However, strategically created enterprise-wide frameworks that define how information is controlled, accessed and used are the most critical elements in a successful information management program. This framework is information governance.
Information governance is the set of policies, procedures, processes, roles, metrics, and controls implemented to manage information on all media in such a way that it supports an organisation's immediate and future regulatory, legal, risk, environmental and operational requirements. It treats information as a valuable business asset and ensures the effective and efficient use of information in enabling an organization to achieve its goals. Information governance is a holistic approach to managing corporate information.
Organizations with good information governance know the who, what, when, where, why and how of their information:
- What is this information?
- Who has access to this information?
- When was this information created or processed?
- Where is the information stored?
- What information is being retained?
- How long it is retained?
- How is this information being protected?
- How policies, standards, and regulations are enforced?
When a company fails to manage their information properly, it puts itself in jeopardy of violating compliance rules, damaging its brand equity, and paying hefty fines.
To implement or strengthen an information governance consider the following:
- Define procedures, processes, and controls with users feedback. When they participate in the creating processes and procedures, they will agree with them.
- Be clear at the outset about roles, responsibilities and accountability across the organisation. Establish a central governance body with decision-making authority and cross-functional and geographic representation. Committees should plan to meet regularly and be sufficiently small and empowered to make decisions swiftly.
- Top-down support is critical to the success of any information governance strategy. Senior management should be briefed regularly on projects and progress related to information governance.
- Establish a formal and ongoing training to make employees aware of new policies and procedures and the reasoning behind them. Develop training sessions and annual governance refreshers to ensure that the entire organisation is in-line with the information governance framework.
- Enforce standards with flexibility. While some policies and procedures should be universal, certain business units and regions may need some leeway when it comes to process particularities. They should be free to determine the best course of action within the overall governance boundaries.