Information Governance Is Good Business
It's no secret that the volume of information is increasing significantly, continuing on an exponential growth path. Forward-thinking organizations are recognizing critical business information as a corporate asset that needs to be protected and cost-effectively managed to maximize value and minimize risks and costs. In fact, 60% of IT security decision makers will make establishing or implementing a formal information risk management framework a top priority this year, according to a recent Forrester Forrsights Security Survey, Q2 2013.
As more is discovered about big data and the competitive advantages in understanding and utilizing enterprise information more effectively, corporate executives outside of IT are focusing on information governance. At its heart, information governance is about effectively using and managing an organization's information assets to derive maximum value, while minimizing information-related risks and costs. It applies to all corporate information, both structured and unstructured, and ranges from content on file systems and email to information within productivity and line-of-business systems, on Web, social and mobile environments.
Don't Wait for Something to Happen
Information governance is often driven by the legal and compliance executives in an organization, and the aspects of legal risk, compliance to regulations, and electronic investigation are paramount. Elements of security, efficiency and cost are key factors for the technology groups. All of this must come together with key business objectives, such as increased competitiveness, agility and profitability.
While information governance is something on the minds of many innovative CIOs and business leaders, it often takes a compelling event to drive them to take action. Organizations that have faced a major lawsuit or experienced the e-discovery process with disparate systems often struggle to identify critical information within their systems, uncovering masses of duplicate and sometimes irrelevant data. The cost and business disruption factors from these situations often drive action on information governance initiatives.
While it's clear that there is good reason to focus on information governance, many organizations do not believe they have reached a significant level of data maturity to start implementing an information governance strategy. But now is the time to act—not in the midst of an investigation.
The key goals of information governance programs include savings on storage and infrastructure, unimpeded knowledge sharing and the ability to respond quickly to investigations of all types. Consider how hard it would be to realize these gains if the systems implemented for information governance spanned only one or a handful of departments and projects.
Storage and infrastructure costs are perhaps the easiest benefits to achieve with any system implementation, especially one that spans the full organization. Archiving technology ensures that content is stored only once and access provided to it from within systems and environments. The storage and infrastructure savings are multiplied with each content source that is brought under governance.
Information governance policy must be defensible in order to pass audit and legal review. When organizations have disparate systems and no overall governance, content deletion becomes very difficult and is seldom carried out effectively. Before content can be deleted it must be understood and the corporate value of it assessed. Organizations that do not have complete governance in place are faced with either keeping everything (the most common approach) or deleting content without being clear about the consequences. The route to avoiding this is defensible deletion, which can be done when content is brought under governance, understood, classified and then managed consistently.
Do Costs Outweigh Consequences?
When it comes to mitigating risks, one of the most important questions to ask is: "What's the cost of doing nothing?" No real risk can be mitigated to a 0% likelihood of occurring and some risks are 100% likely to happen. Organizations need to understand their risk profile and take an objective look at the likelihood of identified risks to occur and their impact when they do occur.
When crafting a risk profile, it's important to look at the organization as a whole, and to look at the different types of information individually. Not all information is created equally and consequently does not expose an organization to the same risk if lost or disclosed without authorization. Identifying information that, if lost or disclosed, would cause nothing more than a minor nuisance prevents organizations from expending resources where there is little appreciable gain.
Information governance is not just about complying with regulations and minimizing risk. It's also about maximizing the value of the information to create a good, profitable business. It applies to all enterprise information, regardless of format, function, or location. Of course, information governance helps to minimize legal liability, secure sensitive information and reduce unnecessary expenses. But it's really about treating information as a strategic asset. Properly and holistically applied, information governance improves a business.
OpenText is a leader in enterprise information management (EIM). To learn more about information governance, visit
www.opentext.com/infogov