While there essentially is consensus among consultants on the checklist of policies and procedures that constitute an effective information governance plan, the truth is there is no one-size-fits-all program and success or failure ultimately depends on how well an organization can orchestrate its initiative.
"It's more art than science," said Barclay Blair, president and founder of ViaLumina Group Ltd., an information governance consultancy in New York. "It really comes down to a judgment of the culture of the company and its appetite for change."
And though the spark for an information governance framework might come from a particular business unit being affected by a legal issue or a specific data integrity problem, support for the initiative must come from the top and should be driven by a high-profile executive manager, said Blair and other analysts.
"Even if the initiative has a grassroots start, there is nothing like senior management saying, 'We're going to do this and we want you on the committee,' to bring that strategic perspective as to why it's important for the greater organizational good," said Steve Weissman, principal analyst at Holly Group, a consultancy in Waltham, Mass. "If it's someone from IT that talks about how we are going to execute on [information governance], it can be perceived as more of a tactical, micro view."
Must-haves: A steering committee and data stewards
According to the analysts, good information governance starts with establishing a cross-functional and cross-departmental steering committee, which is tasked with exploring everything from where data resides and what data is important to documenting usage patterns and identifying information workflows. The steering committee also makes sure a governance initiative remains in sync with the organization's core business goals.
Another critical part of creating an information governance framework, the analysts said, is appointing data stewards, who typically hail from the various lines of business in a company. Their roles are to understand how the data they oversee is used and how it should be managed and modified to best meet business needs, and to help enforce internal standards that relate to data quality. To be truly effective, data stewards need to be empowered to make decisions about data definitions and formats, while also being accountable for adhering to the policies and procedures they are championing in the name of information governance.
Find out more about information governance frameworks
Find out about a survey that reveals enterprises lack information governance plans
Learn about building the business case for an information governance process
Read why establishing an information governance policy is often a hard sell
"Companies that have good information governance programs tend to understand how people utilize information -- if it's kept in email or file systems, for example, or if it needs to be maintained locally or be accessed from a centrally managed system," said Barry Murphy, a co-founder and principal analyst at eDJ Group Inc., a Boston-based consulting and market research company that specializes in e-discovery issues. "They understand how employees need information and tailor the program accordingly."
Understanding data usage patterns is also critical for determining the scope of an information governance framework. The last thing any organization needs is a governance program that's onerous and discourages adoption and participation by business users.
Create a reasonable and defensible framework
"You have to take into account that users need this information, so you want to make things as easy as possible," Murphy said, explaining that an information governance policy that's too autocratic and directs how people should work without considering the way they currently do their jobs won't be sellable internally. "It has to be a reasonable effort and a defensible program," he said.
At the same time, however, information governance procedures can't be so open-ended that they undermine the value of the initiative to the enterprise. With that in mind, the governance team not only needs to establish consequences to ensure that policies are enforced, but must also communicate to employees the reasons behind the policies and explain the potential business risks of ignoring them.
And once the policies and procedures are established and well documented, it's not over, according to Susan Hanley, founder of Bethesda, Md.-based Susan Hanley LLC, a consultancy specializing in portal and collaboration systems.
"Information governance is a constant battle," said Hanley. "You have to revisit your governance plan and keep it alive. It could be the rules you had before don't make sense anymore and you have to rethink them. Companies can't be complacent about that."
Beth Stackpole is a freelance writer who has been covering the intersection of technology and business for 25-plus years for a variety of trade and business publications and websites.
This was first published in October 2012