1. We already have a File Plan and our policies and disposition are well defined. Why do we need Information Governance?
If you have a comprehensive File Plan with policies and disposition well defined, that is a great start to Information Governance, but other things are critical as well.
Most importantly, are the policies being enforced? Without an Information Governance initiative, many organizations find that the File Plan is not effective because it is not being enforced. For enforcement to be successful, it needs support from the top of the organization, and it needs support across the organization. This is why the concept of a Chief Information Governance Officer (CIGO) has become a hot topic. One of the responsibilities of the CIGO is to obtain support from the Executive team and to ensure the policies are enforced across the organization.
In addition to enforcement, many times the organization has not been educated on the importance of the policies, nor have they been trained on how to enforce the policies. An Information Governance initiative can help with both of these issues.
Another consideration is the identification and classification of your content. Just because a File Plan exists doesn't necessarily mean all of your content is tied to the File Plan. An Information Governance program will ensure this step of the process has been completed.
2. I understand that Information Governance will help with compliance, but how can I sell the benefit of it to our Executive team?
There is already a lot of research available about the benefits of Information Governance. I have included a list below of some of the most relevant benefits.
- Business Differentiator. I have listed this first because it is often overlooked. Consumers are making buying decisions based on privacy. An Information Governance program will improve the security, reliability, integrity and accessibility of your data. This can be used as a competitive advantage in the marketplace.
- Reduced storage and infrastructure cost. If you are doing a better job of managing your data, you will have less of it, therefore, reducing the Redundant, Obsolete and Trivial (ROT) data in your organization.
- Reduce risk by improved compliance. The cost of non-compliance can be financially devastating to an organization. Being in compliant will reduce your risk of unexpected costs, but also reduces the risk of other things that may not be as obvious, such as potentially damaging media coverage and loss of clients.
- Reduce eDiscovery costs. This can go hand in hand with non-compliance as eDiscovery can be very costly to an organization. If you have implemented an Information Governance program, you should "only" have the data that is required by your policies, making eDiscovery easier, and you will be able to locate the relevant data quicker.
- Adaptability. We live in a fast-paced world that is constantly changing. Organizations need to have control over their data so they can react to change, find the relevant data quickly, and immediately comply with new standards.
3. We already have an ECM system, why do we need Information Governance?
ECM is the tool to help organize and manage your information, but Information Governance is about the principles, policies and practices to control that information. The same concept applies to a Records Management solution; it is the tool, but Information Governance is still needed.
A lot of focus is typically placed on the tool because that is what everyone sees and uses on a daily basis. But without an Information Governance initiative, your organization is only half way there; defining, managing, and enforcing the policies and practices will make the tool even more valuable.
4. We have a Records Manager, can't they just handle this?
The answer to this will depend upon your organization. A Records Manager could certainly take on a larger role that included Information Governance. But remember that Information Governance needs to be enforced from the top down and across the organization for it to be successful. Many times a Records Manager does not have the exposure or the authority across the organization. This is one reason the CIGO (Chief Information Governance Officer) has become a relevant position. An Information Governance initiative can be implemented without a CIGO, but the person responsible for it will need support from the top, and some level of authority across the organization.
For more information, read a blog post on the topic.
5. Is there really a risk to not addressing Information Governance?The biggest risk is non-compliance and the legal risk your organization is exposed to by not governing your data. The media is full of real-world examples of companies that have learned this lesson the hard way.
In addition to compliance, there are other risks, and RecordLion just posted a Blog on this topic. In summary:
- Lost Productivity - Part of Information Governance is ensuring you are keeping the right data and that you can find that data quickly. You must be able to find your data quickly, and you also don't want to waste storage space on data that shouldn't be retained.
- eDiscovery - The cost of a search on your data in the case of an eDiscovery event can be crippling to an organization. A proper Information Governance program should address eDiscovery.
- Protecting Your Data - Information Governance should ensure you have the policies in place to protect your data.