How to Dominate the Domains of the CIP - Domain 4: Automating Governance and Compliance
Welcome back to this continuing series on the updated Certified Information Professional (CIP) exam. In this post, I'll be focusing on Domain 4, Automating Governance and Compliance. You can also refer back to the posts for Domain 1: Creating and Capturing Information, Domain 2: Extracting Intelligence from Information, and Domain 3: Digitalizing Core Business Processes.
This domain is important because it focuses on the compliance and risk side of information management. While the primary focus of intelligent information management is on enabling and supporting business goals and objectives, it's still important to safeguard information to minimize risk and liability. The challenge here is that all the policies and procedures you can imagine won't help if they aren't implemented and followed. Here, particularly in the case of records management, users aren't records managers and don't want to be - they want to focus on their main job responsibilities. In addition, they aren't trained to do these types of tasks. So, the better approach by far is to streamline and automate them so that they are relatively transparent to users.
This is also the single biggest domain on the CIP exam - and looking at the contents, it's no wonder.
Domain 4: Automating Governance and Compliance
- Information Governance (IG): IG is the strategy that all the other information management disciplines and tactics support. But this strategy still needs to align to and support the overall business strategy. It starts with assessing the existing IG program (if one exists) in the overall context of the organization, developing an IG strategy, and then building or optimizing IG practices to promote effective information management practices.
- Records Management: For most organizations, only a small percentage of information needs to be formally managed as records. But those are their most important information assets because they document strategies, decisions, and financial and legal liabilities. Information professionals should know how to determine whether something is a record and how to manage them throughout the information lifecycle, including how to disposition them at the end of that lifecycle.
- Information Security: Information professionals play a key role in balancing security and business requirements and need to know how common information security practices can impact effective information management. This means understanding tools like roles-based access, redaction, and encryption, and when and how to use them effectively.
- Privacy and Data Protection: It seems like every day brings news of another data breach. But data breaches are almost always preventable. At the same time, regulations around the globe are forcing organizations to understand what constitutes personal data and how to protect and manage it appropriately. Organizations that leverage the principles of Privacy by Design, that follow effective information lifecycle management practices, and that collect only what they need for only as long as they need it will be much less likely to suffer breaches and the attendant costs - in both money and trust.
- Digital Preservation: Information has to be managed throughout its lifecycle; for some types of information, this lifecycle can be measured in decades, centuries, or...longer. Organizations need to understand what they have, where the risks are, and take appropriate actions to ensure they can access information as long as the business requires.
By the end of this domain, you should have a solid understanding of how to develop and implement an information governance framework and program, how to manage information effectively and securely throughout the information lifecycle, and how to ensure long-term access to digital information. In the last post in this series, I'll review Domain 5, Implementing an Information Management Solution.