Information Governance isn't so Bad After All

By Kimberly Samuelson

(Back to article)

As a speaker at many technology events, it’s always fun to see the reaction the phrase "information governance" elicits — I’ve seen everything from eye rolls to head nods. “Easy for you to say — try and implement it!” said one particularly feisty individual. “Yeah, we are still trying to figure it out,” grumbles another. I am employed by a developer of an enterprise content management (ECM) software vendor and clients constantly express that they are overwhelmed by the wealth of their own information: “What should we keep? What should we purge? How do we manage information so that it becomes an asset rather than a liability? How can we use our information to operate more successfully? What controls do we need to put into place?”

While many approach information management from a technology nuts-and-bolts standpoint, what is not often addressed is the top-down, strategic management of information. I like to explain it this way: You’ve seen the trees, now let’s view the forest.

Step back for a second and consider the adaption of information management within an enterprise. When your organization first implemented information management, I bet it was all about "finding and filing". You had paper files, electronic documents, etc. and you had to put them somewhere where you could easily find them. Essentially, you were setting up a central point of information control.

Then you started to consider how much valuable information that can be found in your business critical applications like your ERP, CRM, GIS and you thought about your users and the fact they had to toggle around three or four applications to get the information they needed to do their job. You then made the bold move of using your content management system as a sort of integrative middleware, so the information delivery to your users became much more dynamic.

You’ve approached information management from an enterprise technology perspective and you are rightfully proud of the way you provide services to your users. Then it happens (insert ominous music here), an e-discovery request is made, a new compliance initiative rears its ugly head, or you get notification of an audit ... So now what?

It’s time for top-down. It’s time to plan an information governance strategy.

Governance roadmaps and frameworks

Every organization or enterprise has an overarching goal. To reach this goal it is necessary to coordinate activities and make a plan. In today’s economic climate, that goal may be simply to survive. In order to increase its chances for survival, an organization must be agile. In order to be agile, an organization needs its “information lifeblood” to be available, consistent and reliable.

This information is an asset to the organization because it allows better decision making. But at the same time information needs to have some controls around it. Simply put, in order to be more agile, organizations must better manage their information by putting a governance strategy into place.

Governance implementation is often thought of as a journey. Much like you won’t reach your organization’s goals in a few days you won’t solidify your governance plan in a couple of meetings. I’ve read a lot of material that suggests that one should create a road map for governance. While this is useful, I like to think of governance as a framework. A framework is an incomplete, though concrete, solution to a recurring problem. A framework has physical components upon which the user may build elements. Frameworks allow policies to be created, conflicts to be resolved and are flexible enough to foster the provision of services to business units. Simply put, information frameworks allow us to put structure around how we align control and agility.

The information governance framework has four parts: people, policies, technology and risk management. People and policies are the organizational enablers, supported by the discipline of risk management, which is shored up by technology. This allows resources and risk to be managed while fostering the creation of information value. Much like blood pumping thru the body, this information gives the business units power and agility. Ultimately, the goal of the governance framework is two-fold: compliance and value creation. A controlled yet flexible governance framework fosters agility in business processes and service delivery.

The Fab Four

The four areas of governance are important enough to discuss in more detail. Every successful information management endeavor that we’ve seen has been organized in this manner. Implementing a governance structure allows your organization to be proactive rather than reactive.

People - It’s so important to start with the human element. The success of any organizational endeavor is directly linked to the engagement of the members of the organization. If the needs of management and staff aren’t considered, you might as well shut off the lights and go home. Information management is truly a collaborative process. Make sure you have executive sponsorship, but don’t forget to engage your consumer in the strategy.

Be reflective of the needs of your clients rather than definitive. Use IT as the enabler, but it’s not always necessary that they take the lead. The most successful strategic implementations form a stakeholder committee that includes department heads, consumers, legal, technologists and records managers. But, before you put together a large group, let me caution you: Although all organizations want governance decisions to represent the interests of all stakeholders, the best committees assign clear responsibilities for each decision to individuals who can accept accountability for outcomes.

A good governance structure allows staff to work in the most efficient and effective way possible by giving them access to information assets. And don’t forget about usability. If implementations of information management controls are cumbersome, they will fail. It’s amazing how easily staff will get around your controls or refuse to use your system if it isn’t useful. The reason most information governance efforts falter is they didn’t take the business units methods of working in mind.

Policy - There’s no one-size-fits-all suggestion I can make in terms of governance policies, but I have a few suggestions. Instead of focusing on limits, focus on outcomes. When you approach policy-making in this manner, your business units are much more likely to cooperate as they will see value.

Rather than have staff members wait in line at a records counter for information, consider implementing a controlled system that allows instant, individualized information access. This way it’s less about lock-down and more about empowerment.

Approach your information like an asset, from a portfolio perspective. You don’t look at your bank account in terms of individual one dollar bills; don’t view your information that way.

Finally, consider standardization. Metadata or data about data is your information DNA. Consistency here will pay dividends and make compliance and auditing less painful. Standardization is an enabler of agility. By standardizing foundational components, you become more agile.

Technology - Technology is a foundational component of the information governance framework. When planning your enterprise, be agile in your systems approach. Consider implementing an enterprise content management application or a lot of organizations use applications such as a geographic information system (GIS) or enterprise resource planning (ERP) as points of control or platforms to deploy shared services.

Implementing this type of technology will introduce automation to your information management and automation ensures consistency. There are three common avenues you can take in terms of ECM implementations:

The first is ECM as the single point of control for complete information lifecycle management. A rules-based structure is the key, but don’t forget about the quality of the information you capture. Remember a content repository is only as good as the content it manages. As a wise person once said, “Garbage in, garbage out.”

The second approach involves looking at your information architecture from the user perspective. Here’s your opportunity to be agile in your technology implementation. This method is known as “dynamic personalization.” Dynamic personalization allows the user to access information in the manner and environment in which the user is most comfortable. The user can access the ECM application directly or through any other application through which the user works. In this case, think of ECM as a sort of integrative middleware. Middleware, by design, makes the sharing of information resources transparent to users. It provides consistency, automation and security.

The third approach is the implementation of ECM as a shared service platform. This is most often implemented by governance-mature organizations. Enterprise information management is literally that — information shared across business units or functions. This is particularly attractive to technology departments as it allows them to develop business processes that can be repeated across the enterprise allowing optimal resource efficiency, cost and service performance.

Risk Management - From an information management perspective, risk management means identifying the magnitude and impact of non compliance; most often as it relates to record-keeping. As regulators and agencies have increased their scrutiny on organizations, it is more crucial than ever to be sure that information is consistent, reliable and available. A well-vetted records management policy is crucial here.

Remember that records management needs to be deployed from an enterprise perspective across the entire portfolio of information assets. Technology is really effective as it ensures consistency. Ideally, the records management structure can be implemented transparently. This allows business units to work in the most efficient way possible, but the organization’s record-keeping integrity is still intact. Technology also allows you to establish monitoring and auditing processes to ensure proof of compliance and transparency. Look at the risk mitigation effort in a positive light. As crazy as it may sound, regulatory oversight can be a unifying concept for business.

One of the most intrusive risk management situations is the e-discovery process. At its most elementary, e-discovery is enterprise search, production and auditing of information. This is an arduous process that can be somewhat alleviated by an established information governance framework and stringent records management policies. Technology is again helpful as it allows you to cast a wide net and narrow down as needed. The framework you proactively build on the front-end will make this process less painful.

Disparate governance efforts, no matter how well they are implemented, cannot alone promise information governance. Mature organizations rely on organizational structures such as frameworks that are simple, coherent and transparent and that engage both staff and management. If we define successful organizations as those best able to thrive in their current environment, and we consider information the lifeblood of organizations, then an information governance strategy is crucial for all organizations to implement. Agile, adaptable organizations leverage their information as an asset. These organizations have mitigated risk, established standards and, most importantly, leveraged their information into quality decisions.

A 17-year software industry veteran and a frequent presenter at industry events, Kimberly Samuelson is director of government strategy at Laserfiche. She joined Laserfiche in 2001 as a regional manager and has served the company in several roles, including creative director and director of government marketing. Samuelson specializes in developing and delivering compelling content about ECM for the government market. Her background combines extensive marketing and business development experience. Kimberly can be contacted at ksamuelson@laserfiche.com.