Written with assistance from Ronke' Ekwensi
The whole is more than the sum of its parts: That’s Information Governance. Like a jigsaw puzzle, the pieces are
fragmentary, but they combine to create a whole, and sometimes beautiful,
picture.
But what is Information Governance? The term has been bandied about to the point
where confusion reigns:
·
A technologist may say it is data governance or
content management
·
An attorney may equate it with eDiscovery or
defensible disposition
·
A Records specialist will frequently define it
as best records practices, using Generally Accepted Recordkeeping Principles
Each definition contains a sliver of truth, but none
encompasses the meaning. Information
Governance is all of these things and more.
In its most useful form, however, IG is not a thing. It is not a technology, a policy, a process,
or a tactic.
In its essence, Information Governance is the integrative
effectiveness varied stakeholders create when they cooperatively process
information and share resources for the good of their organization.
A single area of interest does not need governance. Governance means a structure and defines
relationships. IT, Legal, Records,
Privacy, Security, Compliance Finance, Audit and other areas can manage their information
alone. An enterprise requires
Information Governance to harness the power contained in its information
throughout these departments. This
applies to documents, system data, reports, Tweets, and any other kind of information
created. The power IG harnesses is
directly proportional to the harmony and efficiency between the departments.
Information Governance takes a holistic view. It is not a function of IT, Legal, or any
other group. IG considers the needs and
resources of each stakeholder, drawing out high function and high
productivity. In doing so, IG roots out
redundancy – duplicated and conflicting technologies, processes, policies and
efforts. It reveals gaps and
vulnerabilities. The result is a synergy
that is more effective and productive than was possible with
independently-acting entities and silos of information. The whole is more than the sum of its
parts.
[SIDEBAR]
Why is Information
Governance’s Importance Significant-to-Critical?
Organizations need to extract value from their data and
protect it.
Key groups need quick access to their information– without
being distracted by useless data – but many lack the expertise to make that
happen. This is not surprising. Specialists in finance, operations,
compliance, legal matters, and others are highly trained in their
disciplines. However, their training
rarely includes information technology, managing Big Data, and system
optimization.
Conversely, technology specialists rarely train on the
intricacies of law, compliance and privacy.
Some organizations lack adequate security expertise to counter outside
hacking and internal pilfering of proprietary data.
Even when all needed skills exist within an enterprise;
rarely do they fit together hand-in-glove.
Consequently, the expertise applies to only parts of an organization,
and it may be duplicated in disparate parts.
Information Governance improves this fragmentation. Its systematic approach includes all appropriate
departments. IG considers each area’s
unique needs while finding common solutions.
This comprehensive, holistic approach improves data use, management, and
security across the information stakeholders.
For the enterprise, it brings coordination and efficiency,
extracting more value from the data while prescribing adequate security and
privacy measures. That’s why it is often
critically important.
[END SIDEBAR]
Steps to IG
Unfortunately, there are obstacles to this success, and they
come in many forms. Common ones include:
- Technical limitations: Existing systems and networks may not have the capacity, capabilities, or interoperability to work with information from the array of stakeholders
- Perceptual limitations: Non-technical stakeholders – such as many attorneys and records managers – may not understand the technical limitations and/or capabilities
- Inconsistent policies: Different stakeholders may work under different sets of rules
- Ucommitted leadership: Without strong sponsorship from an organization’s leader(s) the traditions of isolation and separate interests are unlikely to wane
- Evolving regulations, especially for privacy and security: Policy refreshment may not keep up with new rules, especially when they apply to old data
- Vocabulary: Different groups often have different words for the same thing. Alternately, one word can mean something different to different stakeholders.
Given these obstacles, it is no wonder that Information
Governance requires special vision and special skills. It is neither for the weak nor the
faint-of-heart. It requires commitment,
resources, and expertise. It’s an
important goal with huge rewards, but no one ever said it was easy.
Fortunately, there are proven methods for implementing
Information Governance. These methods
invoke guidelines, processes, and strategies.
They are flexible and scalable.
Because no two organizations’ information needs are the same, no two
applications of these methods are the same.
The ways to implement Information Governance are as varied as the
organizations that seek the challenges and claim the rewards. These methods, however, are sound and when
applied, they greatly benefit the organization and reward the effort.
Building IG
The first step is to perform a Current-State Assessment:
- How big is the organization’s universe?
- How functional is it?
- What works and what doesn’t?
- What are the communication channels, and how well do they work together?
- What resources are available, including technical, monetary, and human?
- From where does the motivation to change come?
- What is the pain point or trigger event?
A data map is helpful here, as is an inventory of
systems. A Current-State Assessment
identifies whether there is a high-ranking IG champion in the
organization. Similarly, commitment of
the stakeholders needs measuring. Are
there any stonewallers who absolutely refuse attempts at change?
A Current-State
Assessment may also consider an organization’s ability to address outside
concerns. Is the entity competitive in
the marketplace? Does it extract top
value from its data? Is it compliant
with regulations? Does it defend against intrusions and theft?
Step Two: Define the
desired state.
- What is the best possible outcome?
- What would functional Information Governance look like in the organization?
- ho would participate, and who would be left behind?
- Is there a cutoff date for implementation?
- If so, how much integration can be accomplished in a well-defined time period?
- How does IG contribute to enterprise objectives?
A tightly articulated “Desired State”
description is essential for many reasons; not the least of which is to see
whether there will be a positive Return on Investment. It also defines “done”: the completion of
initial IG.
Having established these bookends, it is time for a Project
Plan. The principles of Project
Management are well established and effective.
They are applicable to implementing Information Governance.
However, Project Management is an art as well as a science,
and IG projects lean more toward the former than, say, hardware selection and
installation. By definition, creating IG
depends on coordinating groups with wide variety. Some groups may even oscillate or mutate in
process.
This is why the IG Project Manager must be specialized or
have specialized resources on the team, such as a certified Information
Governance Professional. Even choosing a
solution model is very different from, say, a software or system
implementation. The IG leader applies
models to develop specific, sequential tactics that move an organization from
conception to completion. There is no
magic. An IG project uses realistic,
step-by-step tactics to reach the goal.
The Project Management team must be adept at communication. It must speak to each stakeholder in its own
language, no easy task. For example, the
word “archive” means different things to different groups.
·
For technologists, it often means storing large
quantities of data, usually in a format that does not require frequent or rapid
access. It may be long- or short-term
storage.
·
For records managers, “archive” refers to a
small number of records organized effectively and preserved securely, for a
very long time.
·
Attorneys may consider an “archive” to be the reference
library of legal matters or cases.
The team managing an IG implementation will be most effective when the
members use vocabulary appropriately for each group. Alternately, the stakeholders may agree to an
IG glossary to facilitate communication.
Project Models
Remember, Information Governance occurs between groups. Within a single entity, it may be called
Case/Matter Management, Cybersecurity, Records Management or Data Optimization. But organizing groups into a mutually
enhancing coalition is different. Because
enterprises vary so widely in their structure, history, strengths, and
weaknesses, there are no two identical solutions. Part of the “art”, mentioned above, is
matching the right solution model to the organization.
Of the five current process models detailed below, one fills an
organization’s need for Information Governance best. In most cases, the others will come into
play, but the most potent takes the lead and guides the project.
Structure Model:
In some organizations, the stakeholders in IG are islands unto
themselves. This may be a function of
history (such as acquisitions where no unity has ever existed.) It may also be a leadership choice or a sign
of departmental self-sufficiency. In any
case, the entities that need to work together for IG may have no historical
contact, context, or lines of communication.
There may be no extant motivation for cooperation. In cases like these, a governance structure
is an effective model.
Here, an effective structure starts with an executive champion. This must be someone of influence who is able
to offer “carrots” to the constituents and, also, wield a “big stick” --
rewards and penalties. An accountable
power must compel reluctant departments to participate in IG, and that usually
requires incentives and consequences.
The executive champion communicates the requirements of IG to the leader
of each stakeholder group. These leaders
form a high-level steering committee to find policies and strategies that will
allow the groups they represent to work together for the benefit of the entire
organization. Each stakeholder leader
appoints functional leaders to meet as a group tasked with identifying needs,
finding synergies, and implementing a program.
Policy Model:
In some organizations, there are no functional obstacles to stakeholder
cooperation. However, there is little
similarity in their policies, or, the policies themselves restrict sharing and
interoperability. In situations like
these, IG emerges when the constituents hammer out policies that apply to and
work for all groups.
For example, stakeholders may have vastly different policies on back-up
information. Legal may keep everything,
forever. Records may diligently practice
quick disposal of backup information. IT
may practice Hierarchical Storage Management for backup media. In all likelihood, there is a single policy
appropriate for the enterprise that meets the operational, legal, regulatory,
and other needs. Adoption of that policy
removes a major barrier to synergistic cooperation.
Technology Model:
In organizations were structure, policy, effective processes, and the
will to change are all in place – admittedly, a rare occurrence – the greatest gains
come from improved technology. Hardware
and software developers offer profound, and sometimes ingenious, tools for
automating the tasks of information management.
IG leaders bear the responsibility of meticulously defining the
inefficient situations that beg for automation.
Definition in hand, they procure tools that will improve processes,
reduce duplication, and enable synergies, cost-effectively.
This procurement requires expertise and understanding, but when a
solution is optimally matched to a problematic situation, superb consequences
emerge. Part of Information Governance
is the ability to understand the technological limitations that hinder each IG
stakeholder. Addressing, balancing and
synthesizing those needs reveal the qualities of a technology solution that
will serve all.
A side benefit is that implementing an enterprise solution for shared
needs is generally more cost-effective than using a variety of departmental
solutions.
Process Model:
Where a workable, hierarchical organizational structure is in place, the
proper automation tools are assembled, the policies are harmonized, and the
will to change is strong, the best way to effect IG is by optimizing processes
so, as much as possible, they all work together. The goal is synchronicity that reduces
delays, translations, and duplication.
It takes an IG structure and policy to make interoperability and
coordination a long-term goal of an organization. An IG program does not create instant
information exchange between disparate departmental systems. However, as departments evolve, guided by a
unified enterprise policy that accentuates Information Governance, improvements
incrementally emerge.
Change Management Model:
The balance between the art and science of Information Governance tilts
most heavily toward perception when addressing the behaviors that effect IG
efforts. Acceptance and resistance to
change vary widely among enterprises and between department groups. For example, some groups embrace new
technology because it eases their burden and improves production. Others feel that the effort to change
outweighs the potential benefit. This is
not unfounded, as technology solutions have a history of promising more than
they can deliver, while requiring exceptional effort from the end users.
Similarly, resistance to change may be built on the observation that
automation brings job loss. Those
perceiving threat may make gathering the statistics necessary for IG
difficult.
Politics plays a major role as well, as in all human endeavors. Bureaucrats who have established a hegemony,
with themselves at the top, may perceive a threat in sharing, cooperating, and
seeking synergies.
In calcified or resistant entities, change management may be the best
lead tactic to charting an Information Governance program. The form the change management takes is
unique to each organization, but promoting the will to change and improve
throughout each stakeholder/constituent is essential.
Getting Started
Ideally, Information Governance is an enterprise-wide program; that’s
where the best benefits emerge. Some
businesses will appoint a Chief Information Governance Officer to implement IG
throughout.
However, benefits accrue wherever two or more groups find synergies
together. Even a single department with
contrasting internal groups can use the IG principles for major gains. In fact, such examples can inspire larger
organizations to seek the gains of IG.
When enterprise-wide IG is not achievable, a subset of stakeholders can
nonetheless benefit.
For example, at a major, international pharmaceutical manufacturer, the
Legal, IT, and Records departments worked to establish a common approach to
backing up information. This resulted in
the defensible disposition of decades of legacy backup tapes. It also established a new policy that backup
was for disaster recovery only: every time a new backup tape was recorded,
there was no need to keep the previous one.
All the vital information was current, preserved, and available.
That
policy would not work for all organizations, but in this example, it
significantly reduced risk and cut many dollars from the storage budget. It also set the basis for cooperation and the
means of communication to find other synergistic efficiencies. The leaders of the three groups had laid the
foundation for a larger IG program.