Information governance

Information governance, or IG, is an emerging term used to encompass the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements.

Definitions of information governance

Because information governance is a relatively new concept, there is no standard definition as of yet. Gartner Inc., an information technology research and advisory firm, defines information governance as the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals. ^[1]

As defined by information governance solutions provider RSD S.A., IG enforces desirable behavior for the creation, use, archiving, and deletion of corporate information. ^[2]

To technology and consulting corporation IBM, information governance is a holistic approach to managing and leveraging information for business benefits and encompasses information quality, information protection and information life cycle management. ^[3]

Regardless of the exact wording, definitions of IG tend to go quite a bit further than traditional Records management in order to address all phases of the information life cycle. It incorporates privacy attributes, electronic discovery requirements, storage optimization, and metadata management. In essence, information government is the superset encompassing each of these elements.

History

Records Management and Information Governance

Records management deals with the retention and disposition of records. A record can either be a physical, tangible object, or digital information such as a database, application data, and e-mail. The lifecycle was historically viewed as the point of creation to the eventual disposal of a record. As data generation exploded in recent decades, and regulations and compliance issues increased, traditional records management failed to keep pace. A more comprehensive platform for managing records and information became necessary to address all phases of the lifecycle, which led to the advent of information governance. ^[4]

In 2003 the Department of Health in England introduced the concept of broad based information governance into the National Health Service, publishing version 1 of an online performance assessment tool with supporting guidance. The NHS IG Toolkit^[5] is now used by over 30,000 NHS and partner organisations, supported by an e-learning platform with some 650,000 users.

In 2008, ARMA International ^[6] introduced the Generally Accepted Recordkeeping Principles®, or GARP® ^[7] and the subsequent GARP® Information Goverance Maturity Model ^[8]. The GARP® principles identify the critical hallmarks of information governance. As such, they apply to all sizes of organizations, in all types of industries, and in both the private and public sectors. Multi-national organizations can also use GARP® to establish consistent practices across a variety of business units. ARMA International recognized that a clear statement of "Generally Accepted Recordkeeping Principles®" (GARP®) would guide:

• CEOs in determining how to protect their organizations in the use of information assets;
• Legislators in crafting legislation meant to hold organizations accountable; and
• Records management professionals in designing comprehensive and effective records management programs.

Information governance goes beyond retention and disposition to include privacy, access controls, and other compliance issues. In electronic discovery, or e-discovery, electronically stored information is searched for relevant data by attorneys and placed on legal hold. IG includes consideration of how this data is held and controlled for e-discovery, and also provides a platform for defensible disposition and compliance. Additionally, metadata often accompanies electronically stored data and can be of great value to the enterprise if stored and managed correctly. ^[9]

With all of these additional considerations that go beyond traditional records management, IG emerged as a platform for organizations to define policies at the enterprise level, across multiple jurisdictions. IG then also provides for the enforcement of these policies into the various repositories of information, data, and records.

Organizational structure

In the past, records managers owned records management, perhaps within a compliance department at an enterprise. In order to address the broader issues surrounding records management, several other key stakeholders must be involved. Legal, IT, and Compliance tend to be the departments that touch information governance the most, though certainly other departments might seek representation. Many enterprises create information governance committees to ensure that all necessary constituents are represented and that all relevant issues are addressed. ^[10]

Tools

To address retention and disposition, Records Management and Enterprise Content Management applications were developed. Sometimes detached search engines or homegrown policy definition tools were created. These were often employed at a departmental or divisional level; rarely were tools used across the enterprise. While these tools were used to define policies, they lacked the ability to enforce those policies. Monitoring for compliance with policies was increasingly challenging.

Because information governance addresses so much more than traditional records management, several software solutions have emerged to include the vast array of issues facing records managers. Some of these vendors include Open Text Corporation, RSD, HP’s Autonomy, EMC Corporation, and IBM.

One of the most widely used tools is the NHS Information Governance Toolkit used by over 30,000 organisations in England.

Laws and Regulations

Key to IG are the regulations and laws that help to define corporate policies. Some of these regulations include:

• The Foreign Account Tax Compliance Act, or FATCA ^[11]
• Payment Card Industry Data Security Standard, or PCI Compliance ^[12]

Guidelines

• MoReq2 ^[13]
• MoReq2010 ^[14]
• DoD 5015.2, or Design Criteria Standard for Electronic Records Management Software Applications ^[15]

IG In the News

Information governance was given national recognition in November, 2011 with a directive from President Obama to overhaul current records management processes within the government to encompass current needs more comprehensively. ^[16]

See Also

• National Archives
• Records Management
• Enterprise content management
• Data Governance
• Information technology governance
• Information security governance

References

1. http://blogs.gartner.com/debra_logan/2010/01/11/what-is-information-governance-and-why-is-it-so-hard/ Gartner definition]
2. http://www.rsd.com/en/products/rsd-glass RSD information governance definition
3. IBM Survey Report
4. http://www.arma.org/pdf/WhatIsRIM.pdf
5. http://www.igt.connectingforhealth.NHS.uk/
6. http://www.arma.org
7. http://www.arma.org/garp
8. http://www.arma.org/garp/metrics.cfm
9. http://www.arma.org/erecords/index.cfm
10. [http://www.law.com/jsp/cc/PubArticleFriendlyCC.jsp?id=1202533945005 ALM IG Overview}
11. http://www.irs.gov/businesses/corporations/article/0,,id=236667,00.html
12. https://www.pcisecuritystandards.org/
13. http://www.moreq2.eu/
14. http://moreq2010.eu/
15. http://www.archives.gov/records-mgmt/initiatives/dod-standard-5015-2.html
16. Presidential Memorandum – Managing Government Records

External links

ARMA International

ARMA International's Generally Accepted Recordkepping Principles

Gartner Information Governance

Forrester Research information governance blog

Barclay Blair Information Governance Definition

RSD Official Website

EPA 10 Reasons for RM