If You're Not Sure What Information Governance Is, This Is For You
Not sure exactly what Information Governance is and how your organization should be addressing it? Join the club. In its most simplistic definition, it is the security, control, and optimization of information. Sounds simple right?
Digitally stored information is a new thing but it’s just the natural evolution of how humans keep data. Computers have been in common use since the 80s, but the principles to guide us on how to treat digital information are very recent. In 2008, ARMA introduced the Generally Accepted Recordkeeping Principles and Information Governance was just starting to be a concern for organizations.
Has your organization got Information Governance under control?
To assess if you have everything under control, ask yourself these five questions:
Who can access our data?
What information do we save?
When should we delete it?
Where is my data being stored?
How do we audit everything?
Want to know more about auditing? Talk to an expert!
Information Governance - A bedtime story
To illustrate the impact information governance can have, here is a little story:
In a kingdom near you, a librarian does not use any type of classification to keep track of books. New books are just placed on the nearest available shelf. The library also has no doors, so people steal books whenever they want. One morning, a particular volume is requested by the king. The librarian realizes that he does not have the slightest idea where it could be, or even how to recognize it. He has to spend a tremendous amount of time to locate it because he must use a process of elimination. Every book has to be read to be judged relevant or not when simple indications about the content in an index would have done the trick. As he's searching, he learns that his own staff has lent or destroyed important books, either by mistake or intentionally. The librarian had no way to know which books are missing because he did not have a complete list of all the volumes in the first place. As a result, the librarian is sanctioned by the king, and the most important knowledge in the kingdom can’t be leveraged. It hasn't been found on time and might be lost forever.
But it's not really a fairy tale, it’s the real world
This may seem a bit fantastical, but it's the kind of thing that happens to electronically stored information every day.
The library is a company
The books are electronic records
The king’s request is a compliance audit
The librarian looking for a book is an IT guy looking for precise data with no tools
The missing doors are a weakness in a network's security
The library staff lending books to people they shouldn't are employees leaking information
The failure to produce information in a timely manner is a business liability
...and the list goes on, but you get it.
Information Governance means knowing what data you store and how to find it
Organizations have to know the kind of information they store, for reasons as simple as not duplicating efforts creating documents that already exist, or as critical as ensuring a data breach would not be harmful. Organizations need to know where their valuable data is in order to protect it and use it. They need the ability to keep track of who has access to it and reads it. Their end users have to be taught how to behave with it. Every data type should be retained and disposed of according to their business value. This is Information Governance’s purpose. Value of information is maximized, risk and cost are minimized.
There is so much more simplicity in preventing than recovering.
“An ounce of prevention is better than a pound of cure” –Benjamin Franklin