A 10-Point Governance Action Plan to Manage Information Risk

How can you manage the RISK of growing volumes of content? Here's a 10-point action plan:

1. Look to your existing policies and seek to align your electronic records practices with those that you already have for physical records.

2. If you do not have an up-to-date Information Governance Policy that is supported across the enterprise, kick-off a project to create one. Do not consider this to be something for the records management or compliance departments: look to set up an information governance committee with representation from all areas of the business.

3. If you already have an Information Governance Policy, but it is not being enforced, determine ways to monitor compliance. Look particularly at the implementation of deletion for electronic records beyond their retention period, and see if this can be automated.

   

4. Ensure that new staff and existing staff are fully trained in compliance with the policy.

5. Your Information Governance Policy needs to evolve over time to include new media and new content types such as social content.

6. Raise the issue of the effect of managed retention on storage volumes. Ask the question, “What if we continue to do nothing?” Consider using automated agents to de-duplicate content and to reallocate metadata. This will assist with retention enforcement.

7. Look for automated classification capabilities in your existing systems or future purchases. These can make a big difference to user acceptability and to the accuracy of indexing.

8. In particular, consider using auto-classification to deal with your email archiving. Ensure you have clear policies in place, preferably ones that do not rely on individual actions.

9. Don’t wait until you need an e-discovery process – you may be given a short time limit. Have processes and mechanisms in place.

10. Take a look at the following AIIM training resources:

• Information Governance
• Electronic Records Management