In my post last week I talked about why you should invest in information governance.
Once you have decided to invest in information governance – whether you’re establishing or improving an existing information governance program – you need to ask “How will we implement an information governance program?”
Like all risk and compliance activities it’s easy to create a number of policies and procedures and say “Here you go – now follow them” and then wonder why your governance program isn’t working.
So we’ve compiled 10 factors that will be your keys to information governance success.
That sounds like a lot to think about but looking closer you’ll notice some already exist within your organisation – they may just need to be improved or tweaked to suit the business and the scope of governance.
Comprehensive scope – Your information governance program must have a well-defined scope that covers not just structured data, but also unstructured content. It should expand and include the whole organisation and include the entire information lifecycle.
Accountability – Everyone has a role in the way information is governed across an organisation. To oversee the performance of assigned responsibilities requires someone to be accountable.
Sponsorship – Information governance must be driven from the top-down. Executives must champion and be active in the promotion and enforcement of policies and procedures to ensure they receive accurate, up-to-date and reliable information to make informed decisions.
Strategy – Taking a strategic approach to information governance will ensure you deliver all the essential compliance elements, in a way that also enables and supports the delivery of strategic priorities and exploits opportunities to benefit the business. Your approach must be flexible and responsive to innovations and changes in organisational requirements.
Value assessments – Assessing an information asset’s economic value influences the level of governance required to maintain and mitigate ongoing risks. This ensures the information asset is performing at its optimum.
Common methods – Your information governance program requires a set of documented methods, processes, lifecycles and/or practices that are repeatedly carried out to manage information governance related capabilities such as privacy, master data management, eDiscovery and records and information management.
Standard models – The scope of your information governance program will define the capabilities required to govern your information. These capabilities are better defined within models that map their relationships and explain common terminology.
Governance tools – Clearly defined principles, rules, actions and guidelines that articulate your organisation’s governance position should be documented within policies, standards and procedures. Together, these tools ensure the information governance program is aligned with legislative, regulatory and organisational requirements. Your information governance program will also need to ensure tools are in place in order to audit behaviours, log user and system actions and report on performance.
Continuous improvement – Information governance is an ongoing activity and therefore requires a consistent and planned approach to monitor and improve governance processes. Baseline performance data should be captured as part of any information governance program, however, using it to identify areas for improvement is key to ensuring your governance program remains contemporary and relevant to the organisation.
Flexibility to adapt and change – The ability to implement an information governance program requires an organisation to be flexible to change and adapt to external pressures, innovations and industry threats. Governance must be pragmatic and not stick-waving; exceptions should be granted when warranted and innovations should be encouraged and embraced under the governance banner.