The key to information governance success: Start small
The company used Nuix's information governance technology to process 3.1 billion e-mails in six weeks and eliminate more than 75 percent of the messages as irrelevant or duplicated.
Value, risk and cost
Bassam Zarkout, CTO at information governance solution vendor RSD, says organizations should look at information as an intangible asset that has to be managed along three characteristics: value, risk and cost. "You have to balance those and align them and deploy a technology solution to support that," he says. "If I am running a nuclear power plant, for instance, my tolerance for risk is very low. We might have a Christmas card template for the organization and inspection reports of my nuclear power plant. I have completely different levels of risk tolerance for how these information assets are handled. I have to align my strategy about information with the nature of my business."
Once policies are in place, technology will allow you to deploy them. "In large corporations, we are talking about petabytes of data, and it can't require consolidating all that information in one place," Zarkout says. The system must be able to apply the policies to the data where it already resides.
Barclay Blair, a consultant and blogger, believes one of the problems with information governance is a leadership vacuum. In a recent blog posting, he noted that it is time for CIOs "to fundamentally re-examine their role in information governance, and concurrently, for organizations to seriously evaluate an expanded role for the CIO in information governance."
For instance, he noted that the CIO drives technology architecture and that information governance demands a clear and profound vision regarding the central role that technology and IT architecture play in information governance success. "Nobody is better positioned to provide this leadership than the CIO," wrote Blair, president of ViaLumina, which provides information governance consulting services.
Regardless of who leads the project, Diana says that person must get all the right people in the organization involved and get them comfortable with the idea: legal department, records management, IT and business line people. "Everyone needs to see what is in it for them," he adds," and how this will make their tasks easier."
AIIM survey on information governance: "not a pretty picture"
Early in 2013, AIIM used a Web-based tool to ask 548 members of its community about their progress on information governance. In an e-mail Q&A, KMWorld asked Doug Miles, head of the AIIM Market Intelligence Division, to interpret the results.
KMW: What does your most recent survey show about the relative maturity of information governance efforts?
Miles: It's not a pretty picture. Fifteen percent have an information governance policy in and working, 16 percent have done the work but it's not being enforced or audited, 33 percent are working hard on getting it done, and 22 percent are not taking it seriously at all. Of course, securing agreement on an information governance policy across a large organization can be difficult, and deploying the tools to make it happen even more so, but of real concern are those who put in all the hard work, and then it's not followed or enforced. The starting point for this is to train all staff on the policy, but the survey shows that most organizations don't allocate dedicated time for this.
KMW: Information governance requirements may take different forms depending on the industry and its internal business processes as well as regulatory compliance needs. Are there some industries that have made more progress than others?
Miles: The financial services sector would probably say it is the most regulated. When it fails on things like data privacy, there is significant fallout. Certainly they are ahead of others when it comes to reducing the amount of paper records and paper-based processes. Government is probably the area where the issues are understood but progress is slow.
KMW: What are some of the challenges to an enterprisewide information governance framework?
Miles: The challenge is in managing the volumes and setting out the records implications, particularly in areas like e-mail and social media. Automated classification probably offers the only hope for many organizations in getting a handle on their potentially important and discoverable information. The responsibilities clearly jump around between IT, records and compliance, and marketing, depending on the content, but less than 5 percent of those we surveyed have an information governance committee.
KMW: Enterprise content management and e-discovery software vendors often encourage information governance. Do most organizations do the policy work first and then look at which technology solution suits their framework?
Miles: Probably not! For a significant number of organizations, SharePoint has been the closest they have come to an information governance solution, and they almost certainly didn't set out with that in mind when they first deployed it. Having said that, when they do look to extend SharePoint into the records management area, it calls their policies and understanding into question, and they may seek external advice-and training-and they may conclude that a third-party addition to SharePoint, or a separate dedicated RM or e-discovery product is required for their needs.