Information Governance Gets Respect
Ever get a song stuck in your head? Talking about information governance with experts in the field, I suddenly found myself reminded of Aretha Franklin’s classic Respect. In the back of my mind, she was spelling out R E S P E C T in that incredibly strong voice of hers as background music to my thoughts about how attitudes toward information governance have changed. Just like Aretha requested, information governance is getting a lot more respect these days, both when it gets home and when it’s at the office.
And why would that be? Information governance is hardly a new concept. Gaining control over internal information has long been an important activity. However, too frequently it had low priority and inadequate resources. Now that companies are realizing the value of protecting information, it is seen as a crucial part of business strategy. This is particularly true of regulated industries, such as finance, insurance, energy, and pharmaceuticals.
The Information Governance Initiative (IGI; iginitiative.com) is widely credited with moving the discipline forward. It has legitimized information governance as a free-standing business exercise, distinct from enterprise content management (ECM). It is not seen as synonymous with information security but the two are most definitely related—or perhaps joined at the hip is a better way to phrase it.
Components of Information Governance
But what do we mean by the term information governance? Everteam’s Ken Lownie points out that the definition of information governance is far from set in stone. It encompasses a number of different functional areas, including records management, information security, knowledge management, big data, and data science.
Lownie identifies five core capabilities of information governance:
- Connecting to every piece of content and data within the organization
- Discovering information by analyzing content, cleaning it up, eliminating duplication, and migrating to secure repositories
- Archiving content with an eye toward how long it should be retained
- Managing information to ensure legal compliance
- Analyzing content across the enterprise, providing advanced search capabilities
Cleaning Out the Garage
To find out more about Everteam’s take on information governance, I spoke with Firas Raouf, the company’s CEO. He likens it to the laborious task of cleaning out your garage. It’s a task people tend to put off. It’s very easy to put things into your garage, things you’re not sure what you want to do with long term but you’re not sure you should throw away. Maybe, just maybe, you’ll need that old item some day. And so you keep it, along with other “stuff,” until you can no longer park your car in your garage. You know there’s 10 things you definitely need to keep, but you can’t find them amidst all the clutter. When the amount of stuff becomes overwhelming, you know it’s time to apply information governance techniques—although you probably won’t call it that.
The principle of keeping information stored just in case you might need it in the future is not a good idea. In fact, it’s not really a principle of information governance. Best practices in information governance stress having rules to guide you in determining what to keep, what to discard, and when to take action. Take that software you bought years ago when it was the latest and greatest. But now it’s old and tired. It’s not just you: Most organizations have software that hasn’t been updated. “Old software never dies,” commented Raouf. “It becomes entrenched, with tentacles everywhere. It’s hard to convince people to throw it out and to find the budget to justify replacement.”
Raouf recommends against telling people they need to implement information governance because they’re not likely to understand information governance as a category. Instead, ask them about their pain points. It might be archiving legacy operations, mitigating storage costs, or migrating to the cloud. By focusing on pain points, you can start small, with one application.
Everteam’s approach is to focus on the pain point and bring in information governance concepts. For example, add retention schedules to the metadata. This can be easier said than done. Raouf once asked a customer about his company’s retention policy and was told it was “keep for 10 years then discard.” His next question was if the destruction process was managed. No, it wasn’t. Raouf concluded that meant the company did not actually have a retention policy.
Hacking is on many people’s minds, thanks to highly publicized events from retail stores to entertainment companies. Thus, information security is a growing concern for companies who don’t want to be the next victim. Can you completely prevent attacks? Raouf thinks not, but you can certainly take steps to minimize risk and be less vulnerable. The amount of information being stored has increased exponentially. But it’s not only the volume that makes enterprises vulnerable from a security standpoint, but also the failure of a centralized command and control mentality. Raouf estimates that today, with all the different places where information can reside, 80% could be outside the ECM system. That makes it difficult to regulate and manage. Not only that, says Lownie, ECM platforms are over 20 years old and the information governance piece of it is frequently “an afterthought.”
You can’t clean out your garage, which you’ve been filling up for years, in one afternoon. You can’t set up an information governance program that effectively solves every problem on a short timetable, either. Get the CFO to acknowledge the problem, start small, and take it one step at a time is Raouf’s advice.
Value and Risk
When considering risk, it’s the hackers who command attention. But that’s not a company’s only vulnerability. As Robert Cruz, Senior Director of Information Governance for Actiance, Inc., explained when I talked with him, the value of information governance in mitigating risk lies in managing the many communication channels that exist. He’s adamant that, although email is not going away, there are probably 150 other ways people are communicating. Particularly in the financial services industry, those communication channels are being scrutinized by regulatory bodies.
Employees may not even think about some of those communication channels as being work-related. They send an email to a colleague in the same company. That is clearly work-related. They text to the same colleague. They probably recognize that the text is work-related. They make a phone call. Yes, work-related. But what about social media? What about new tools and evolving networks? What about videos and app sharing? What about communication tools like WhatsApp? Given that people may shift from one communication tool to another in the middle of discussing the same topic, it’s a complicated relationship.