Governance, but mainly they belong to five specific categories (Business, Legal/Compliance, Records & Information Management, Privacy/Security, and IT), which may or may not cover all stakeholders to Information Governance.

The second major aspect on the business side are the business-focused components that bolster an Information Governance program and are critical to its success. These include Change Management, Communication, Organizational Learning and Training, Standards and Best Practices, Help Desk, and/or Frequently Asked Questions, and are all bolstered by a solid and (generally) iterative project management methodology.

The last major aspect on the business side is a process to call out the things that need to be defined and established at an organizational level to ensure ongoing success of the Information Governance program. This includes Metrics, Policies, Procedures, Rules, and Roles, all with an underlying accountability matrix.

The Technology Side

On the technology side, there are basically four components: (1) Information Access, which could also be thought of from the alternative risk-based perspective of Access Controls ensures that the right people have access to the right information at the right time; (2) the Information Lifecycle, which includes version controls available, retention policies, storage principles managed, legal holds, and eDiscovery processes available, and eventual disposal or archival. Throughout the lifecycle of information, there must be an application of search, as a function of access, and the application of information protections.

Continuing on with the technology side, (3) structures should be in place, including the Information Architecture, Taxonomy, and Metadata, which must be applied and available in the technology. In addition, Formats, Protocols, and the Technology Architecture should be in place.

Finally, (4) the applications and software used to apply information governance practices, will need to be considered, such as APIs, or Web Services, that connect together disparate systems because most organizations have multiple systems. infrastructure is used to connect those systems so Networks & Connectivity are appropriate for the organization’s needs are also a consideration. Underlying the infrastructure must be a particular focus on security.

Whatever model you use, it is important for every organization to consider an Information Governance Program for the life of its data.