What does Information Governance Really Mean?

Building a ‘Unified Information Governance Practice’ - a formula for Information Governance Operational Success

by Peter vR Sternkopf, Vigilant Systems

Information Governance (IG) can mean different things and there are certainly multiple definitions.  For the sake of simplicity, Information Governance is the management of information to effectively mitigate risk, cut costs, and leverage the value of information.

Great- now we have a definition for IG... now what?!  Isn't IG an unruly monster that is too big to do anything about?  Well no, it's not; in fact, there is an approach to building a unified IG practice that is not difficult, not unreasonably expensive, not disruptive to operations, easily managed, scalable, and defensible.  Oh, and the value of the program can actually be monetized as a significant return on investment, saving significant money and resources, as well as providing a path to improved revenue and profitability.  It is absolutely doable!

Sound good?  If yes, here's what your organization needs to do (big picture) in order to drive your IG Practice forward and be successful:

  1. Educate the Executive Team and Obtain their Support - There is no way executives need to or have the desire to know all about IG. Keep it simple and focus on the value of your initiative and expected returns on their investment.

  2. Form a Lean and Agile IG Team - Comprise your team of key persons that bring value and the required skills to the program, and who will actually do the necessary work. Make sure to include both external and internal resources on your team (not necessarily FTE's)

  3. Focus on inside-out Information Security - Leverage the 8 Principles of IG in this order; Transparency, Protection, Compliance, Retention, Disposition, Accountability, Availability, Integrity

  4. Take a Holistic Approach to Compliance - Holistic (comprehension of the parts of something as intimately interconnected and explicable only by reference to the whole) Once you understand the parts and how they are interconnected, then tackling a piece at a time with consideration on how it affects the other pieces, makes for a cohesive outcome.

  5. Use an IG Program Management Tool - An IG tool is a very important component for coordinating and communicating the efforts required. It must include an accountability framework that establishes information risks and controls ownership assignments. There are a handful of good tools on the market, but only a couple great IG tools.

  6. Choose High-Value, Important, and Affordable Initiatives - Pick the most important, highest information risk areas/departments and workflows first and then structure by 'critical systems' within their workflows.

  7. Establish Information Assets Ownership - Identify each departmental business process owner (BPO) and a second if possible. These individuals ‘own' the information risks and controls program within of their department.

  8. H -

Building a Unified IG Practice is pretty straightforward; there's more but again, this is a high-level overview.  For more information, feel free to contact Peter@Vigilant.us