determined - Fotolia


Information governance strategy isn't a project -- it's a culture

Companies are often daunted by the prospect of developing an information governance strategy. But start small, and recognize that it's about changing company culture.

Information governance is more than a new term for records management. While IG and records management are both core, critical functions under the information governance (IG) umbrella, information governance is an all-encompassing discipline that, when effectively implemented, offers varied benefits to an organization.

Successful IG is a strategic effort that requires executive ownership, leadership support, and the participation of everyone within the organization. So how can companies build an IG strategy? As Mark Twain said, "The secret of getting ahead is getting started." If IG means all these things, how and where do you get started? The remainder of the quote is, "The secret of getting started is breaking your complex and overwhelming tasks into small manageable tasks, and then starting on the first one."

  1. Identify executive sponsors. First, designate specific ownership and leadership. This means having a high-level executive, such as a chief information governance officer (CIGO) who is in charge of IG. A CIGO should be empowered to act with authority and positioned to "move freely about the cabin." IG affects all departments and individuals within the organization and success depends on the entire organization's participation. Some organizations have a sense of areas of risk or opportunity that should be addressed as IG priorities. Many do not. Implementing effective IG requires a time investment to understand the culture, risk profile and goals of the organization. Establishing a foundation from which to build an IG program also requires an understanding of the way things are currently done.
  2. Assess policies. Next, assess organizational policies, technologies, processes, procedures and resources to identify priorities and develop a governance roadmap for your organization. The CIGO cannot do this alone. Creating an IG advisory board that includes representatives from the business, IT, general counsel, compliance/audit, COO and other key stakeholders ensures clarity and transparency in goals and objectives, and provides senior-level sponsorship and endorsement. Executing an IG initiative requires change. Top-down support is a key element of any change management effort.
  3. Develop policies. Based on the assessment and agreed-on priorities, develop policies and procedures to start making incremental progress. While records retention policies are a staple, it's not adequate to stop there. The need for other information-related policies should be evaluated -- such as email management, backup, computer use, cloud and social media policies. Processes, procedures and repeatable workflows can be built from the policy foundation and provide a stable platform to build an IG kingdom that strikes a balance between the need for security and protection with access, collaboration and efficiencies.
  4. Evangelize governance. Spread the concept of information governance. New or revised policies shouldn't come as a surprise to stakeholders and are better embraced when there is context, understanding and buy-in as to why they are necessary. Let's face it: Not many people like being told what to do. Speak in a language that resonates with others at your company, and approach the IG conversation from the perspective of the audience. Try to emphasize the benefits and the "What's in it for them?" for stakeholders. There's always more incentive to "eat your vegetables" and plan for information governance.
  5. Legal and records departments must get closer. We can't understate the benefits of a close relationship between the legal and records departments. Regulatory and legal requirements continue to become more complex. Organizations that conduct global business face additional challenges to meet these requirements and minimize risk without impeding productivity. As records managers assess the current state of information, they need to identify where it resides within an organization -- along with the type of information it is and its owner -- is an important part of the current state assessment. Records teams often know the internal workings of the company and how groups work together. They are well positioned to know potential areas of risk or to identify issues that require escalation or intervention by the legal department. Together, these groups not only craft a legally compliant and defensible IG program but also partner on monitoring compliance, addressing issues and reassessing an adjusting as necessary to account for changes in the industry or business operations.
  6. Find the low-hanging fruit. With the support of a CIGO and a steering committee, legal and records can find opportunities and establish priorities to dispose of legacy information. Nearly all organizations have a landfill of information that is risky or unnecessary to retain. These repositories of information frequently should be defensibly disposed of to minimize cost and risk. Structured disposition for legacy IT systems and back-up tapes can also be executed extending the typical IG benefits to enhance system performance and stability.

The bottom line is that there are IG opportunities everywhere. It may seem daunting, but remember, it takes a village. IG is not a project, but a culture that is ingrained within the fabric of an organization and engages the participation of everyone within it. When approached properly, we can all realize that eating our IG vegetables isn't so bad after all.

Next Steps

The hard sell of governance

records management only part of governance

Dig Deeper on Information governance management