In an information governance model, there are business-focused components and aspects, and there are technology-focused components and aspects. Information Governance isn’t just technology driven, nor is it solely business driven. It is a partnership between business and technology. Both must be present in the program.

The Business Side

Diving into the business side, the first major aspect to Information Governance are the stakeholders. There are many, many stakeholders to Information Governance, but mainly they belong to five specific categories (Business, Legal/Compliance, Records & Information Management, Privacy/Security, and IT), which may or may not cover all stakeholders to Information Governance.

The second major aspect on the business side are the business-focused components that bolster an Information Governance program and are critical to its success. These include Change Management, Communication, Organizational Learning and Training, Standards and Best Practices, Help Desk, and/or Frequently Asked Questions, and are all bolstered by a solid and (generally) iterative project management methodology.

The last major aspect on the business side is a process to call out the things that need to be defined and established at an organizational level to ensure ongoing success of the Information Governance program. This includes Metrics, Policies, Procedures, Rules, and Roles, all with an underlying accountability matrix.

The Technology Side

On the technology side, there are basically four components: (1) Information Access, which could also be thought of from the alternative risk-based perspective of Access Controls ensures that the right people have access to the right information at the right time; (2) the Information Lifecycle, which includes version controls available, retention policies, storage principles managed, legal holds, and eDiscovery processes available, and eventual disposal or archival. Throughout the lifecycle of information, there must be an application of search, as a function of access, and the application of information protections.

Continuing on with the technology side, (3) structures should be in place, including the Information Architecture, Taxonomy, and Metadata, which must be applied and available in the technology. In addition, Formats, Protocols, and the Technology Architecture should be in place.

Finally, (4) the applications and software used to apply information governance practices, will need to be considered, such as APIs, or Web Services, that connect together disparate systems because most organizations have multiple systems. infrastructure is used to connect those systems so Networks & Connectivity are appropriate for the organization’s needs are also a consideration. Underlying the infrastructure must be a particular focus on security.

Whatever model you use, it is important for every organization to consider an Information Governance Program for the life of its data.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jim Merrifield Jim Merrifield

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes…

Jim Merrifield is Robinson+Cole’s Director of Information Governance & Business Intake, a member of the Data Privacy + Cybersecurity Team, and a non-attorney contributor to the Data Privacy + Security Insider blog. He has spent nearly 20 years helping organizations of all sizes, including law firms and Fortune 500 companies, develop and implement practical information governance strategies, policies, and best practices. Jim is a well-respected expert in the information governance industry. With an extensive background in policy development and enforcement, enterprise program deployment, and technology solutions, he has earned a strong reputation as a knowledgeable practitioner and reliable consultant. His deep understanding of the space is reflected by his many publications, lectures, and consulting services for top-tier companies and law firms. Jim holds a bachelor degree in Legal Studies from Quinnipiac University and is a certified information governance professional (IGP).

Jim’s innovative thinking and commitment for the industry has enabled him to create the popular podcast, InfoGov Hot Seat, a platform for candid conversations featuring practitioners, consultants and solution providers – offering valuable perspectives to listeners about legal technology and managing information as an asset.