Archive

Posts Tagged ‘infogov’

Nightmare definitions: What is Information Governance?

Some concepts are extremely difficult to articulate succinctly. Not because we don’t understand them, but because they are just too complex. I believe H.L. Mencken said: “For every problem, there is a solution that is simple, elegant and wrong”.

Take the example of Enterprise Content Management. A 25-year old industry and a multi-million software market. Every few months, we will invariably have another debate on what the correct definition should be, what it encompasses, if the name should be changed, how it overlaps with other terms, etc. etc. Yet, most people understand pretty well what it is.

Enter… Information Governance

If you haven’t yet, please read Barclay T. Blair’s ebook: “Making the Case for Information Governance”. It is an excellent summary of some of the reasons why Information Governance (IG) is important to an organisation. The ebook focuses more on the rationale behind its existence, and much less on its structure and scope. The ebook also reviews some of the existing definitions of IG, by The Economist and by AIIM and proceeds to explain their salient points.

More recently however, BTB presented IG Initiative’s attempt to create a simpler definition, validated by a popularity poll and summarized in an attractive infographic:

Information Governance is: The activities and technologies that organizations employ to maximize the value of their information while minimizing associated risks and costs.

I have to be honest and say that I don’t like that definition. 99% of people would agree that “Fruit is nutritional, affordable and refreshing, and reduces health risks”. That may be a true statement, but it does not make it a good definition of what a fruit is! Ok, I am being facetious, but my point is: The broader the definition the less accurate it is and the less value it adds. The IG Initiative definition above, is both too wide (e.g. analytics and collaboration are used to maximise information value, but they are not in themselves IG tools), and incomplete (e.g. governance involves the people, not just activities and technologies; compliance is another key driver, alongside cost and risk). In my view, this definition, by itself, falls short.

I have to mention that several other people have attempted definitions of IG, and each one has its merits. The one offered by Wikipedia is not too bad, and there are others by Debra Logan at Gartner, IBM, and many other vendors.

Personally, I would err on the side of a slightly longer but more comprehensive definition, that combines the ones mentioned in the ebook and the new one by IG Initiative. Here is my offer:

Information Governance is a framework of people, principles, processes and tools, that defines why, when and how information is managed within an organisation, in order to maximise its value, fulfil obligations, reduce costs and reduce risk.

I would be very interested to hear your feedback on this.

Whichever definition you choose to use however, BTB makes a very valid point in his blog: “the definition you use is less important than having a common understanding among your IG team”. And you will probably need a lot more than 145 characters to achieve that!

Stop comparing Information Governance with Records Management!

Information Governance has been all the rage in the ECM world in the last year. Chris Walker, Laurence Hart, James Lappin, John Mancini, Barclay T. Blair and many other writers whose opinions I respect, are all writing about it.

That, in itself, is a good thing: I’ve been an advocate of Information Governance for a while now [Data Governance is not about Data] and it’s good to see it taking a prominent (and permanent) position in IT dialogue.

As with any other IT topic however, the more we talk about it, the more vague it becomes, and the more confusing and overlapping the definitions get. One of the latest symptoms of this, is the recent dialogue (read these posts by James and Laurence) discussing where Information Governance (IG) sits with Records Management (RM).

The points they are making are valid, but I believe that the premise behind these conversation is fundamentally misplaced, and here’s why:

1)      Information Governance is a discipline, not a tool. The purpose of IG is to define all aspects of how information is being managed. The purpose of RM is to do the managing of some of that information.

2)      According to Corporate Governance and Oversight Council, the information kept under RM’s control represents less than 20% of the total information managed by an organisation. IG has responsibility for 100%, including the 20% managed by RM.

3)      RM is typically focused on the lifecycle management and protection of unstructured information, mostly documents. IG creates common policies that apply to both structured and unstructured information.

4)      RM works with a defined and agreed taxonomy and schedule. IG is perpetually juggling with overlapping policies, laws, cases, security, legal holds, costs and business demands.

5)      IG scope includes all information sources: The RM repositories, the other ECM repositories that are not RM platforms, all the SharePoint instances, the live email server(s), the email archive(s), the shared network drives, the personal network drives, the PST files, the data archive system, the notebook C: drives, the cloud drives, the detachable storage drives, those servers that came with the last acquisition and nobody quite knows what is on them, Jim’s old desktop, etc., etc.

6)      RM tends to accumulate all the information it manages in a centralised, controlled environment. IG does not have that luxury: It needs to assume that most information will be managed in its native environment (unless of course it’s information that should explicitly be moved to RM’s control).

7)      RM has a well defined function: store, classify, protect, secure and dispose of business records. IG has the function of telling RM what should and should not be protected, as well as determining security policies, disposition schedules, data protection risks, storage tier management, archive policies, data ownership, etc., for all other enterprise information.

8)      RM stakeholders are mostly records managers and/or compliance managers. IG answers to Compliance, Audit, Security, Legal, IT, Finance and Business Operations – a very different audience with often conflicting interests.

Trying to compare IG and RM is a bit like trying to compare Central Government (or Federal for my US friends) with a local school’s governing body. Both have something to govern, one takes direction from the other and… there the similarity ends. Neither one is a replacement for the other.

And I’ll finish on a separate but related bug bear of mine: Governance is about taking ownership, making decisions and setting rules. Management is about acting on the decisions, executing the policies and enforcing the rules. Therefore, Information Governance and Information Management are not the same thing and the two terms should not be used interchangeably!

Update: Read the follow up article to this, with some more detailed explanations and comments [Part 2]

%d bloggers like this: