Information governance has been around for a while now, however, having a sophisticated and enterprise-wide information governance program has only fairly recently become a hot topic among executives.
Many organizations have put a program in place, but how effective has it been at governing information and minimizing risk? Let's review some key pieces of a successful information governance program and ensure yours is solid.
Review and Inspection
Just like any other business initiative, critical review and analysis is important to reveal any weak points in your information governance program. This will require bringing together directors from the required business units. Consider also including business units that were not a part of the initial initiative as their exclusion could have led to some of your challenges.
From there, the main goal of this phase is to inspect how data is created, moves through its lifecycle and is ultimately disposed (or not!). Make sure to keep in mind user workflow, differences in department needs and systems, and security concerns. What we are looking for here are not only inefficiencies but also potential compliance violations and the behavior that led to them.
This period of review could be quite complex depending on the size of the organization but it is the necessary groundwork for an overarching information governance program. Jumping too quickly to make changes without some data behind them is a recipe for certain disaster.
Common Best Practices
After the review is complete, hopefully you and your team have uncovered some common best practices that have been working. These will be the cornerstones on which the rebuilding will take place. Successful processes should be rolled out to all departments. If necessary, this is a great time for cross-department training to ensure everyone is on the same page.
Additionally, there are generally certain types of data that every department handles in some form or another. It is crucial that this data is properly handled and all departments understand how they affect each other as related to this business-critical data.
Keep in mind, the goal of an information governance program is to meaningfully organize and move data through its lifecycle while minimizing risk. Sharing best practices is a must to achieve this goal.
Cleanup and (Maybe) Migration
So we've reviewed our people (users), process and technology and pulled out some successful best practices. Now it's time to address some of the failures. One of the biggest is generally redundant, obsolete and trivial (ROT) data. This often unclassified data poses tremendous risk to the organization while at the same time generally having little value. Take a look at the chart below which helps to visually explain this "risk-to-value" gap.
Locating and assessing ROT data is the first step. Next is determining whether it should be disposed or properly classified and therefore put on the proper lifecycle, which would include triggers, a retention schedule and the appropriate approval and permissions policies.
This is often the time where organizations would perform a migration of some (or all) of their data. While a migration can be helpful, it is not always the right solution to have all of your data in one repository. Again, the end goal here is to improve the overall information governance program and changing user behavior can lead to confusion and potential risk. This migration can be done by department as well. For example, the Human Resources department prefers SharePoint (and have it properly organized) while Accounting has a working system in place on the File Shares.
Well now comes the fun part: putting the plan into action! Some of you may be thinking "easier said than done" and I agree this can be a difficult process. The key to a successful implementation is executive buy-in. If the CEO can follow the organization's information governance policies, so can Bob from HR.
Another important piece is to have the findings you discovered during the review available for all to see. This will hopefully make a clear case as to why these policies (and in some cases technologies) are being changed. Nobody wants to work inefficiently and simply presenting these facts can often assuage the fear of change.
Many companies roll out a new or updated IG program by department, which can help spot new issues and readjust as the process continues. An information governance program should truthfully be in a constant state of review as new data is created every day while regulations are also often changing.
In the end, every employee should understand that a solid information governance program benefits the entire organization by reducing inefficiency, saving money and minimizing risk.
By Shawn Cosby