The value of information governance is obvious to many business and IT leaders. But like confronting an attic that is full of junk, the task of organizing and governing disorganized data can seem overwhelming. Maybe that’s why too many technology and business decision-makers put information governance on the back burner, there to be ignored until a crisis arises and there is a frantic push to find critical information quickly.
Like facing that attic, replacing chaos with order will require knowing what’s there. But perhaps more important, it will require knowing yourself – what you want to retain, why, how, and for how long. You will need to ask yourself:
Answering those questions will enable you to develop a policy framework that is tailored to your organization, encompassing records management, legal hold, disposition policy, retention, and archiving. A best practice is to use International Organization for Standardization (ISO) Standards as a guide for your framework. Another best practice: As you develop the framework, establish the KPIs for effective governance. Meeting them will be your goal during the implementation phase.
After you have discovered what data you have, where it is, what regulations you must meet, and what technologies (if any) you are using, the next step is to design an architecture for information governance. The architecture will be determined by several factors:
As you assess your organization’s information governance state, you might be surprised to find that organizational structure is part of the problem. For example, responsibility for records might lie with facilities management, an organizational holdover from the days when most information was stored in filing cabinets. Because of this structure, however, there may be little or no connection with IT operations. Making records management accountable to IT is an important step on the road to success.
Establishing who should own records management – and who should have input into the process – is essential. Usually, there are multiple stakeholders: IT, legal, accounting, sales, facilities, and HR. A best practice is to hold a workshop that includes all the stakeholders so that their views can be heard and their responsibilities spelled out.
Staffing is another area that deserves attention. One reason that clutter could have taken hold might have been that your organization was economizing on staff. You might need to invest in training to give your staff the expertise they need to take and retain control over data. Also consider that you might need to hire or contract for one or more positions, short- or long-term, to get information governance on the right track.
Once you have done your assessment, use it as the basis of your information governance strategy. Think of that strategy as a three-legged stool: one leg is the right policies, another is the right technologies. The third leg is the right culture, one that includes change management, the science of assigning responsibility, tracking progress, and achieving goals.
After you have laid out this strategy and begun implementation, your work is not done. Recurring compliance and maturity assessments are necessary measures for controlling risk and are best done using a methodology that generates a numeric score. Applying the same methodology repeatedly will enable you to track your progress over time. Is your numeric score improving, declining, or staying the same? You will find those scores to be valuable tools for self-knowledge as you travel the challenging journey of information governance.