1 INFORMATION GOVERNANCE (IG) What Does That Really Mean? Donna Read, CRM, CDIA+ November 18, 2014 Florida Gulf Coast ARMA Chapter 2 Agenda • Defining Information Governance • Why is it difficult to implement? • People – Processes - Technology • Wrap your arms around the beast. 3 Difference Between RIM & IG • Records Management is tactical • Information Governance is strategic To be strategic, you need partners, sponsors, and a network • Tactical - Designed to achieve a particular effect or goal. adj.tactical, expedient, schematic, strategic. • Strategic - or a strategy - A method worked out for accomplishing something : plan, blueprint, design, course of action, plan of action, game plan, master plan, project, scheme, strategy, format, stratagem, procedure. 4 IG – What Does It Mean? • “..a holistic approach to managing and leveraging information for business benefits encompassing information quality, protection and lifecycle management.” AIIM • “..multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization’s immediate and future regulatory, legal, risk, environmental and operational requirements.” WikiPedia 5 From The Sedona Conference “Information governance means an organization’s coordinated, interdisciplinary approach to satisfying compliance requirements and managing information risks while optimizing information value. As such, Information Governance encompasses and reconciles the various legal and compliance requirements and risks addressed by different information-focused disciplines, such as records and information management, data privacy, information security, and ediscovery.” Source: The Sedona Conference® Commentary on Information Governance (Dec. 2013) 6 No – Really What Does It Mean? • “…enterprise-wide program that incorporates multiple organizational disciplines and that contemplates policies, procedures, processes, and controls designed and implemented to management information.” AIIM • “...a vehicle to ensure compliance to regulation, encompassing people, processes and technologies to support the best practices of the organization.” KM World 7 Key Words • Holistic ----- the parts of something as intimately interconnected and explicable only by reference to the whole • Managing – Leveraging – Controlling • Policies - Procedures - Processes • Ensure Compliance • Encompassing: Information quality & protection Immediate and future operational requirements People, processes, & technologies 8 Information Security (PII) Non-Records Holds Official Records Duplicates Reference and Convenience Information Trash 9 10 11 What Does ARMA Have To Say? • The Principles!!!! • Information Governance Maturity Model “Information is one of the most vital, strategic assets organizations possess. They depend on information to develop products and services, make critical strategic decisions, protect property rights, propel marketing, manage projects, process transactions, service customers, and generate revenues. This critical information is contained in the organizations' business records. • It has not always been easy to describe what "good information governance" looks like.” www.arma.org 12 Beginning to Look A Little Confusing – Like Herding Cats? 13 Why Is IG So Difficult? • Confusion Terminology • Frustration - inability to focus on positive side of cost avoidance and managing risk • Why is adoption rate low? Perceived to have no direct business benefit Challenges in business buy-in and funding Seen as critical but highly political, complex, long-term and multi-year initiative Currently a “on size fit all” approach Lack of metrics-driven measurement of benefit Total cost of IT ownership (TCO) rarely measured or tracked 14 Status Quo Not Working • “The one thing that everyone can agree upon is that the status quo is not working. Symptoms are everywhere with comments like ‘we need help to govern the data in these warehouses since the date is always wrong, incomplete or erroneous’ are the norm rather than the exception.” • Thornton May, Futurist & Executive Director, IT Leadership Academy 15 TMI • IDC (International Data Corporation) Report: 1800 new exabytes this year -- (1 exabyte = data equivalent to 50,000 years of continuous movies) • Information governance is needed in a world where . . . 1. 80% of enterprise data is unstructured 2. 60% of documents are obsolete 3. 50% of documents are duplicate 4. 80% documents are not retrieved by traditional search 16 What Is Needed For IG • Organizational Mindshare • Senior Level Support • Awareness of need for change • Willingness to change • Resources 17 Who Are The Stakeholders? • Senior level management • IT • Legal • Records Management • Accounting • The Users 18 Getting Buy-In • Not an easy job • What does everyone care about? WIIFM “You have to align with what your organization cares about – figure out what that is - to use as a lever for embedding Information Governance.” Monica Crocker 19 IG and Social Media • New trends constantly emerging Today – SMC – Social/Mobile/Cloud • Requires updating IG program and it’s deployment • BYOD (bring your own device) muddies the water Does your organization have polices in place for BYOD? • Content generated from company account or… • Content generated using personal account for business purposes….. • Must be governed under same policies as rest of information 20 IG and Big Data 21 The Meeting of IG and BD • BD – “data lake” stores unlimited amounts of data, in any format, scheme and type • Theoretically could hold all of an organization’s data • 1000’s of regulations impacting management of information • Balance – information value with information risk • Must know what you have – starting point for IG • As data gets older, value diminishes – never really useless • Risks in keeping include – increased storage costs, litigation, & regulatory sanctions • Saving everything is unsustainable 22 Archives Must Include • Ingesting & retaining all types of information – both structured and unstructured • Auditing and preserving data and content to meet regulatory and governance mandates • Require no dependence on originating applications to manage or reference information and records • Maintain clear, defensible chain of custody • Deliver records and retention capabilities with audit trails • Preserve information in an immutable form 23 Three-Phased Approach • Current State Assessment Review all relevant policies and procedures Stakeholder interviews and focus groups to define current state of information management practices Identify RIM vulnerabilities and develop key observations of “as is” state • Analysis and Recommendations Identify best practice standards and benchmarking targets Evaluate current information management processes against standards and industry best practices including “The Principles” Assign maturity rating and develop recommendations for the enhancement of information management practices • Strategy and Roadmap Summarize assessment, methodology and recommendations Validate with sponsors Develop strategies Develop tactical project plans for each strategy Develop implementation roadmap Huron Consulting Group 24 Information Governance Infrastructure Huron Consulting Group 25 Assess Current Situation – not an easy job • Are your retention policies being applied to both structured and unstructured data? • Are your shared drives/hard drive used as a dumping ground with no structure? • Do you have an EDMS/RMA etc. in place but it not being fully utilized? • Do you have an ESI Data Map, or a Data Source Catalogue? • Are there workarounds for system limitations that set, i.e. size of email box? • Can your employees find the correct and relevant data they need to perform their work? 26 Huron Consulting Group Three Buckets 1. The stuff you know enough about to keep 2. The stuff you know enough about to throw away 3. Outliers & anomalies: the stuff you don’t have enough information on to make a reasonable decision Taking slices of the data: looking at a minimum amount of information (logs, dates, times, domains, custodians) to make the remediation call. 27 Structured Data Remediation Plan For each identified system: (do you know your critical systems) • Does the system contain “records” and how does this relate to the retention schedule Issue of relational databases, transactional systems, etc. • Risk / cost analysis of over-retention • Remediation options • Manual • Systematic Huron Consulting Group 28 Potential “To Do” List 1. Does your RIM program need refinement? 2. Are your retention schedules and legal compliance rules 3. 4. 5. 6. 7. up to date? Do you need to update policies and procedures? Should training be enhanced or include more staff? Is there a strategy for dealing with unstructured content? Do you have a structured Data System remediation plan? Who is responsible for constructing the ESI Data Map? 29 Summary • Need to define IG for stakeholders • Convince them why they should care • Assess current situation • Create plan for remediation 30 The End Donna Read, CRM, CDIA+ Florida Gulf Coast ARMA Chapter [email protected]
© Copyright 2024