August 16, 2011
By Pierre Van Beneden Chief Executive Officer, RSD
Article

Information Governance: Records Management (Finally) Grows Up

In today's business environment, corporate lapses in the management of business-related information can cost a company millions in penalties and even more in damage to brand image.

Information governance (IG) is the most recent winner of buzzword bingo in this area. IG promises to mitigate risks, reduce costs and ensure that information assets are systematically "looked after" in a compliant, sustainable and economical manner.

Information governance enforces desirable behavior for the creation, use, archiving and deletion of corporate information throughout the enterprise and across multiple jurisdictions. It outlines corporate standards for managing information, and ensures that the company adheres to the plethora of global and local regulations. More than just a way to manage records retention and disposition (traditional records management), an IG program includes business processes and information lifecycle practices. It incorporates data privacy attributes, e-discovery requirements, storage optimization and metadata management.

Like so many initiatives, IG is straightforward... but not that simple. The traditional approach to records management and its associated tools, has failed to keep pace with growing requirements. Records management applications have so far focused on performing the retention and disposition processes and procedures in accordance with the policies defined within the records retention schedules.

These legacy solutions were not designed to accommodate the multitude of lifecycle milestones that new regulations and business requirements impose on records during their potentially decades-long lifecycle:

Security declassification;
Lifecycle of data privacy controls;
ILM controls from an IT perspective;
Lifecycle of metadata; and others.

To fix the short-comings inherent in records management technology is beyond the ken of most IT departments. Instead, they need to adopt IG solutions that address the business challenges at the intersection of the two trends-explosion of content and the expansion of regulations and business requirements.

The Information Governance Program

Before attempting to apply technology to this problem, organizations must develop overall IG strategies. These strategies must be also aligned with IT reality and cost constraints. These strategies must be enterprisewide in scope and should be supported by tangible and established IG programs.

Once an organization defines its IG strategy, it needs to create a program with a well-defined set of stakeholders, policies and procedures. The program's objectives are to advance the corporate compliance agenda, mitigate risks and improve the value of information. The tactics of the program consist of applying "legally defensible" governance controls over corporate information throughout its lifecycle.

A good place to start is to expand the RM program by introducing global scope (multi-jurisdictions) and more encompassing lifecycle policies.

IG policies populate a corporate master classification of functional record classes where each record class is associated with comprehensive lifecycle policies that cover retention and disposition, data privacy, security declassification, IT-centric integrated lifecycle management, and many other facets. The policies must cater to the needs of various jurisdictions.

Thinking Outside the Box

Due to their wide scope and global reach, it no longer stands to reason that corporate IG programs should be executed manually. The programs need to be supported by technology designed to deal with the challenges facing large enterprises, namely:

Massive amounts of corporate information, on the order of thousands of terabytes;
Wide range of content forms and formats, such as unstructured documents (Word, PDF, etc.); semi-structured documents (email); highly structured, high-volume reports that are produced by corporate back-office systems;
Scattered content across applications and platforms; and corporate information business applications, systems, content repositories and archives, distributed across multiple platforms (mainframes and open systems) and to shared and local drives. Note: consolidation into centralized repositories is in most cases not legally possible (due to jurisdictional restrictions), nor is it justifiable, desirable or even necessary; and
Diverse legal and regulatory compliance requirements.

The traditional RM tools that we find embedded within enterprise content management (ECM) applications are not well suited to these above challenges. They were designed for an older era when the problem was simpler, significantly smaller in size and scope and when the risks of failure were not as high.

Applying governance to corporate information at the enterprise scale requires a level of functionality that goes beyond what is typically found in RM applications, such as:

Repository-agnostic IG policy development;
Repository-agnostic lifecycle management modules which implement jurisdiction-specific policies;
Integration connectors to enable governance lifecycle actions on content in-place; and
Dashboards to report back to the stakeholders about key performance and key risk indicators of the program.

A number of large organizations have reached similar conclusions and actually attempted to build such solutions themselves. Others have, for obvious reasons, decided to wait until commercially available solutions emerge on the market. A couple of small vendors have built standalone policy-development applications with the objective of integrating them with the RM modules of ECM solutions.

Governance solutions built this way tend to be hard to put together, expensive to operate, lack in agility and are difficult to sustain in the long run.

Despite these challenges, these efforts are clear evidence of where the market is going.

Commercially Available IG

The fortunate thing about technology is that innovation always seems to emerge to challenge the status quo.

There is no reason to assume that the current state-of-the-art of IG will remain stationary. In fact that state-of-the-art has already started to evolve from the basic IG strategies concept, to IG programs, and finally to commercially available enterprise-grade IG platforms. These platforms deliver the enterprise-grade governance functionality using seamlessly integrated, yet loosely coupled, modules.

IG policy management: Corporate stakeholders use the IG policy development module to create and maintain a corporate master classification of record classes along with governance policies that cover multiple facets of the information lifecycle (compliance, privacy, IT, etc.). This module incorporates an internal library of laws and regulations with direct linkage to record class definitions (citations). The IG policies themselves are expressed in digital format—itself a breakthrough from the status quo for many organizations where these policies are managed in human readable form only.

Free

for qualified subscribers

Subscribe Now Current Issue Past Issues

KMWorld 2024 Is Nov. 18-21 in Washington, DC. Register now for Super Early Bird Savings!

Information Governance: Records Management (Finally) Grows Up

The Information Governance Program

Thinking Outside the Box

Commercially Available IG

How Knowledge Graphs Make Generative AI Consumable in Enterprise Environments

Building a KM Foundation for Enterprise AI

TRANSFORMING ENTERPRISE KNOWLEDGE: THE JOURNEY TO SAFE, SECURE, AND TRUSTWORTHY AI

More

Intelligent Content Management: Game-Changing Technologies and Strategies

Optimizing LLMs with RAG: Key Technologies and Best Practices

What's Ahead in Search: AI, NLP, Knowledge Graphs, and More

Rethinking KM for Agility, Efficiency, and Innovation

More Webinars