Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

How to Rescue Your Information Governance Program

Information governance has been around for a while now, however, having a sophisticated and enterprise-wide information governance program has only fairly recently become a hot topic among executives.

Many organizations have put a program in place, but how effective has it been at governing information and minimizing risk? Let's review some key pieces of a successful information governance program and ensure yours is solid.

Review and Inspection

Just like any other business initiative, critical review and analysis is important to reveal any weak points in your information governance program. This will require bringing together directors from the required business units. Consider also including business units that were not a part of the initial initiative as their exclusion could have led to some of your challenges.

From there, the main goal of this phase is to inspect how data is created, moves through its lifecycle and is ultimately disposed (or not!). Make sure to keep in mind user workflow, differences in department needs and systems, and security concerns. What we are looking for here are not only inefficiencies but also potential compliance violations and the behavior that led to them.

This period of review could be quite complex depending on the size of the organization but it is the necessary groundwork for an overarching information governance program. Jumping too quickly to make changes without some data behind them is a recipe for certain disaster.

 
Read More: 5 Ways to Engage Internal Information Governance Program Stakeholders

Common Best Practices

 

After the review is complete, hopefully you and your team have uncovered some common best practices that have been working. These will be the cornerstones on which the rebuilding will take place. Successful processes should be rolled out to all departments. If necessary, this is a great time for cross-department training to ensure everyone is on the same page.

Additionally, there are generally certain types of data that every department handles in some form or another. It is crucial that this data is properly handled and all departments understand how they affect each other as related to this business-critical data.

Keep in mind, the goal of an information governance program is to meaningfully organize and move data through its lifecycle while minimizing risk. Sharing best practices is a must to achieve this goal.

Cleanup and (Maybe) Migration

So we've reviewed our people (users), process and technology and pulled out some successful best practices. Now it's time to address some of the failures. One of the biggest is generally redundant, obsolete and trivial (ROT) data. This often unclassified data poses tremendous risk to the organization while at the same time generally having little value. Take a look at the chart below which helps to visually explain this "risk-to-value" gap.

Picture1.png

Locating and assessing ROT data is the first step. Next is determining whether it should be disposed or properly classified and therefore put on the proper lifecycle, which would include triggers, a retention schedule and the appropriate approval and permissions policies.

This is often the time where organizations would perform a migration of some (or all) of their data. While a migration can be helpful, it is not always the right solution to have all of your data in one repository. Again, the end goal here is to improve the overall information governance program and changing user behavior can lead to confusion and potential risk. This migration can be done by department as well. For example, the Human Resources department prefers SharePoint (and have it properly organized) while Accounting has a working system in place on the File Shares.

Implementation

Well now comes the fun part: putting the plan into action! Some of you may be thinking "easier said than done" and I agree this can be a difficult process. The key to a successful implementation is executive buy-in. If the CEO can follow the organization's information governance policies, so can Bob from HR.

Another important piece is to have the findings you discovered during the review available for all to see. This will hopefully make a clear case as to why these policies (and in some cases technologies) are being changed. Nobody wants to work inefficiently and simply presenting these facts can often assuage the fear of change.

Many companies roll out a new or updated IG program by department, which can help spot new issues and readjust as the process continues. An information governance program should truthfully be in a constant state of review as new data is created every day while regulations are also often changing.

In the end, every employee should understand that a solid information governance program benefits the entire organization by reducing inefficiency, saving money and minimizing risk.

By Shawn Cosby

Related Posts

Why Should Records Management be Important to You

Why should an organization care about records management? When users throughout all departments are creating new records without a thought to how they are cataloged or tagged, the sprawl of records can become a real threat. Unstructured data can lead to compliance issues for highly regulated industries. When proper records management isn’t a top priority, content that should have been disposed of for security purposes is left vulnerable for anyone to find and distribute.  

Creating Compliance in Chaos: A Consultant's Story

Records and Information Management (RIM) is constantly changing and evolving as record managers begin to realize the benefits of automation in their daily operations. In my 6 years of consulting, I have seen everything from heavily manual business processes to automated document management solutions.  Even as time goes by, information professionals continue to face the long-standing hardship of trying to get end users to comply with either internal or external regulations when it comes to records management.  Lately, there has been an apparent shift from ridged business centric solutions to end user centric solutions. 

Gimmal at ARMA International InfoCon 2019

Once a year, members in the records management community come together for ARMA’s annual conference to discuss the latest advancements and best practices for modern information managers.  ARMA, the global authority of information management and governance, hosted this year’s conference, ARMA InfoCon, in Nashville, TN. While attendees were not in the typical “record” industry that Nashville is known for, the location called for a great mix of music and information management knowledge.