Introduction to Governance
Information governance (IG) is a holistic, organization-wide framework that ensures that companies have complete and accurate information necessary for their operations and that this information is managed securely and used as a valuable strategic asset. All organizations rely on and continuously refer to business information in their daily operations. For companies operating in regulated industries, the situation is more complex because they need to store some of this business-critical information for years in order to ensure compliance with regulations, as well as other duties and responsibilities. This is why it’s vital for them to commit to managing their information throughout its lifecycle and ensure security and control of information while maximizing its value to the organization.
Why Implement Governance Policies
Information governance is a super-discipline that encompasses other very similar concepts such as regulatory compliance, record management, information security, eDiscovery, risk management, business intelligence etc.
If implemented properly, governance policies and procedures can:
- improve the way companies store, access, use, manage, archive and dispose of their enterprise information,
- help with legal compliance and reduce eDiscovery costs,
- increase operational transparency and streamline management,
- improve staff efficiency and productivity,
- reduce the cost of storing and handling electronic information and
- improve content analytics and help get insight from enterprise information.
Five Steps to Better Information Governance
Think about all the electronic information in your organization. Do you know where everything is stored? Is there backup? Do you know who’s in charge of what information?
The rate at which new information is being created is rocketing, with 90% of all the data in the world generated over the last two years. When it comes to companies, an increasing amount of enterprise information (80%) originates in an unstructured form. Unstructured data is mostly textual data that’s used on a daily basis in any business and any industry – email, email attachments (word files, PDFs, spreadsheets, images), social media content, instant messages, voicemail, phone calls, text messages etc.
This information is typically scattered across various servers, PST files and your entire organization, which makes it very difficult to control and use proactively. In addition, employees often create, access and manage business information from personal devices. To contain this vast amount of information, you first need to create a data map and identify the types of data in your organization, including the legacy content that’s stored in old systems.
Evaluation and Discovery
Having created a data inventory and documented the types of data in your enterprise, you should next evaluate your current information management practices and identify room for improvement. The next step is to analyze your enterprise information, delete duplicates, clean old files and devise a plan on how to mitigate the exposure of private, protected or sensitive information. Make sure you identify and document the exact locations of all unstructured data, and don’t forget to include external hard drives, personal computers and mobile devices.
Security and Archiving
Information security and archiving technology are crucial pieces in the governance puzzle. In order to be prepared for litigation and stay in compliance with various state and industry regulations, companies need to ensure that all enterprise data is accurate, authentic, available and protected.To be ready for #eDiscovery and ensure compliance, companies need to know that all #enterprise #data is accurate, authentic, available and protected. Click To Tweet
Information availability and protection are two seemingly opposite, even conflicting organizational notions, and it’s one of the goals of information governance to unite and create balance between the two. Enterprise information is an asset, so decision-makers and corporate strategists need to be able to extract value from information. However, information can easily become a liability, so they also need to reduce the potential risks associated with it. Unfortunately, both this business value and risks are often unknown or unmanaged.
To establish proper information security and decrease the risk of enterprise information being breached or lost, organizations need to have a clear idea of which members of staff have what levels of access to data and establish supporting technologies that facilitate data retention and management.
Governance technology heavily relies on enterprise information archiving solutions, which can be an on-premise appliance or a cloud-based solution that automatically obtains emails, attachments, social media posts, text messages and other mobile content together with its metadata. To minimize the risk of data breaches, it is generally advised that all unstructured enterprise data be kept in-house. The archiving software indexes and stores this information in an inalterable, tamper-proof format for a specified period of time, but has special features that allow users to search and retrieve huge volumes of data incredibly fast.
The benefits of implementing a governance solution are manifold. Firstly, an archiver will help you achieve regulatory compliance and eDiscovery because it prevents endless data accumulation and allows you to customize retention periods and expunge data automatically once the defined retention periods expire. Customizable user roles and permissions help you to restrict access and prevent information from being altered, tampered with or deleted. Secondly, you’ll be able to unite all your information, even legacy information, social media or mobile messages into a comprehensive, all-in-one repository. This means that you’ll never have to look any further if you need to locate or retrieve any corporate communications and you won’t need to invest any effort into deduplication, as it will be done automatically.
Although an archiving solution will considerably decrease the effort you’ll need to invest in managing your records, you’ll still need to devise and adhere to an information retention and management policy as the foundation of your archiving and governance process. It’s a framework that needs to definehow email, social media, mobile content and other unstructured data will be managed. You should know how you’ll be dealing with personal and sensitive data, how to organize, retain and dispose of it. It also needs to include things like backup and, most importantly, be aligned with all relevant regulations and applied to all levels of your organization.
However, no governance strategy should stop at implementation. To stay on top of your enterprise information throughout its lifecycle, you’ll need to preach and continually revise your policy. In other words, you need to understand governance as an ongoing project, be dedicated to monitoring and improving your policies and procedures on a regular basis and stay up-to-date with regulations.
Finally, a good, holistic archiving solution will also allow you to leverage these enormous amounts of archived information through content analytics, let you extract business value from the data you store, help you learn about your organization and detect potential problems before they escalate.