A Contract Manager and an Information Professional Walked Into a Bar...

....and it turns out they had a lot more in common than either of them expected.

Did you know that Deadpool & Wolverine (2024) is the highest-grossing R-rated film of all time, pulling in over $1.33 billion worldwide? There is something magical about what happens when two beloved characters from different worlds finally share the screen. As it turns out, the same principle applies to different, but related practices.

On May 14, AIIM and the National Contract Management Association (NCMA) co-hosted a free webinar called Better Together: Building Understanding Between Contract Management and Information Governance. In my previous post, I made the case for why these two disciplines need to work more closely together. This post is about what happened when they actually did.

A Federal Acquisition Overhaul

Michelle Currier, Chief Learning Officer at NCMA and a 46-year veteran of federal contracting, opened the session with something most information management professionals probably weren't tracking: Executive Order 14275, which is driving a sweeping overhaul of the Federal Acquisition Regulation (FAR). This matters beyond the contract management community because the U.S. federal government is widely considered the single largest buyer in the world, spending more than $760 billion on products and services each year, and changes to how it contracts have ripple effects across industries, supply chains, and the organizations that serve federal customers.

Currier noted that the overhaul is oriented less around compliance as a primary driver, but she was also clear that in federal contracting, compliance doesn't go away. It just has to live somewhere, and that somewhere is usually the information governance function.

Where Litigation Comes From: A View from Legal Services

Susan Gleason, Head of Information Governance at Withers Bergman LLP and a member of the AIIM Board of Directors, brought a perspective grounded in years of work in legal services. Her observation was straightforward and a little sobering: most litigation traces back to disputes about contracts, specifically about terms, obligations, timelines, and who agreed to what and when.

During the session, Gleason walked through specific contract clauses that introduce compliance requirements that can't be met without active involvement from information governance teams. One example she shared was a standard data retention and destruction clause:

"Upon termination of this Agreement, or upon request by the Company, the Vendor shall, within thirty (30) days, securely return or destroy all Personal Data in its possession."

That clause looks straightforward until you try to execute it. A 30-day destruction window can conflict with legal hold requirements triggered by active litigation or ongoing investigations, as well as with statutory retention mandates under tax law, employment law, or sector-specific regulations. It also raises questions about what "securely destroy" actually requires, who verifies it happened, and whether the destruction schedule was documented. None of those questions have easy answers without an information governance professional in the room, and yet contracts like this get signed every day without anyone from IG ever seeing them.

The AI Disclosure Problem Nobody's Ready For

Gleason also flagged a newer category of contract clause that is creating compliance headaches for both contract managers and information professionals: provisions requiring disclosure of AI use. These clauses are becoming more common, and they're harder to comply with than they appear.

Most employees, when asked whether they're using AI, think about tools like ChatGPT and don't consider Siri, Google Maps, or the chess app on their phone, all of which could reasonably be considered AI use under a broadly written disclosure clause. When employers aren't fully aware of what AI tools are in use across their organizations, and many aren't, meeting that disclosure requirement becomes genuinely complicated. This is one of those areas where the information governance team's familiarity with data flows, technology inventories, and policy frameworks becomes directly relevant to contract compliance, and where the two disciplines have to figure out how to work together in real time on a problem that didn't exist a few years ago.

Compliance Is Not Optional, and the Stakes Are High

Currier was direct on the question of compliance: "Both parties are agreeing to compliance clauses when the agreement is finalized." In federal contracting specifically, she recommended paying close attention to compliance requirements and engaging information professionals early, because if a compliance issue arises, the federal government has the right to request that you produce information and data.

She also raised the stakes further on data privacy, noting that in situations involving serious data breaches, the federal government may have the right to take proprietary software and share it with the market in order to prevent future incidents. That's an extreme outcome, but it's a real one, and it illustrates why treating information governance as unnecessary is particularly risky. 

Gleason's take on the cost of inaction was equally direct: "Make sure you are doing the right thing the first time because it will save you time and money down the line."

The Thing That Surprised Me: We Have the Same Problem

One of the more interesting moments in the conversation was discovering that contract management and information governance share a common frustration. In contract management, as Currier put it, "no one wants to make time for acquisition planning." Acquisition plans are formal, comprehensive documents that provide federal contracts and projects with a roadmap for the efficient and effective use of resources, and they are consistently treated as a bureaucratic hurdle to get past on the way to the part everyone actually wants to do. As NCMA Fellow Al Muñoz put it, "Planning is just a preliminary step before getting to the good part of the acquisition process, award and execution."

If you work in information governance, you have heard this exact sentiment expressed about governance frameworks, retention schedules, and information architecture. The work that prevents problems is rarely the work that gets celebrated, in either discipline.

However, both acquisition planning and information governance make the actual work more successful precisely because they provide clarity and guardrails before things get complicated. They share the same core logic, in that decisions about ownership, classification, compliance, and lifecycle have to be made deliberately rather than reactively. The difference is mostly one of timing, since acquisition planning front-loads most of that thinking before a contract is awarded, while information governance applies it continuously across the entire life of the data, from creation to disposal. Neither is bureaucracy for its own sake, and both exist because the alternative, making it up as you go, consistently produces worse outcomes.

AIIM Board Chair Jason Cassidy is fond of saying that information professionals help organizations "move fast and break less." That framing applies just as well to acquisition planning, because the goal isn't to slow things down but to make sure that when you move fast, you're not leaving a trail of compliance problems, data risks, and avoidable disputes behind you.

We Are All in It Together

Near the end of the conversation, Currier and Gleason reflected on what they'd learned from each other.

Currier's observation landed simply and honestly: "I didn't realize how important information governance is in my world, awarding contracts. We are all in it together." Gleason agreed: "We are part of the team and should be part of conversations as you develop and execute contract requirements."

That's a pretty good summary of what the webinar was trying to accomplish. AIIM's members don't work in a vacuum. They work alongside legal, compliance, procurement, IT, and contract management colleagues, and the friction that exists between those functions is real and costly. If AIIM and NCMA can help reduce that friction by creating shared language and shared understanding, that's a genuinely useful thing to do with a Wednesday afternoon. We are already talking with NCMA about what comes next. If you have thoughts on what would be most useful, we'd love to hear from you.

As it turns out, crossovers aren't just popular at the movies. They also make a lot of sense in procurement and contract management. Now, the big question is: among contract managers and information managers, who is Deadpool and who is Wolverine?