Information Body of Knowledge

Information Governance

Information Governance Definition

Information Governance is the overarching and coordinating strategy for all organizational information. It establishes the authorities, supports, processes, capabilities, structures, and infrastructure to enable information to be a useful asset and reduced liability to an organization, based on that organization’s specific business requirements and risk tolerance.

InfoBOK v1.0

Information Governance Key Points

  1. Overarching strategy across information and information disciplines.
  2. Information Governance is the top level of any organization's information strategy.
  3. Information Governance defines the authorities for information decisions.
  4. Information Governance defines the supports for information governance (things like Change Management, Communications, Organizational Learning/Training, Standards & Best Practices, Help Desk/FAQs, and Project Management methodology).
  5. Information Governance defines the processes and flows of information throughout an organization (or at least a standardized methodology for the organization to establish consistently).
  6. Information Governance establishes the Information Architecture, taxonomy, metadata, format standards, protocols, and technology architecture.
  7. Information Governance should establish the requirements for technologies and networks, as well as the plan for implementing and managing them.

Information Governance Overview

Information governance is a term that has been bandied about for some time now. However, as an action item for a CIO, until recently, it remained near the bottom of the list. This has shifted as companies are achieving information governance success and using it as competitive advantage.

Information Governance, as defined by the Information Coalition, “Information Governance is the overarching and coordinating strategy for all organizational information. It establishes the authorities, supports, processes, capabilities, structures, and infrastructure to enable information to be a useful asset and reduced liability to an organization, based on that organization’s specific business requirements and risk tolerance.”

ARMA International, the association of Records Managers, made a solid attempt at developing a list of activities associated with information governance in their Information Governance Professional DACUM Chart.

EDRM modified their eDiscovery Reference Model and made it their Information Governance Reference Model, and it was a solid offering towards defining the stakeholder groups to information governance.

The Information Coalition, in 2014, released The Information Governance Model (InfoGovModel) to further define the activities underlying the various stakeholder groups.

Information Governance is maturing, and with that maturity, comes a new need for subject matter experts, both in the consulting arena and within companies. There have been new resources to help raise the consciousness around information governance and to equip these new professionals.

With this industry maturity comes a unique opportunity for companies that embrace information governance: competitive advantage. The benefits of well-executed information governance range from better responsiveness to reduced risk, information governance is indeed an advantage for companies that execute well.

In the past few years, we’ve seen competitive advantages for companies that have executed on social media (Dell, Comcast, etc.); we’ve seen competitive advantages for companies that have executed well on enterprise collaboration platforms. Now, there is a new opportunity for companies to take advantage of and reap benefits from information governance.

Those that execute well in the information governance sphere will likely gain great benefits of their execution. For those that are looking for competitive advantage, waiting for the studies on the benefits will likely be waiting for too long in an arena where technology advances move quickly and benefit periods are shortened. Those that embrace the new ways of governing information holistically will be the winners in the information economy.

It is, however, the individuals who embrace Information Governance as a new domain of expertise that are likely to be the greatest winners. With an expanding market and a lack of qualified professionals, Information Governance has the potential to make careers and bring forward a new generation of subject matter experts.

The most important piece of any understanding of Information Governance is the balance of risk versus value related to information. Information Governance spans many disciplines and provides guidance and strategy for all organizational information.

What Information Governance must do is inform disciplines in two arenas of information: disciplines that protect the organization from the potential damage that information can wreak, and disciplines that enhance the organization by extracting value from information. To do this, one must understand the value of information and the risk that information presents.

Information Value

Information has value to an organization, it helps us innovate, meet client/customer needs, share, sell, identify opportunities, and more. Information is the lifeblood of any organization doing business today. Information is contracts, conversation, obligations, benefits, and more.

Doug Laney of Gartner framed the discussion of the value of information by positioning it in terms of non-tangible/non- financial benefits and tangible/financial benefits (from an interview in SearchCIO):

Non-Financial Methods -

1. Intrinsic value of information. This model doesn't "take into account the business value at all," Laney said, but focuses instead on the data's intrinsic value. The model quantifies data quality by breaking it into characteristics such as accuracy, accessibility and completeness. Each characteristic is rated and then tallied for a final score. Laney, who teamed up with Gartner's Ted Friedman to quantify a dozen data quality characteristics, includes scarcity in the equation. "Data that's more unique to your organization and not available to your competitors or the larger marketplace, we believe, has the potential to provide more value to you," Laney said. As with any of the six models, this one can be tailored to the company, which could, for example, "assign weighting factors" to each characteristic, he said.

2. Business value of information. This model measures data characteristics in relation to one or more business processes. Accuracy and completeness, for example, are evaluated, as is timeliness "because even if data is relevant to a business process, if it's not timely, how valuable is it really?" Laney said. The model can be tailored to fit the organization's needs and even applied to specific data types such as unstructured data or third- party data.

3. Performance value of information. This model is "much more empirical in nature" because it measures the data's impact on one or more key performance indicators (KPIs) over time, Laney said. Take the sales department, for example. "If your salespeople had access to competitor pricing data, how much quicker could they close sales?" Laney said. Businesses can run an experiment by comparing how a control group with no access to competitor pricing data performs against an experimental group. Or, if businesses have neither the time nor the ability to run an experiment, they can substitute proxy data for control group data, he said.

Financial methods-

4. Cost value of information. This model measures the cost of "acquiring or replacing lost information." After the Sept. 11, 2001 terrorist attacks, as clients began calling Laney to figure out how to recoup from, in some cases, a total loss of data, they developed a method to quantify information's value based on what accountants "refer to as 'replacement costs,'" Laney said. A value is assigned to the data by measuring lost revenue and how much it would cost to acquire the data. "This is the way valuation experts value most intangible assets that don't have a discernible market value or are generating a market stream," Laney said.

5. Economic value of information. This model measures how an information asset contributes to the revenue of an organization. "This is our KPI model again, but instead of any given KPI, we're looking at revenue," Laney said. To illustrate his point, he returned to his sales example. An experimental group is given access to competitor pricing data and a control group isn't. "Instead of looking at time-to-sale, we're looking at revenue generated by any given salesperson" over a given period of time, Laney said. "That will give us a good sense of the value of that data." CIOs should factor in the cost it takes to acquire, administer and "bake that data into the system the salespeople are using," he said. They should also consider the data's life span. Competitor pricing data, for example, has a shelf life, which should be factored into its value.

6. Market value of information. This model measures revenue generated by "selling, renting or bartering" corporate data, which Laney considers to be one of the best ways to value an information asset. The problem is, most information assets don't have what accountants call an "open arms-length market," or what the price of the data would be on the open market, according to Laney. A way around this is to figure out what similar data from syndicated data providers or competitors is going for. After determining the data's premium price, Laney suggests figuring out what he calls a "discount value." "When we sell data, we're not really selling it," he said. "We're licensing it." The discount rate will vary based on the number of times a company sells the information and other factors. "But, again, it's not the value that's important," Laney said. "It's tracking over time."

Information Risk

Information risk is all about protecting the organization from the liability and risk related to information. Information is risk to an organization. It is the ‘smoking gun’, the data breach, the exploited loophole, the missed obligation, the compliance requirement, and more.

The risk of information has been categorized into 5 primary categories and defined by Victoria L. Lemieux:

  1. Legal risk includes loss, damage, or unrecoverability of records and information that could result in litigation or noncompliance with laws or regulations.

  2. Financial risk includes loss, damage, or unrecoverability of records and information that could result in financial losses or threaten the organization’s financial position.

  3. Reputational risk includes loss, damage, or unrecoverability of records and information that could result in damage to the organization’s public image, confidence, or reputation.

  4. Operational risk includes loss, damage, or unrecoverability of records and information needed for completing the organization’s business transactions effectively.

  5. Environmental risk includes loss, damage, or unrecoverability of records and information documenting the organization’s environmentally safe practices.

Each of these risks should be mitigated according to the organization’s risk tolerance, or their willingness to accept a particular level of risk.

Balancing Value & Risk

On the surface, value and risk are competing. They compete for resources, attention, and staffing. The underlying information disciplines, each has an inherent balance of risk and value -Records Managers focus on risk; Data Scientists on value; etc.

Each organization has a differing balance between value and risk. Highly regulated organizations tend to have a much lower risk tolerance (meaning they accept little risk) than minimally regulated organizations.

Unfortunately many organizations are running with competing risk profiles within themselves because of a lack of cohesive strategy. That is where Information Governance arbitrates and finds a common understanding of risk versus value; a specific balance is achieved.

That’s the goal and it’s what Information Governance truly is, figuring out the balance of risk and value, then executing on that vision across an entire organization.

Information Governance is the overarching strategy for information in an organization and all information disciplines take their lead from the strategy laid out in an organization’s Information Governance plan.

Like a conductor in a symphony, Information Governance directs the information in an organization in accordance with that particular organization’s risk tolerance, business requirements, and strategy.

That’s what makes Information Governance so intriguing, there’s no “one size fits all” solution. You can’t purchase Information Governance and there’s no quick fix - Information Governance is a project and a direction that moves information forward.

Featured Resource

The Information Governance Model (Open Source)

Information Governance Model (InfoGovModel)

Additional Resources

(These additional resources are provided by the community and while we make every effort to ensure only high quality resources are included, we cannot guarantee the authenticity, safety, or quality of these resources. Proceed at your own risk.)

Submit New Resource

Information Coalition Resources

Some resources are available only to Professional Members or Standard Members (free).

Change When Stakes are High – Russ Stalters

Russell Stalters, CEO, Clear Path Solutions, Inc.

Everybody talks about change management and how important it is to having a successful information governance program. This keynote will provide the audience with practical guidance and steps to create a culture of information management excellence. I will share what we did in response to the Deepwater Horizon oil spill to achieve this goal.

Panel: Navigating Information Governance Within The Corporate Legal Culture

This video is available to logged in Professional Members only.
Become a Professional Member or Login.

Those folks who are already deeply entrenched in the Information Governance realm recognize the importance that IG plays in defining and supporting the continued success of our organizations. However, the Corporate Legal Department (CLD) / Office of the General Counsel (OGC) is often viewed as an island unto itself within the overarching Corporation/Enterprise. With its unique requirements, the CLD/OGC teams routinely encounter roadblocks when attempting to acquire the IG Tools that they require to support their internal legal operations, interact with the business units which they advise, and collaborate with external parties, and yet, navigate the processes to meet the IG Goals developed by the Enterprise IT Team.

During this session, we will be exploring key strategies that can be adopted/embraced in your quest to bring about an Information Governance roadmap to the Office of the General Counsel / Corporate Legal Department that will place your organization on the road to IG excellence.

Join our seasoned legal technology panelists and subject matter experts including Matt Blaine, Esq. (Davison, Eastman, Muñoz, Lederman & Paone, P.A.), Dennis Garcia, Esq. (Microsoft Corporate, External & Legal Affairs (CELA)), Ann Gorr (Legal Technology Consultant @ Ann Gorr, LLC), and Don Knight (PNC Bank, Legal Department) as they discuss key areas of focus and IG approaches to assist those who design, deploy, and support technology projects within the CLD/OGC environment.

Lessons Learned: Implementing Large Scale Governance Programs

This video is available to logged in Professional Members only.
Become a Professional Member or Login.

Donda Young and Susan Whitmire share in this fast-paced session where they will share their real-life experiences implementing information governance programs and the lessons learned (and often relearned) throughout the process and maintenance of such programs. You think you’ve heard it all before change management, user adoption, people, processes, and technology, however, this time you will hear more about the ‘how’ in addition to the ‘what.’

The Records Perspective – Aligning Information Governance and Records

This video is available to logged in Professional Members only.
Become a Professional Member or Login.

Join Todd Dietrich (BDO), John Krysa (ICRM), and Angela Watt (City of Spruce Grove) for an interactive discussion on how to align Records and Information Management with Information Governance. Using the kaleidoscope of experiences, they will discuss how both concepts are defined, and how to use that to get corporate buy-in to move the needle on your strategies. Bring your own ways of defining the scope because this will be a lively discussion where you a sure to learn different perspectives!

Beyond The Hype Of Content Services

Beyond The Hype Of Content Services

Implementing Information Governance By Addressing Challenges One At A Time

Webinar Presenter: Laurence Hart, Director, TeraThink

There has been a lot of hype in the last year around Content Services with many vendors embracing the term. For many people, the question remains, what is it, how does it relate to ECM, and how can it help me achieve my actual Information Governance goals? In this discussion, we’ll cut through the hype and offer clear answers to those questions. We will also discuss how leveraging agile methodologies and cloud technology can speed the implementation of Content Services helping you realize value even sooner.

Access The Webinar

Healthcare Innovation Through Information Governance (Ann Meehan, AHIMA)

This video is available to logged in Professional Members only.
Become a Professional Member or Login.

This presentation addresses information governance concepts that support key healthcare initiatives by ensuring trustworthy information. Stress will be placed on aligning decisions around information with healthcare organizational strategic goals and objectives. Gaps will be addressed and tied back to information governance practices. Takeaways will be applicable beyond just healthcare organizations, so come and learn what we’ve figured out in the healthcare sector.

Johnny Lee – IG and Risk Management – Flip Sides of the Same Coin

This video is available to logged in Professional Members only.
Become a Professional Member or Login.

Organizations with a strategic view of these things recognize that Information Governance and Data Risk Management are flip sides of the same coin. Simply put, the only way to diminish the significant data risks is to go “upstream” of the triggering event — be that a regulatory inquiry, third-party audit, subpoena, or internal review. This means that organizations will need to become MUCH more proactive and strategic in their thinking, working to put in place the very policies, procedures, processes, and controls referenced above to avoid having to address data-related risks in a reactive (and thereby less effective) manner. Put differently, a truly complete InfoGov Strategy integrates elements from various disciplines: regulatory compliance, legal risk, forensic/investigative risk, efficiency & ROI, internal audit, third-party risk management, and IT infrastructure. Join us for a panel discussion comprised of practitioners from these disciplines as they discuss real-world techniques and strategies to address these very real business problems.

Rethinking Information Governance In The Digital Age – Rina Hunter, Craig MacDonald

This video is available to logged in Professional Members only.
Become a Professional Member or Login.

1 2 3 5
The Information Governance Conference 2018