Developing information governance efforts

James Merrifield
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

In an information governance model, there are business-focused components and aspects, and there are technology-focused components and aspects. Information Governance isn’t just technology driven, nor is it solely business driven. It is a partnership between business and technology. Both must be present in the program.

The Business Side

Diving into the business side, the first major aspect to Information Governance are the stakeholders. There are many, many stakeholders to Information Governance, but mainly they belong to five specific categories (Business, Legal/Compliance, Records & Information Management, Privacy/Security, and IT), which may or may not cover all stakeholders to Information Governance.

The second major aspect on the business side are the business-focused components that bolster an Information Governance program and are critical to its success. These include Change Management, Communication, Organizational Learning and Training, Standards and Best Practices, Help Desk, and/or Frequently Asked Questions, and are all bolstered by a solid and (generally) iterative project management methodology.

The last major aspect on the business side is a process to call out the things that need to be defined and established at an organizational level to ensure ongoing success of the Information Governance program. This includes Metrics, Policies, Procedures, Rules, and Roles, all with an underlying accountability matrix.

The Technology Side

On the technology side, there are basically four components: (1) Information Access, which could also be thought of from the alternative risk-based perspective of Access Controls ensures that the right people have access to the right information at the right time; (2) the Information Lifecycle, which includes version controls available, retention policies, storage principles managed, legal holds, and eDiscovery processes available, and eventual disposal or archival. Throughout the lifecycle of information, there must be an application of search, as a function of access, and the application of information protections.

Continuing on with the technology side, (3) structures should be in place, including the Information Architecture, Taxonomy, and Metadata, which must be applied and available in the technology. In addition, Formats, Protocols, and the Technology Architecture should be in place.

Finally, (4) the applications and software used to apply information governance practices, will need to be considered, such as APIs, or Web Services, that connect together disparate systems because most organizations have multiple systems. infrastructure is used to connect those systems so Networks & Connectivity are appropriate for the organization’s needs are also a consideration. Underlying the infrastructure must be a particular focus on security.

Whatever model you use, it is important for every organization to consider an Information Governance Program for the life of its data.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide