It’s not news: Today’s business environment is dominated by digital technology. We use it to create, access, and retrieve records and information. We use it for basic, day-to-day communications, and we use it for retaining and preserving information for long-term use. Digital information is here to stay and so is comprehensive information governance—the best way to address technology’s impact on organizational information assets.
Traditional RIM frameworks must change
The sheer volumes of information many organizations have to manage and govern are crippling the systems and tools that have been traditionally used. In a typical records and information management (RIM) framework:
- The focus is on controlling only records; other information is generally ignored, but that information can hold hidden value as well as increased risk to the organization.
- Records controls tend to be focused on the format of the information rather than on how the information is used.
- Compliance requirements are often limited to records retention/disposition and government and industry regulations.
- RIM requirements are not an integral part of business processes, workflows, and systems integration efforts.
- RIM is viewed as a “back office” operation that is not valuable for contributing to the organization’s success.
How information governance (IG) can help
Information governance (IG) fills the gaps left by traditional RIM programs. ARMA International defines IG as “a strategic, cross-disciplinary framework composed of standards, processes, roles, and metrics that hold organizations and individuals accountable for the proper handling of records and information. The framework helps organizations achieve business objectives, facilitates compliance with external requirements, and minimizes risk posed by sub-standard information-handling practices.”
IG supports business goals
IG is a strategic approach that begins with understanding the organization’s goals. Facilitating the organization’s ability to meet its goals through the use of information is the context in which IG is best understood.
IG balances needs and risks
IG is most effective when it is enterprise-wide in scope and perspective. Many internal entities have a vested interest in how an organization’s information assets are handled. For IG to be effective across the enterprise, the organization must take an intentional approach to identifying its:
- Business needs
- Regulatory compliance requirements
- Duty to protect privacy
- Procedures for processing information efficiently
IG recognizes information’s value
This foundation for IG elevates information assets into the same realm as corporate assets. No longer are records and information the leftover debris of organizational decision-making and transactions. The IG framework calls for the value of records and information to be maximized for the benefit of the organization while the information is active—when it is still being used in conducting business.
IG embraces technology
IG also embraces technology as the key business driver and seeks to integrate information management disciplines in that new context. As an organization considers implementing new technology systems for business productivity, it must address RIM needs at the onset.
IG demands collaboration
This framework calls for a holistic approach in identifying the business needs from all areas of the organization. The needs of all business units (e.g., privacy, information technology, information security, legal, risk, and compliance) must be identified and considered at the project’s initiation. Only by collaborating will IG leaders have a complete picture of the organization’s information needs and understand the ramifications of decisions concerning how information is handled.
IG also requires that the organization establish metrics by which program and employee compliance will be measured and evaluated. These include establishing expectations and priorities for employee performance, evaluating performance against established targets, documenting progress toward stated goals, identifying opportunities for improvement, and showing progress in IG program maturity over time. The final distinctive element in this IG framework is auditing for program compliance. Auditing makes IG program requirements real and actionable and provides an objective basis for demonstrating IG compliance.
When IG is integral to an organization’s operations, it stands on the foundation of internal policies, standards, processes, roles, and metrics. Through its documentation, an organization can legitimately state that its IG program has credibility and that records can be trusted to be true and are an accurate account of the events they support. Furthermore, organizations can ensure that disposition of records is defensible, because it is conducted according to defined controls.
In short, with an effective IG program in place, an organization can demonstrate integrity in how it handles its information, making a positive contribution to its reputation–and its bottom line.
Diane K. Carlisle is the Information Governance Program Advisor at ARMA International. For more information, visit www.arma.org.