The Purpose of Information Governance & How to Go About an Implementation Project
Consider the following scenarios
- You work at a medical practice and cannot find vital medical records for a patient, which could lead to medical malpractice, death and serious legal ramifications.
- An Engineer is working at a remote installation and cannot find the engineering drawings and operating procedures for a piece of machinery that has broken down or been damaged, resulting in unnecessary delays in corrective maintenance work, production loss or even a plant shutdown.
- A telecommunications company fails to provide accurate customer information data to the relevant industry-wide databases, resulting in regulatory and compliance violations; and loss of reputation.
As you can see the inability to locate or provide complete, accurate and trustworthy information in a timely manner are two of the many reasons why organisations need to ensure high value information is properly managed and governed. These scenarios occur when organisations put information governance at the bottom of their priority list. Whether that is due to a lack of budget or a limited understanding of the purpose of information governance and its benefits, it’s imperative to implement proper information governance in your organisation so you don’t end up in one of the above scenarios.
What is Information Governance?
Information governance is the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information consistently at an enterprise level, supporting an organisation’s immediate and future regulatory, legal, risk, environmental and operational requirements.
The Purpose of Information Governance
By implementing effective governance over your high value information, not only is risk reduced, but significant improvements in organisational productivity and reduced operational cost is realised through:
- Ownership and responsibility of critical business information assigned to specific teams or roles; improving data quality, accountability and findability.
- Information security and privacy of sensitive information and intellectual property, which helps to prevent data breaches, external threats to network security and unauthorised access to internal user access controls.
- Information integrity enhanced through direct access to authoritative master information, elimination of information silos and reduced data duplication.
- ROT (redundant, obsolete and trivial) information systematically archived and where appropriate destroyed in alignment with industry regulations and operational need; improving search experiences and findability of high value information.
- Accessibility and availability of information. Ensuring data and content is discoverable through consistently applied classification across all information management systems and repositories to organisational standards and approved business metadata schemas.
- Regulatory compliance obligations satisfied through a federated approach to records management utilising consistently applied metadata across content repositories.
How to Go About Implementing an Information Governance Program in Your Organisation
Secure Executive Support and establish an Information Governance Committee
Communicate the importance and purpose of information governance through an executive on the leadership team. They will be a driving force promoting the organisation’s goals and objectives across the business. Establish an Information Governance Committee (IGC) with representatives from across the business to establish where existing information lives, how it’s currently superintended and identify business challenges. Draft a Terms of Reference for the committee to establish decision making protocols, meeting frequency and scope. The IGC will typically own the developed Information Governance Plan, oversee strategy alignments, policy changes and coordinate information-related roles required in support of the IG Plan. Where new business information systems are required, these should be assessed and approved by the IGC to ensure alignment and future compliance. For better IM and business outcomes, they will identify new opportunities to improve Information Governance and advise on allocation of resources to better manage information assets.
Where necessary, the IGC should be extended through the use of working groups to consult directly with key stakeholders and staff across the business to address identified information challenges, provide recommendations, perform remediation activities and drive adoption. For example, the records management team will have vast experience with records management systems and knowledge of compliance regulations that relate to your organisation; and may already have a business classification scheme that can be utilised across other repositories and information systems as a starting point. IT will need to be involved when assessing technology platforms, addressing information security and providing data integration options and solutions. The legal team will be able to assist with identifying relevant policies, standards, and laws that apply to the handling of information (i.e. data privacy policies or the Notifiable Data Breach scheme).
Gather Key Information
Take some time to identify the following elements and give some consideration as to how they will be incorporated into your overall information governance plan:
- Information Management Systems are business systems that create and manage digital information. What line-of-business (LOB) systems are in use? What types of electronic document and records management systems, physical management systems, network drives, financial/personal/customer relationship systems do you have?
- Business Departments are functional areas within an organisation. Which business entities, branches or divisions should be represented in the Information Governance Committee?
- Metadata is descriptive data attached to a record and used to identify, authenticate and contextualise information. What metadata should you include as a part of your business’ information and records management processes?
- Information Owners, Superintendents, Custodians and Stewards are the people or groups responsible for ensuring information within their designated domains are managed in alignment with corporate Policies, Standards and the Information Governance Plan. What roles and responsibilities will they have as a part of your IG plan?
- Recordkeeping Requirements need to be considered in regards to what retention periods apply to your organisation’s information and how this information will be disposed of. Identify where your high-value organisational information lives and prioritise it for management.
Develop an Information Governance Plan
Developing information governance policies and practices is the overall purpose of information governance. It should provide a comprehensive set of rules and instructions for the management of high-value information across the line-of-business information systems critical to the operations of the organisation. It will also create a pathway for an organisation to meet its legal and statutory obligations and all other relevant codes of practice regarding data.
Create a vision statement that describes what your IG plan will achieve. A clear vision statement provides crucial guidance to decision trade-offs you make while thinking about your plan. Write your vision statement at the first stages of your plan and refine it as the project matures.
A typical IG plan breaks into People, Process and Technology. These subsections offer a defined approach to execution and can be used towards a framework for future plans.
People – Identify and define the roles and responsibilities required to manage information in alignment with the overall IG plan. For management purposes, explain the rules that determine how roles are assigned and delegated together with guidance on how to identify and manage information domains. What should the responsibilities be for all employees as information users and contributors?
Define how different IM bodies within the organisation operate and interact to oversee the management of information. Focus on ensuring the best outcomes from an overall business perspective. Typical key IM bodies may include an IG Committee, information working groups, IM Project Teams and Information, Communication and Technology department.
Process – Specify how information is processed through the organisation. How is it updated, manipulated and used throughout its lifecycle? Consider your records transparency for e-discovery, destruction processes and security processes. Ensure consistent classification across the business by targeting how reference information is to be propagated through the organisations subscribed systems.
Technology – Define the approved IM systems, tools, technologies and techniques used within the organisation to support people to efficiently, reliably and repeatedly manage information. Do you need to update your information systems, security software, devices or hardware? Approved IM systems provide the necessary means and controls required to support the practical application of the IG plan and management of high-value business information.
Once established, define the practical implementation of the overarching information governance plan across each approved system with individual IM system specific governance plans.
The purpose of information governance is all about business productivity, operational efficiency and trustworthiness of high-value business information. Key outcomes of good IG are; better insights into operations, simpler systems integration, business process automation enablement, increased productivity, reduced risk, dashboard enablement and better decision making.
An organisation can develop and implement an Information Governance Plan by; securing executive support, establishing an IG Committee and assign working groups to dig into the inner workings of data within the areas of people, process and technology for the organisation.
Your clients, customers and entire organisation rely on being able to locate accurate, complete and trustworthy information. Speak to one of our information governance experts about how you can establish a proper information governance program to ensure that your business is protected from regulatory and compliance regulations as well as unforeseen costs and operational inefficiencies.
Raelene is an experienced professional with expertise in all facets of information management including eDRMS implementation, management and enhancement. She is an experienced administrator of TRIM / Content Manager, SharePoint Online, Office 365 and Microsoft Teams.
Follow us on social