Information governance (IG), that often elusive concept that quickly became a buzzword in meeting rooms around the globe, can best be defined as a holistic approach to managing corporate information.
Don’t worry. In this blog post, we’ll dive into the complexities of information governance, in particular:
- Why is information governance important?
- Why is email management at the core of information governance
- Why you need to prioritize information governance to ensure compliance
Why is information governance important?
IG is a super-discipline that covers people, technology and processes. It ensures that business information is handled, managed and stored in accordance with corporate standards and best practices.
To make things even more complex, it’s often difficult to determine where information governance ends and other, similar concepts like information management, compliance or business intelligence begin.
|INFORMATION GOVERNANCE||INFORMATION MANAGEMENT|
|Information governance is an overarching strategy for information in an organization. Its main goal is to allow organizations to maximize the value of corporate information (now mostly electronically stored information) and use it as a business asset.
A good information governance strategy allows you to work in line with regulations and eliminate potential costs and legal measures against your business due to missteps in managing your information. It essentially balances the value and risk of each piece of information.
Various stakeholders should be included in your information governance efforts, including legal, compliance, IT, and records management teams.
|Meanwhile, information management is how you manage the entire information cycle (i.e. how you collect information, how you classify it, how you store it, how you disseminate it, who has access to it, how you archive it, how you dispose of it, etc.).
Information management also serves to determine which information is relevant for your business goals and which isn’t.
The benefits of information governance
- meet regulatory compliance and reduce ediscovery costs
- reduce costs associated with fines and litigation
- boost staff productivity and efficiency
- improve the way they store, access, use, manage, archive and dispose of their enterprise information
- increase operational transparency and streamline management
- reduce the cost of storing and handling electronic information and
- improve content analytics and help get insight from enterprise information.
In addition, information governance is also important because it reduces risks associated with poorly managed unstructured data and the costs of storing enterprise information.
A holistic, IG-based approach to IT means a more focused and balanced method of working with the IT department, adding an emphasis to integrating its functions throughout a company.
While every department plays a part in a holistic strategy, the IT team still has to be a major presence for everything to work smoothly. With good governance comes stronger compliance and security efforts. While this approach requires a leaving of the comfort zone for staff, it pays off for the company as a whole.
Where to begin with information governance?
Begin with what you use the most and what you know best ‒ your email.
Streamlining email management should be at the top of your list of information governance priorities. Why?
Because despite the indicators that alternative communication channels (such as instant messaging apps and social media) are taking over, email still reigns supreme as the number one communication medium in both large and small-to-medium enterprises.
It is estimated that 75% of business-critical information resides in your email.
So, if you take good care of your email, you will take good care of the majority of your business records. It (still) has the largest impact on your business operations.
What if your employees delete some of these emails in an inbox-cleaning spree? What if there’s evidence of fraud or employee misconduct that you can’t detect because you don’t have the proper tools? What if you have terabytes of email data that you suddenly have to move?
With 77% of information governance professionals admitting that their organization has trouble with email compliance, it is crucial for businesses to be able to provide definitive answers to these questions.
Why is email a major focus area for information governance?
Recent years have brought the rapid and progressive growth of email traffic, putting pressure on companies to handle their email communication and storage space with much more care than before.
Facing problems with inbox overload, regulatory compliance and lack of storage space, most companies do a poor job of maintaining their email integrity and efficiency and continue using email servers as storage solutions.
However, an obvious and major downside to email is that it clogs your email servers.
The volume of information we send and receive via email soon starts to accumulate and overwhelms our inboxes, significantly reducing the servers’ storage capacities. Large corporations employing more than 500+ staff members might have to store terabytes of mailbox data onto a single email server. This much data will most certainly result in impaired performance.
Piling up of emails, poor folder hierarchies and the absence of a systematic approach to email organization leads to degradation of mail servers, which were never intended to act as storage repositories for vast amounts of email.
On the other hand, all business-critical data, especially email, must be readily available at all times, even in extreme cases of downtime and server failure. So what do you do?
How to manage email and boost governance with archiving
For proper email management, it’s unacceptable to simply store your emails on a server and wait for disaster to strike.
The disaster can be anything from server failure, quiet bit rot or a sudden ediscovery request.
Recent ediscovery stats are alarming ‒ it costs around $18,000 to review 1GB of data in an ediscovery case, and still, almost 40% of US corporations have not employed any ediscovery technologies.
To have complete control over your company email, you need to make sure it’s stored (and destroyed) in a manner consistent with established regulatory standards and business practices.
Moreover, in order for you to be able to pinpoint specific data in millions of exchanged messages, your email needs to be made searchable, and that’s something that backup or servers simply can’t provide. This brings us to email archiving.
Why is email archiving important for information governance?
Email archiving is an automated process in which all incoming, outgoing and internal email traffic is tracked, captured, retained and protected so that the messages can be accessed at a later date if necessary.
- an improved audit and ediscovery response,
- adherence to various federal, state and industry regulations,
- security and tamper-proof quality of data.
An email archiving solution can be an on-premise appliance or a cloud-based solution that automatically obtains emails and attachments (but also social media posts and other unstructured data) together with all their metadata.
Metadata is important because it gives us critical information about each message ‒ who sent what to whom, when and through what channels. It’s a must-have for ediscovery and can prove innocence or guilt when solving internal employee conflicts.
The archiving software then indexes and stores this information in an inalterable, WORM format for a specified period of time in accordance with your email retention policies, but also has special features that allow users to search huge volumes of data incredibly fast.
Furthermore, this type of secure data storage is particularly important if you handle sensitive and confidential information because it mitigates the risk of leaks and data breaches, while customizable user roles and access levels provide clear insight into who has access to what.
Email governance requirements
Given the importance of emails, many industries set special rules on how their emails need to be managed.
- your mail archiving system needs to preserve the content, context and structure of emails
- this system needs to be able to protect these emails from unauthorized loss and destruction
- the system you use to manage emails ensures all your emails are discoverable, retrievable, and usable for the period specified in their retention schedule
- your staff needs to know to differentiate permanent, temporary, transitory, and non-record email messages
- your staff how to handle emails that contain classified national security information
- your staff know how to deal with emails created on non-official or personal electronic messaging accounts.
If you want to learn more about email governance requirements for different industries, check out these education and government compliance checklists to get started. This should give you a solid foundation for how you need to manage email to stay fully compliant.
Key takeaways on information governance & email archiving
Email archiving is an email management and information governance practice that allows you to retain and actively use your company’s email and also be 100% sure it’s perfectly secure and protected.
- monitor information access,
- streamline information management,
- increase data security,
- ensure compliance
- make your ediscovery response faster and more efficient.
Insight obtained from your archived data will give you a clear picture of staff-associated risks. It will help you understand the real value of your business information and allow you to govern it proactively across all your departments.
What can you do to improve information governance practices in your organization?
- Evaluation and discovery
- Security and archiving
- Do you know where everything is stored?
- Is there backup?
- Do you know who’s in charge of what information?
The rate at which new information is being created is rocketing, with 90% of all the data in the world generated over the last two years.
When it comes to companies, an increasing amount of enterprise information (80%) originates in an unstructured form.
Unstructured data is mostly textual data that’s used on a daily basis in any business and any industry – email, email attachments (word files, PDFs, spreadsheets, images), social media content, instant messages, voicemail, phone calls, text messages etc.
This information is typically scattered across various servers, PST files and your entire organization, which makes it very difficult to control and use proactively.
In addition, employees often create, access and manage business information from personal devices. To contain this vast amount of information, you first need to create a data map and identify the types of data in your organization, including the legacy content that’s stored in old systems.
Evaluation and discovery
Having created a data inventory and documented the types of data in your enterprise, you should next evaluate your current information management practices and identify room for improvement.
The next step is to analyze your enterprise information, delete duplicates, clean old files and devise a plan on how to mitigate the exposure of private, protected or sensitive information.
Make sure you identify and document the exact locations of all unstructured data, and don’t forget to include external hard drives, personal computers and mobile devices.
Security and archiving
Information security and archiving technology are crucial pieces in the governance puzzle. In order to be prepared for litigation and stay in compliance with various state and industry regulations, companies need to ensure that all enterprise data is accurate, authentic, available and protected.
Information availability and protection are two seemingly opposite, even conflicting organizational notions, and it’s one of the goals of information governance to unite and create a balance between the two.
Enterprise information is an asset, so decision-makers and corporate strategists need to be able to extract value from information.
However, information can easily become a liability, so they also need to reduce the potential risks associated with it. Unfortunately, both this business value and risks are often unknown or unmanaged.
To establish proper information security and decrease the risk of enterprise information being breached or lost, organizations need to have a clear idea of which members of staff have what levels of access to data and establish supporting technologies that facilitate data retention and management.
Governance technology heavily relies on enterprise information archiving solutions, which can be an on-premise appliance or a cloud-based solution that automatically obtains emails, attachments, social media posts, text messages and other mobile content together with its metadata.
To minimize the risk of data breaches, it is generally advised that all unstructured enterprise data be kept in-house. The archiving software indexes and stores this information in an inalterable, tamper-proof format for a specified period of time, but has special features that allow users to search and retrieve huge volumes of data incredibly fast.
The benefits of implementing a governance solution are manifold.
Firstly, an archiver will help you achieve regulatory compliance and speed up ediscovery because it prevents endless data accumulation and allows you to customize retention periods and expunge data automatically once the defined retention periods expire. Customizable user roles and permissions help you to restrict access and prevent information from being altered, tampered with or deleted.
Secondly, you’ll be able to unite all your information, even legacy information, social media or mobile messages into a comprehensive, all-in-one repository. This means that you’ll never have to look any further if you need to locate or retrieve any corporate communications and you won’t need to invest any effort into deduplication, as it will be done automatically.
Although an archiving solution will considerably decrease the effort you’ll need to invest in managing your records, you’ll still need to devise and adhere to an information retention and management policy as the foundation of your archiving and governance process. It’s a framework that needs to define how email, social media, mobile content and other unstructured data will be managed.
You should know how you’ll be dealing with personal and sensitive data, how to organize, retain and dispose of it. It also needs to include things like backup and, most importantly, be aligned with all relevant regulations and applied to all levels of your organization.
However, no governance strategy should stop at implementation. To stay on top of your enterprise information throughout its lifecycle, you’ll need to preach and continually revise your policy.
In other words, you need to understand governance as an ongoing project, be dedicated to monitoring and improving your policies and procedures on a regular basis and stay up-to-date with regulations.
Finally, a good, holistic archiving solution will also allow you to leverage these enormous amounts of archived information through content analytics, let you extract business value from the data you store, help you learn about your organization and detect potential problems before they escalate.
|Jatheon is a data archiving company specializing in cloud and on-premise archiving solutions for regulated industries. If you’d like to learn more about improving information governance, compliance and ediscovery with email, social media and mobile message archiving, check out how our on-prem enterprise information archive can help.|