Information is the lifeblood of any modern-day business. Companies succeed and falter based on the reliability, availability and security of their data. A company's capacity to handle information depends upon a variety of factors, including engaged executives and a company culture that supports collective ownership of information.
However, strategically created enterprise-wide frameworks that define how information is controlled, accessed and used are the most critical elements in a successful information management program. This framework is information governance.
Information governance is the set of policies, procedures, processes, roles, metrics, and controls implemented to manage information on all media in such a way that it supports an organization's immediate and future regulatory, legal, risk, and operational requirements. It treats information as a valuable business asset and ensures the effective and efficient use of information in enabling an organization to achieve its goals. Information governance is a holistic approach to managing corporate information.
Organizations with good information governance know the who, what, when, where, why and how of their information:
- What is this information?
- Who has access to this information?
- When was this information created or processed?
- Where is the information stored?
- What information is being retained?
- How long it is retained?
- How is this information being protected?
- How policies, standards, and regulations are enforced?
The goal of a holistic approach to information governance is to make information assets available to those who need it, while streamlining management, reducing storage costs and ensuring compliance. This, in turn, allows the company to reduce the legal risks associated with un-managed or inconsistently managed information and be more agile in response to a changing marketplace.
When a company fails to manage their information properly, it puts itself in jeopardy of violating compliance rules, damaging its brand equity, and paying hefty fines.
To implement or strengthen an information governance consider the following:
- Define procedures, processes, and controls with users feedback. When they participate in the creating processes and procedures, they will agree with them.
- Be clear at the outset about roles, responsibilities and accountability across the organization. Establish a central governance body with decision-making authority and cross-functional and geographic representation. Committees should plan to meet regularly and be sufficiently small and empowered to make decisions swiftly.
- Top-down support is critical to the success of any information governance strategy. Senior management should be briefed regularly on projects and progress related to information governance.
- Establish a formal and ongoing training to make employees aware of new policies and procedures and the reasoning behind them. Develop training sessions and annual governance refreshers to ensure that the entire organization is in-line with the information governance framework.
- Enforce standards with flexibility. While some policies and procedures should be universal, certain business units and regions may need some leeway when it comes to process particularities. They should be free to determine the best course of action within the overall governance boundaries.
The future of information governance will hinge on continually evaluating policies and adapting them as business priorities and market conditions evolve. Just as an effective corporate governance strategy can yield competitive advantages, effective information governance can turn information into a more consistent generator of business value.