Everyone is talking about information governance (IG) and how it can be used to manage the rapid pace of electronic information growth. IG is defined by Gartner as, “The specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.” More simply, IG is a set of interdisciplinary policies and procedures used to regulate an organization’s electronic assets from creation to disposal or though the information life cycle.
Rapid electronic growth can negatively impact:
- User productivity
- Time/costs/liability associated with increased storage needs
- Inability to locate information when it is needed for litigation and e-discovery requests
The true objective of IG is to recognize that information generated daily by your organization is a valuable corporate asset that must be managed and disposed of responsibly. Yet, even the most heavily regulated companies or litigious environments have been slow to adopt a corporate information governance program (CIGP). The hesitation stems from the fear that the commitment will become overbearing and an unclear return on investment (ROI).
Measuring the ROI of IG can be difficult. Managing information is typically viewed as managing risk and costs. It is difficult for businesses to refocus on the value of managing information. IG manages, protects, monitors and disposes of information reliably and strategically, thus, allowing implementers an easy way to understand the true ROI IG provides. It reduces risk, organizes infrastructure and increases the overall value of your data.
Thinking of the ROI this way helps make a strong case for implementing a solid CIGP and provides a foundation for it to be successful.
It’s critical for organizations to protect their employees, customers, vendors and business information. Protecting the information’s confidentiality, integrity and availability become paramount. It also helps businesses comply with legal and regulatory standards. Reading the daily data breach headlines will confirm the high cost of non-compliance, and those costs are not only financial but reputational.
Information risk comes in various forms, including system outages, theft, natural disasters, fraud, inadequate retention periods and policies and unauthorized disclosure. Reducing risk must align with business goals and capitalize on opportunities, not just loss avoidance.
A CIGP is one of the most effective ways to reduce exposure to operational risk. This return doesn’t necessarily show up on the top or bottom lines, but the value is immeasurable. It helps shift responsibility from line managers focused on an ad hoc approach to strategic-level stakeholders with a documented strategy and accountability. Improved decision-making, compliance with applicable laws and regulations, minimized operational disruptions and faster reaction times to potentially costly remediation strategies are just a few of the many benefits.
Organize your infrastructure
Organized infrastructure is the cornerstone to a successful CIGP, and it can be done in three stages: organizing your IG committee, organizing your data and organizing your IG technology.
1. The IG committee
A CIGP must be endorsed by senior management and supported throughout the organization. IG will ultimately touch every area of a business so it’s important to have an IG committee responsible for its implementation, ongoing management and auditing.
An ideal IG committee should represent a cross-section of the organization in order to bring diverse expertise and knowledge to the project. Various departments that have direct knowledge of, and potential responsibility for, handling your organization’s internal and external data requirements should be represented. This may also include regulatory requirements. Most IG committees have representation from the executive team, compliance, information technology (IT), human resources (HR), legal, records and/or security. The IG committee should know where the organization’s data is kept, what information needs to be stored, how long it should be stored, what information should be deleted, when it should be deleted and how information is accessed and moved within the organization.
If you treat your committee as a group of trusted advisors, they will have the knowledge to help you identify which areas of the business can benefit most from an information governance project, the degree of difficulty to implement and how best to socialize the project within each segment of the business.
2. The data
The IG committee should also be involved in organizing your electronic information. Understanding what information exists, where it is stored and how to classify it is usually one of the more difficult aspects of information governance. This makes creating an information inventory the next critical step to ensuring your ROI. Albeit, a difficult and time-consuming exercise, once done, it allows you not only to classify it by content but also to apply retention periods to it.
Implementing retention policies will help eliminate data degradation, such as redundant, outdated and trivial information (ROT), which a company keeps but doesn’t need. Common examples would be outdated contact information, duplicate information and email conversations between co-workers.
According to AIIM’s May 2014 Industry Watch report, “Automating Information Governance,” as much as 80% of electronically stored information is ROT. All of that non-essential information takes up vital storage space, increases information risk and storage costs and wastes time and resources. ROT can easily be found and removed, as long as you know what and where to look.
3. The technology
Organizations should never rely on users to execute written policies; they must look to implement automated policy enforcement tools. Using employees alone is not a defensible practice.
Many solutions exist that will locate and inventory unstructured data throughout the organization, and many enterprise platforms are available to manage the entire IG process (as well as many a la cart options for specific specialization). These tools are critical to help to visually assess ROT, intellectual property and risk and data inventory. They will also help determine what data needs to be eliminated by applying the correct retention policies.
Extracting value from information is closely tied to the business users who need it. Access and integrity to information requires your organization to have and enforce specific information policies, processes and protocols.
It is critical that information be classified and stored in the appropriate location. If the people who need data to create revenue and profit cannot find and access relevant data, it becomes useless.
Treat your data as an asset, not a liability, and you’ll be able to derive much more value from the data and see a much greater ROI.
Mr. Friedman is the executive vice president at Sherpa Software where he manages the sales team and focuses on business development. Prior to joining Sherpa,Mr. Friedman co-founded and served as CEO and president of Seegrid, a provider of machine perception software and automation technology for industrial original equipment manufacturers. Follow @SherpaSoftware on Twitter or visit www.sherpasoftware.com.