Information Governance: How Exactly do you Govern Everything?
Summary
We share the most effective approach to information governance from our experience.
Read time: 11 minutes
Information can be thought of as the resolution of uncertainty…The concept of information has different meanings in different contexts. Thus, the concept becomes related to notions of constraint, communication, control, data, form, education, knowledge, meaning, understanding, mental stimuli, pattern, perception, representation, and entropy. —Wikipedia (emphasis added)
Governance: the way in which an organization is managed at the highest level, and the systems for doing this. —Cambridge Dictionary (business English)
It has been some time since the land, labor, capital triumvirate was displaced by information as the defining asset of business. In fact, Information (aka, data) has become so valuable an asset that there are concerns regarding emerging “data monopolies” and a “data industrial complex." Anti-trust actions to regulate control of information have even become a possibility, similar to those anti-trust actions that regulated control of physical assets in the early 20th century.
As Apple Senior Vice President of Software Engineering, Craig Federighi opined (in the context of data privacy): Businesses “sell and hoard as much of your personal information as they can. The result is a data-industrial complex, where shadowy actors work to infiltrate the most intimate parts of your life and exploit whatever they can find.” (Lomas, 2020). The value of data is such that businesses don’t merely collect data, they “hoard” it.
The same is true of non-personal data (structured, unstructured, soft, and hardcopy). And as those in records management, risk and compliance, cybersecurity, and eDiscovery are all too aware, data (and the inclination to hoard it) is an asset that can come back to bite you.
Triggers
In Ricoh’s experience, companies (from SMBs to the largest multinationals) that have successfully implemented information governance programs have done so as a reaction to a set of circumstances. Not executive edict. Not top-down.
Sometimes the cause may be as simple as an office relocation that presented an opportunity to clean up. Infrastructure-focused changes, like a planned migration to a new system, may prompt the effort. Other triggers can include a cloud migration and strategy or a paper-to-digital project that began in response to employees now working from home or other distributed workforce challenges.
Examples include:
Becoming compliant with the GDPR, CCPA/CPRA.
Discovery issues or DSAR response challenges.
Becoming compliant with new regulations.
A merger, acquisition, or divestiture.
A data breach, misuse of PII, or exposure.
In short, any one of these events can be a trigger that surfaces systemic challenges and presents an opportunity to improve the organization's information governance maturity.
This “bottom-up” approach to information governance – working from the perspective of the individual challenge as starting point and analyzing root causes – attacks information governance in strides rather than attempting the leaps and bounds so often stymied by budget and resource constraints.
Immediate needs determine the priorities with this approach, which comes with benefits. For example, it mitigates risks (whether compliance and legal-related or competitive risks to the business). When structured well, it also delivers sustainable value.The alternative – approaching "information governance" holistically as a single project – has too many inherent risks of failure, not the least of which is the failure to launch.Tackling information governance as a singular unified object would be nothing short of quixotic.
Information governance maturity assessment survey
Take this quick information governance maturity assessment survey to see your current state, and what you can do to achieve long-term success.
Establishing a Governing Framework
At a top-level, our 4S IG Framework – Strategy, Structure, Systems, and Skills — positions organizations for excellent project outcomes and the ability to take on more complex long-term information governance programs. The 4S IG Framework is structured to engender insights, leverage the firm's culture, align with organizational structure and resources, and deploy technology and processes to their best effect.This framework helps organizations:
Develop useful information governance strategies that align with corporate vision and better assess priorities;
Provide a means for choosing committee members, executive sponsors, and organize stakeholder involvement;
Ensure appropriately skilled resources are available; and,
Deploy communications about awareness, education, and training programs.
See how we can help
View the serviceRecommended for you
Ricoh helps law firm drive digital transformation
See how Ricoh listened, understood and worked with a law firm to gain insight to help them transform paper processes into a digitized workflow.
Webinar: Information security 2021
Expert information security leaders discuss ways to navigate the information security risks and opportunities presented in 2021.
A 5 step information governance plan
An information governance plan doesn't need to be complex. In this guide, we show how you can start your Information Governance program in 5 Steps.