CIO.com

information governance

By Scott Robinson

What is information governance?

Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and metrics that treat information as a valuable business asset.

Information governance also includes a defined accountability framework and decision rights specification to ensure the proper creation and use of information, its storage and access. This includes controls on information deletion, with attention to its desired availability, integrity, data quality and security.

The goal of a holistic approach to information governance is to make information assets available to those who need them, while streamlining management, reducing storage costs and ensuring compliance. This, in turn, helps the company reduce the legal risks associated with unmanaged or inconsistently managed information and become more agile in response to a changing marketplace.

An important goal of information governance is to provide employees with data they can trust and easily access for decision-making. In many organizations, responsibilities for data governance tasks are split among security, storage and database teams. Often, the need for a holistic approach to managing information doesn't become evident until a major event occurs, such as a lawsuit, compliance audit or corporate merger.

Information governance provides a wide range of benefits. It ensures the following:

Why is information governance important?

Information governance makes information more accessible to those who need it, which is crucial for any organization. Organizations of all types and sizes often suffer from poor organization and management of information assets, leading to issues with accessibility, ease of use, timeliness and security -- all of which governance can positively affect.

Often, the same information exists in more than one location, leading to issues with updating and discrepancies that cause confusion. Effective information governance can establish a single source of truth, making information more trustworthy.

Effective information governance is so important that it has become a C-suite role in many organizations, with an executive responsible for its implementation. The chief information governance officer (CIGO) often oversees the initial governance initiative, shepherding its development, management and ongoing evolution throughout the organization. The CIGO is generally responsible for maintaining information integrity standards, gathering required quality and usage metrics and ensuring that the company meets compliance and regulatory requirements.

It's also increasingly common for enterprises to establish an information governance council composed of key stakeholders in the organization, including management-level representatives from every area of the business, IT personnel involved in infrastructure and security, and subject matter experts who fully understand how specific information is used. This governance council often helps the executive officer implement and enforce governance policy and can be invaluable in guiding its ongoing development.

A commitment to information integrity throughout the enterprise requires the active participation of employees at all levels and in all areas. Awareness of and commitment to information governance processes should be organization-wide, actively promoted and frequently updated.

What is the difference between data governance and information governance?

When considering information governance, it's common to wonder how it differs from data governance, which is referred to more commonly. The difference is subtle; data isn't necessarily information, whereas information can't exist without data.

Information governance refers to data assets that have carefully defined business meanings. Data governance, on the other hand, refers to the oversight of the physical data itself -- its storage, security and transport. Someone implementing data governance might perform those tasks with little or no understanding of the data's meaning, while, in information governance, meaning is everything.

Information governance challenges

Even a clear vision and strong management support don't guarantee information governance success. Organizations can experience the following common issues when implementing information governance:

Information governance frameworks

Different types of organizations have different goals and tasks, but the elements of information that are used to manage those activities are often similar. For this reason, it's possible to create frameworks to clarify an information governance plan that can be useful in organizing the effort, regardless of how customized the organization's handling of information seems.

These information governance plan frameworks outline the who, what, when, where, why and how of company information. Frameworks are built from the answers to some of the following central questions that apply to information of all types:

Answering all these questions for every information asset within the enterprise is a monumental task. However, once an organization collects those answers, the path to managing those assets becomes increasingly clear.

Frameworks are tailored to the organization's unique governance needs but should define the following areas:

Laws, regulations and principles

Information governance isn't just a matter of best practices; it's a matter of regulation in and of itself because it's so deeply intertwined with security, privacy and compliance concerns.

As technological innovations continue to expand business capabilities and corporate data volumes grow, regulations that put strict mandates on information governance processes have become the norm. This is especially true for data privacy and security, as personally identifiable information has become a target for hackers and nefarious online actors. Privacy laws, such as the European Union's Data Protection Directive, have started to expand in countries all over the world and create new information security governance obligations for companies.

Many industries, including highly regulated sectors, such as energy and financial services, require records and electronic communications to be retained for a minimum period. These regulations include mandates from federal agencies, such as the Securities and Exchange Commission, Department of Justice and Environmental Protection Agency, regarding response times for information requests. Regulatory reporting requirements also often mandate that companies provide an account of compliance, usually in the form of raw or summary data, with set frequency, such as annually.

Examples of laws and regulations that information governance can address include the following:

Information governance models

In addition to frameworks, there are information governance models. Organizations can use these to assess the quality and effectiveness of an information governance program once they implement it.

What is information governance software?

Automated tools are available to support information governance in the enterprise. These tools include process automation and workflows that simplify and fortify repetitive information governance tasks, while providing audit trails for compliance purposes.

Examples of vendors that offer information governance tools are listed below in unranked, alphabetical order:

13 Mar 2024

All Rights Reserved, Copyright 2007 - 2024, TechTarget | Read our Privacy Statement