Stop comparing Information Governance with Records Management!
Information Governance has been all the rage in the ECM world in the last year. Chris Walker, Laurence Hart, James Lappin, John Mancini, Barclay T. Blair and many other writers whose opinions I respect, are all writing about it.
That, in itself, is a good thing: I’ve been an advocate of Information Governance for a while now [Data Governance is not about Data] and it’s good to see it taking a prominent (and permanent) position in IT dialogue.
As with any other IT topic however, the more we talk about it, the more vague it becomes, and the more confusing and overlapping the definitions get. One of the latest symptoms of this, is the recent dialogue (read these posts by James and Laurence) discussing where Information Governance (IG) sits with Records Management (RM).
The points they are making are valid, but I believe that the premise behind these conversation is fundamentally misplaced, and here’s why:
1) Information Governance is a discipline, not a tool. The purpose of IG is to define all aspects of how information is being managed. The purpose of RM is to do the managing of some of that information.
2) According to Corporate Governance and Oversight Council, the information kept under RM’s control represents less than 20% of the total information managed by an organisation. IG has responsibility for 100%, including the 20% managed by RM.
3) RM is typically focused on the lifecycle management and protection of unstructured information, mostly documents. IG creates common policies that apply to both structured and unstructured information.
4) RM works with a defined and agreed taxonomy and schedule. IG is perpetually juggling with overlapping policies, laws, cases, security, legal holds, costs and business demands.
5) IG scope includes all information sources: The RM repositories, the other ECM repositories that are not RM platforms, all the SharePoint instances, the live email server(s), the email archive(s), the shared network drives, the personal network drives, the PST files, the data archive system, the notebook C: drives, the cloud drives, the detachable storage drives, those servers that came with the last acquisition and nobody quite knows what is on them, Jim’s old desktop, etc., etc.
6) RM tends to accumulate all the information it manages in a centralised, controlled environment. IG does not have that luxury: It needs to assume that most information will be managed in its native environment (unless of course it’s information that should explicitly be moved to RM’s control).
7) RM has a well defined function: store, classify, protect, secure and dispose of business records. IG has the function of telling RM what should and should not be protected, as well as determining security policies, disposition schedules, data protection risks, storage tier management, archive policies, data ownership, etc., for all other enterprise information.
8) RM stakeholders are mostly records managers and/or compliance managers. IG answers to Compliance, Audit, Security, Legal, IT, Finance and Business Operations – a very different audience with often conflicting interests.
Trying to compare IG and RM is a bit like trying to compare Central Government (or Federal for my US friends) with a local school’s governing body. Both have something to govern, one takes direction from the other and… there the similarity ends. Neither one is a replacement for the other.
And I’ll finish on a separate but related bug bear of mine: Governance is about taking ownership, making decisions and setting rules. Management is about acting on the decisions, executing the policies and enforcing the rules. Therefore, Information Governance and Information Management are not the same thing and the two terms should not be used interchangeably!
Update: Read the follow up article to this, with some more detailed explanations and comments [Part 2]
Leave a comment
George Parapadakis
For what it's worth... 
Nicely done, George.
Regarding your other bug bear; I do use IM and IG interchangeably, sort of. I find that most audiences are put off by the word “governance” but have no issue with “management”. Since the end goal is to get clients to start governing and managing information, I don’t mind fiddling with the terminology if it helps achieve the objective.
Thanks Chris, I have to admit that I fall into the same trap from time to time, but it’s a cop-out. I think we have a responsibility to educate… 🙂
There is definitely a jurisdictional bias here though gentlemen. And Chris you know I love your work so you’ll have to excuse me here but, if you view records from a US perspective then yes you are correct, but for other jurisdictions the lines you are drawing simply don’t exist in any practical sense.
1. “Information Governance is a discipline, not a tool” – RM is a discipline not a tool (Ref Shepherd & Yeo)
4. “RM works with a defined and agreed taxonomy and schedule. IG is perpetually juggling with overlapping policies, laws, cases, security, legal holds, costs and business demands.” RM is never as clean cut as that – increasingly “records” exist in multiple contexts so multiple and competing requirements, legal and business imperatives, storage requirements etc abound – and there is always a tradeoff even in a records purist world between a legal imperative (where they exist) and a business need
5. “IG scope includes all information sources….” – records in a modern sense do not exist purely in ‘EDRMS or ECM’ systems, they exist on your mobile phone as txt messages, in your social media applications, Sharepoint, CRM, ERP systems etc – hence the move to ensure “records held in business systems” are managed appropriately (ref ADRI)
6) “RM tends to accumulate all the information it manages in a centralised, controlled environment” That used to be the practice, largely borne out of the central file registry but that doesnt correspond to a modern way of working that is largely digital, more complex where records have multiple “component parts” (see note above). The days of ‘one RM system to rule them all” is a nonsense
8) “RM stakeholders are mostly records managers and/or compliance managers” Again – in the old days yes, but no longer – RM stakeholders are now Business Ops, Business Improvement, Legal, Compliance/Risk/Audit, the public, process owners, IT etc.
So sorry guys but in large part I will have to totally disagree with you 🙂
Hi Paula, many thanks for your detailed response. I don’t actually think you are disagreeing at all! You have clearly articulated the very issue that IG is trying to address: The scope of traditional RM is expanding to include a much wider information range and numerous new responsibilities. Where there is no separate over-arching IG strategy RM managers are, by necessity, expanding their reach to tackle the issues you are describing. Addressing IG as a strategic and much wider requirement, will stop over-stretching RM resources and will recognise the larger problem for what it is.
And your point about jurisdictional bias is also true: in The US RM or RIM is recognised as a full time activity and a professional qualification. In a lot of customers I work with, in the UK, RM is still managed as a part-time job or a sideline distraction from the core business, which makes it even harder to reconcile with the growing governance requirements. The net result is that most information just accumulates, unmanaged, and key critical or sensitive information is lost outside the visibility of any limited RM function.
It is interesting to read you Chris and Paula’s conversation. Hard to say agree or disagree with either one of you. I do agree Records Management or Information Governance need to distinguish themselves by establishing a better conceptual boundary among many other disciplines. As a records management professional, I feel I frequently need to borrow concepts from other disciplines, especially IT. The fluidity of concepts in the field of Records Management or Information Governance causes lots of confusions and may affect records management professionals’ professional identity formation. As a records management coordinator, I have touched many aspects within the territory of Information Governance defined by Chris. Although in my small role, I write policy, implement policy, provide training, monitor implementation, etc. We don’t always work within our central records management system with digital and physical records. We also manage emails, data bases, and backup data sets, certainly in collaboration with IT.
In short, within an organizational structure, ideally in my humble view, there should be a Chief Information Governance Officer (CIGO). Underneath CIGO, there should be IT Manager, Records Manager, and Chief Archivist. However, I am still debating whether Knowledge Governance is better than Information Governance.
Many thanks Bonnie, I agree with your comment. I believe that, for a while at least, whilst we don’t have a “proper” separate IG function in place RM is inevitably the most likely function to try and fill the gaps. I quite like the graph published recently by the IGI, showing the many facets of IG. It clearly illustrates that RM is only one part of IG, but nevertheless a dominant one.
Hi George
Like Paula I agree that RM is a discipline not a tool. The definition used in your article is much narrower than in other areas such as Australisia. Here the “RM continumn” includes both structured and unstructured information. RM defines all aspects of how structured (data) and unstructured (content) records are managed and they are ubiquitous.
Also the ambit of RM supports informed decision-making, provision of services now and in the future, assurance of accountability, and management of risk.
As Paula says RM is as much about good business, accountability, and risk as it about legal complaince. So is the challenge here rather to figure out how RM is a key enabler of or for IG?
Interesting discussion¡ RM -in broader sense “as continuum”- Could it have the same significance as IG? Theorethicaly, on the paper, on standars like ISO 30300 Yes…. but in the real company it is difficult because RM is usually far away of structured data governance. In my experience IG concept is more inteligible as Georges propose than RM and will include it
.
Long day and do not have an eloquent response – except to say I believe you have nailed it. I agree with your perspective on IG. Good job!
.
Thank you 🙂
Good post. I would add that information governance critically links to corporate governance. Corporate governance differs from corporate management because it also implies that the management considers ethical concerns and stakeholder interests beyond the walls of an organisation. Records management should be delivering on those concerns but with information governance that requirement is much more explicit.