With the influx of data in every facet of our professional lives, it is easy for organizations, especially those in regulated industries, to end up exclusively focused on tactical solutions to manage data, never taking the time to step back and formulate a strategic view. I often speak to CIOs responding to line of business requests that end upbogged down in the minutia of the “how” and “how much” without taking time to contemplate the “why.” Moreover, as the amount of data being produced within each organization continues to increase, it becomes even more critical to step back and create an Information Governance (IG) strategy before tackling the logistics behind the technology needed to support IG throughout an organization.
"By making the “why” of managing information a priority, you can extract value and properly protect your information assets giving your organization a competitive advantage and improved business agility"
To help lay the groundwork, here are three steps every organization should take prior to the implementation of an IG strategy:
Map out your goals and create an actionable plan
Whether it is increased access to managed content or decreased data migration costs, there are endless benefits to creating an IG plan. However, to help ensure success in achieving these benefits, it is important to understand how an IG plan can directly support your organization’s strategic goals. Understanding that connection will allow you to develop the tactical action plan. The first step on this journey may seem simple, but it is one many never take. We get busy with our day-to-day responsibilities and never actually have open conversations with content stakeholders. Each stakeholder has a different need when it comes to IG, so there needs to be an open channel of communication between all stakeholders for the program to be successful. For instance, the compliance team is focused on meeting regulatory requirements, while IT is often tasked with finding data in a timely manner to answer user requests. When mapping out the organization’s IG goals, it is important for all teams to be involved in the planning process to achieve each goal seamlessly.
One way some organizations are opening the lines of communications is by developing an IG counsel, which includes stakeholders from each group, including IT, the records department, legal and C-level executives. The counsel comes together to provide guidance and advice to help ensure technology decisions being made across the organization are aligned on how to best manage content and data, which can be brought together to form a high level IG plan to answer the “why.”
Sometimes what is discovered at these meetings is surprising. For instance, our team attended the first meeting of an IG counsel at a large financial services company recently. It was uncovered that the legal department had purchased document management software to help manage their departments’ content. The problem? They didn’t involve records or IT during the purchasing process and now had a product that didn’t have the ability to apply retention and disposition. This is just one example that we have come across where organizational silos lead to poor purchasing decisions, inefficient processes and information being held in improper locations.
Taking a holistic approach to IG and understanding every department’s needs will help create a more complete and integrated plan, significantly increasing the chance for success. It is much easier to switch directions, address new goals or make changes prior to the start of implementation, and with everyone rowing in the same direction.
Get insight into your information
When companies work in silos, which is too often the case, data ends up stored in an array of different unapproved and unmanaged locations. Whether in onsite repositories, offsite cloud storage or in unapproved applications, all of these lead to the creation of what many call “dark data”. Getting a handle on where all the data is stored is important, as well as understanding what data in an organization is important to store and later archive.
With the explosion of data and stricter regulatory requirements, it is easy for an organization to hold on to data and never let go. According to AIIM’s’ Valuable Content or ROT white paper, “respondents estimated that only 42% of the electronically stored information is useful to the business.” That means potentially 58% of your information can be disposed. Just imagine the cost savings– from significant eDiscovery costs reduction to better, more accurate decision making.
If done properly, getting rid of ROT (redundant, outdated and trivial information) is a good business decision. It is called defensible disposition. But remember, what is important today, may not be important tomorrow. This means that getting rid of unneeded information is not a one-time job, but should be done on a regular basis and is an important part of any IG or data management strategy.
Look to the cloud for answers
The move to the cloud has continued to increase over the last several years, with most organizations slowly moving past “why would I want to do that,” to “where do I begin?” Motivators for the adoption of cloud services, however, have shifted and are no longer simply storage-centric, but now focus on the more compelling benefits of competitive agility and business efficiency. As technology modernization and system refreshes continue to occur, lines of businesses are presented with the opportunity to evaluate and improve business processes. Information management and governance are no exception. By making the move to the cloud, an organization can improve its ability to respond more diligently to customer demands, competitive pressures or litigation requests– improving the organizations overall IG and compliance.
However, before moving any data to the cloud, companies need to fully understand the information landscape before they endeavor to navigate it. By taking the time to understand the options, processes and considerations before jumping in, an organization can avoid many pitfalls and inefficiencies–most of which have been experienced for years on premises. Also, requirements for secure information governance and archiving should include the recommended practices from objective, vendor-neutral organizations such as FFIEC and NIST.
Overall, information is an organization’s greatest asset. However, unless that asset is managed properly allowing efficient and secure access its value is at risk. In the past, IG has solely been viewed through the lens of risk and compliance, but it is critical to see that it is also about achieving information strength and making sure information remains an asset, not an interference. By making the “why” of managing information a priority, you can extract value and properly protect your information assets giving your organization a competitive advantage and improved business agility.