Archive

Posts Tagged ‘information governance’

Stop comparing Information Governance with Records Management!

Information Governance has been all the rage in the ECM world in the last year. Chris Walker, Laurence Hart, James Lappin, John Mancini, Barclay T. Blair and many other writers whose opinions I respect, are all writing about it.

That, in itself, is a good thing: I’ve been an advocate of Information Governance for a while now [Data Governance is not about Data] and it’s good to see it taking a prominent (and permanent) position in IT dialogue.

As with any other IT topic however, the more we talk about it, the more vague it becomes, and the more confusing and overlapping the definitions get. One of the latest symptoms of this, is the recent dialogue (read these posts by James and Laurence) discussing where Information Governance (IG) sits with Records Management (RM).

The points they are making are valid, but I believe that the premise behind these conversation is fundamentally misplaced, and here’s why:

1)      Information Governance is a discipline, not a tool. The purpose of IG is to define all aspects of how information is being managed. The purpose of RM is to do the managing of some of that information.

2)      According to Corporate Governance and Oversight Council, the information kept under RM’s control represents less than 20% of the total information managed by an organisation. IG has responsibility for 100%, including the 20% managed by RM.

3)      RM is typically focused on the lifecycle management and protection of unstructured information, mostly documents. IG creates common policies that apply to both structured and unstructured information.

4)      RM works with a defined and agreed taxonomy and schedule. IG is perpetually juggling with overlapping policies, laws, cases, security, legal holds, costs and business demands.

5)      IG scope includes all information sources: The RM repositories, the other ECM repositories that are not RM platforms, all the SharePoint instances, the live email server(s), the email archive(s), the shared network drives, the personal network drives, the PST files, the data archive system, the notebook C: drives, the cloud drives, the detachable storage drives, those servers that came with the last acquisition and nobody quite knows what is on them, Jim’s old desktop, etc., etc.

6)      RM tends to accumulate all the information it manages in a centralised, controlled environment. IG does not have that luxury: It needs to assume that most information will be managed in its native environment (unless of course it’s information that should explicitly be moved to RM’s control).

7)      RM has a well defined function: store, classify, protect, secure and dispose of business records. IG has the function of telling RM what should and should not be protected, as well as determining security policies, disposition schedules, data protection risks, storage tier management, archive policies, data ownership, etc., for all other enterprise information.

8)      RM stakeholders are mostly records managers and/or compliance managers. IG answers to Compliance, Audit, Security, Legal, IT, Finance and Business Operations – a very different audience with often conflicting interests.

Trying to compare IG and RM is a bit like trying to compare Central Government (or Federal for my US friends) with a local school’s governing body. Both have something to govern, one takes direction from the other and… there the similarity ends. Neither one is a replacement for the other.

And I’ll finish on a separate but related bug bear of mine: Governance is about taking ownership, making decisions and setting rules. Management is about acting on the decisions, executing the policies and enforcing the rules. Therefore, Information Governance and Information Management are not the same thing and the two terms should not be used interchangeably!

Update: Read the follow up article to this, with some more detailed explanations and comments [Part 2]

Advertisements

Seven even deadlier sins of Information Governance

October 7, 2012 3 comments

Devin Krugly published a very interesting blog/article, describing the “The 7 Deadly Sins of Information Governance“. I enjoyed the article, and I can’t find anything to disagree with, but I have to admit that it left me wanting… The 7 sins presented by Devin are well known and very common problems that plague most Enterprise scale projects, as he points out within the article itself. They could equally apply to HR, supply chain, claims processing or any other major IT implementation. Devin has done a great job of projecting these pitfalls to an Information Governance program.

For me, however, what is really missing from the article is a list of “sins” that are unique to Information Governance projects. So let me try and add some specific Information Governance colour to the picture… Here is my list of seven even deadlier sins:

Governance needs a government. Information governance touches the whole of the organisation. It touches every system, every employee and every process. Decisions therefore that govern information, must be taken by a well defined governance body, that accurately represents the business, compliance, legal, audit and IT, at the very least. You cannot solve the Information Governance problem by throwing technology at it. Sure, technology plays a key part as an enabler, a catalyst and as an automation framework. But technology cannot determine policy, priorities, responsibility and accountability. Nor can it decide the organisation’s appetite for risk, or changes in strategic direction. For that, you need a governing body that defines and drives the implementation of governance.

Information does not mean data. I have talked about this in an earlier blog (Data Governance is not about Data). We often see Information Governance projects that focus primarily (or even exclusively) on transactional data, or data warehousing, or records management, or archiving, etc. Information Governance should be unified and consistent. There isn’t a different regulator for data, for documents, for emails or for tweeter messages. ANY information that enters, leaves or stays in the organisation should be subject to a common set of Governance policies and guidelines. The technical implementation a may be different but the governance should be consistent.

It is a marathon not a sprint. You can never run an “Information Governance Project”. That would imply a defined set of deliverables and a completion point at some specific date. As long as your business changes (new products, new suppliers, new customers, new employees, new markets, new regulations, new infrastructure, etc.) your Information Governance needs will also change. Policies will need revising, responsibilities will need adjusting, information sources will need adding and processes re-evaluating. Constantly! If your Information Governance project is “finished”, frankly, so is your business.

Keep it lean and clean. Information governance is the only cure for Content Obesity. Organisations today are plagued by information ROT (information that is Redundant, Outdated or Trivial).  A core outcome of any Information Governance initiative should be the regular disposal of redundant information which has to be done consistently, defensibly and with the right level of controls around it. It is a key deliverable and it requires both the tools and the commitment of the governing body.

Remember: Not who or how, but why Information Governance projects often get tangled up in the details. Tools, formats, systems, volumes, stakeholders, stewards, regulators, litigators, etc., become the focus of the project and, more often the not, people forget the main driver: Businesses need good, clean and accessible information to operate. The primary role of Information Governance is to deliver accurate, timely and reliable information to the business, for making decisions, for creating products and for delivering services. Every other issue must come second in priority.

The ministry of foreign affairs. The same way that a country cannot be governed without due consideration to the relationship with its neighbours, Information Governance does not stop at the company’s firewall. Your organisation continuously trades information with suppliers, customers, partners, competitors and the wider community. Each of these exchanges has value and carries risks. Monitoring and managing the quality, the trustworthiness, the volume and the frequency of the information exchanged, is a core part of Information Governance and should be clearly articulated in the relevant policies and implemented in the relevant systems.

This is not a democracy, it’s a revolution. Implementing Information Governance is not an IT project, it is a business transformation project. Not only because of its scope and the potential benefit and risk that it represents, but also because of the level of commitment and engagement it requires from every part of the organisation. Ultimately, Information Governance has a role in enforcing information quality, regulatory and legal controls, and it is contributing to the organisation’s accountability. The purpose of on Information Governance implementation is not to ensure that everyone is happy and has an equal voice on the table. The purpose is to ensure that the organisation does the right thing and behaves responsibly. And that may require significant cultural change and a few ruffled feathers…

If you don’t already have an Information Governance initiative in your organisation, now is the time to raise the issue to the board. If you do, then you should carefully consider if the common pitfalls presented here are addressed by your program, or if you are in danger of committing one or more of these sins.

%d bloggers like this: