December 22, 2016

Starting an Information Governance Program

6 minute read

We talk a lot about the challenges facing organizations and their data, but often the biggest challenge with an information governance program is simply getting started.

Benefits of Information Governance

1. IG Improves Information Availability - The record snowfall in New England in 2015 brought many businesses to an abrupt halt.  This was the situation for a law firm that had been resisting the digital movement and kept everything in paper format.  The snowfall had an adverse impact on casework and attorneys were virtually paralyzed because they didn't have access to any files.  This weather-disaster is exactly what was needed to convince the firm it is time digitize the files and to "…ensure the information is protected according to policy and client expectation."

2. IG Streamlines Processes - The downturn in the oil and gas industry has created an increase in merger, acquisition and divestiture (MAD) activities.  This created an abundance of separate work teams and resulted in "islands of information" that were at risk.  RIM leaders convinced executive management that involving RIM in the core MAD team would streamline this process and reduce the risk of losing information.

3. IG Ensure Compliance - A consulting firm has rigid compliance requirements that are crucial to retaining clients in a highly competitive environment.  The RIM manager seized this opportunity to "…jump start his firm's IG program."  The IG program provides a competitive edge by applying best practices, training and new processes to support defensible disposition.

4. IG Controls Risk - In the financial services industry increased regulation has spurred RIM managers to join forces with the "…compliance and internal audit teams to create a set of "controls" for major RIM categories…".  Knowledge is now shared across the teams, and the compliance and internal audit teams are now educated on RIM and IG practices.

5. IG Protects Intellectual Assets - In the pharmaceutical and life sciences industry, mergers, acquisitions and divestiture (MAD) is practically a way of life.  At one company, the RIM leader secured a seat at the MAD team table to ensure RIM practices are in consideration throughout the lifecycle of MAD process.  The company's records contain intellectual property that must be preserved.  The RIM leader helped initiate processes to identify records of value and also redundant, obsolete, and trivial (ROT) data to reduce the amount of data that has to be transitioned during the acquisition.

Step 1: Review and Inspection

Just like any other business initiative, critical review and analysis is important to reveal any weak points in your information governance program. This will require bringing together directors from the required business units. Consider also including business units that were not a part of the initial initiative as their exclusion could have led to some of your challenges.

From there, the main goal of this phase is to inspect how data is created, moves through its lifecycle and is ultimately disposed (or not!). Make sure to keep in mind user workflow, differences in department needs and systems, and security concerns. What we are looking for here are not only inefficiencies but also potential compliance violations and the behavior that led to them.

This period of review could be quite complex depending on the size of the organization but it is the necessary groundwork for an overarching information governance program. Jumping too quickly to make changes without some data behind them is a recipe for certain disaster.

 

Step 2: Common Best Practices

After the review is complete, hopefully you and your team have uncovered some common best practices that have been working. These will be the cornerstones on which the rebuilding will take place. Successful processes should be rolled out to all departments. If necessary, this is a great time for cross-department training to ensure everyone is on the same page.

Additionally, there are generally certain types of data that every department handles in some form or another. It is crucial that this data is properly handled and all departments understand how they affect each other as related to this business-critical data.

Keep in mind, the goal of an information governance program is to meaningfully organize and move data through its lifecycle while minimizing risk. Sharing best practices is a must to achieve this goal.

Step 3: Cleanup and (Maybe) Migration

So we've reviewed our people (users), process and technology and pulled out some successful best practices. Now it's time to address some of the failures. One of the biggest is generally redundant, obsolete and trivial (ROT) data. This often unclassified data poses tremendous risk to the organization while at the same time generally having little value.

Locating and assessing ROT data is the first step. Next is determining whether it should be disposed or properly classified and therefore put on the proper lifecycle, which would include triggers, a retention schedule and the appropriate approval and permissions policies.

This is often the time where organizations would perform a migration of some (or all) of their data. While a migration can be helpful, it is not always the right solution to have all of your data in one repository. Again, the end goal here is to improve the overall information governance program and changing user behavior can lead to confusion and potential risk. This migration can be done by department as well. For example, the Human Resources department prefers SharePoint (and have it properly organized) while Accounting has a working system in place on the File Shares.

Step 4: Implementation

Well now comes the fun part: putting the plan into action! Some of you may be thinking "easier said than done" and I agree this can be a difficult process. The key to a successful implementation is executive buy-in. If the CEO can follow the organization's information governance policies, so can Bob from HR.

Another important piece is to have the findings you discovered during the review available for all to see. This will hopefully make a clear case as to why these policies (and in some cases technologies) are being changed. Nobody wants to work inefficiently and simply presenting these facts can often assuage the fear of change.

Many companies roll out a new or updated IG program by department, which can help spot new issues and readjust as the process continues. An information governance program should truthfully be in a constant state of review as new data is created every day while regulations are also often changing.

In the end, every employee should understand that a solid information governance program benefits the entire organization by reducing inefficiency, saving money and minimizing risk.

Receive News Updates As Soon As They Happen