business woman standing in front of a group of business people

Information Governance: How Exactly do you Govern Everything?

Summary

We share the most effective approach to information governance from our experience.

Read time: 11 minutes

Information can be thought of as the resolution of uncertainty…The concept of information has different meanings in different contexts. Thus, the concept becomes related to notions of constraint, communication, control, data, form, education, knowledge, meaning, understanding, mental stimuli, pattern, perception, representation, and entropy. —Wikipedia (emphasis added)

Governance: the way in which an organization is managed at the highest level, and the systems for doing this. —Cambridge Dictionary (business English)

It has been some time since the land, labor, capital triumvirate was displaced by information as the defining asset of business. In fact, Information (aka, data) has become so valuable an asset that there are concerns regarding emerging “data monopolies” and a “data industrial complex." Anti-trust actions to regulate control of information have even become a possibility, similar to those anti-trust actions that regulated control of physical assets in the early 20th century.

As Apple Senior Vice President of Software Engineering, Craig Federighi opined (in the context of data privacy):  Businesses “sell and hoard as much of your personal information as they can. The result is a data-industrial complex, where shadowy actors work to infiltrate the most intimate parts of your life and exploit whatever they can find.” (Lomas, 2020). The value of data is such that businesses don’t merely collect data, they “hoard” it.

The same is true of non-personal data (structured, unstructured, soft, and hardcopy). And as those in records management, risk and compliance, cybersecurity, and eDiscovery are all too aware, data (and the inclination to hoard it) is an asset that can come back to bite you.

Triggers

In Ricoh’s experience, companies (from SMBs to the largest multinationals) that have successfully implemented information governance programs have done so as a reaction to a set of circumstances. Not executive edict. Not top-down.

Sometimes the cause may be as simple as an office relocation that presented an opportunity to clean up. Infrastructure-focused changes, like a planned migration to a new system, may prompt the effort. Other triggers can include a cloud migration and strategy or a paper-to-digital project that began in response to employees now working from home or other distributed workforce challenges.

Examples include:

  • Becoming compliant with the GDPR, CCPA/CPRA.

  • Discovery issues or DSAR response challenges.

  • Becoming compliant with new regulations.

  • A merger, acquisition, or divestiture.

  • A data breach, misuse of PII, or exposure.

In short, any one of these events can be a trigger that surfaces systemic challenges and presents an opportunity to improve the organization's information governance maturity.

This “bottom-up” approach to information governance – working from the perspective of the individual challenge as starting point and analyzing root causes – attacks information governance in strides rather than attempting the leaps and bounds so often stymied by budget and resource constraints.

Immediate needs determine the priorities with this approach, which comes with benefits. For example, it mitigates risks (whether compliance and legal-related or competitive risks to the business). When structured well, it also delivers sustainable value.The alternative – approaching "information governance" holistically as a single project – has too many inherent risks of failure, not the least of which is the failure to launch.Tackling information governance as a singular unified object would be nothing short of quixotic.

Govern information well, and you extract more value. Mismanage, and you extract more risk.

Information governance maturity assessment survey

Take this quick information governance maturity assessment survey to see your current state, and what you can do to achieve long-term success.

Start the survey

The most effective strategy approaches information governance as multiple workstreams – prioritized by an organization's most pressing need or opportune circumstance.

Establishing a Governing Framework

At a top-level, our 4S IG Framework – Strategy, Structure, Systems, and Skills — positions organizations for excellent project outcomes and the ability to take on more complex long-term information governance programs. The 4S IG Framework is structured to engender insights, leverage the firm's culture, align with organizational structure and resources, and deploy technology and processes to their best effect.This framework helps organizations:

  • Develop useful information governance strategies that align with corporate vision and better assess priorities; 

  • Provide a means for choosing committee members, executive sponsors, and organize stakeholder involvement; 

  • Ensure appropriately skilled resources are available; and,

  • Deploy communications about awareness, education, and training programs.

See how we can help

Learn about our information governance services.

View the service

Recommended for you

Ricoh helps law firm drive digital transformation
Ricoh helps law firm drive digital transformationCase Studies

Ricoh helps law firm drive digital transformation

See how Ricoh listened, understood and worked with a law firm to gain insight to help them transform paper processes into a digitized workflow.

Webinar: Information security 2021
Webinar: Information security 2021Webinars

Webinar: Information security 2021

Expert information security leaders discuss ways to navigate the information security risks and opportunities presented in 2021.

A 5 step information governance plan
A 5 step information governance planEBook

A 5 step information governance plan

An information governance plan doesn't need to be complex. In this guide, we show how you can start your Information Governance program in 5 Steps.