We live in a world of information overload. Rapid advances in technology allow for the quick creation and distribution of information. Consider the amount of time lost to managing email, where a large amount of information has no business value, but losing track of a single critical email can have serious consequences. Effectively finding and securing the right data can be a difficult task amidst this extraordinarily productive environment. To avoid data disaster, today’s Chief Information Officer (CIO) must understand and implement the right information governance (IG) program for his or her organization. For this to be accomplished effectively, there are a number of key things the CIO should know about IG.
IG is a holistic concept. Information can enter and leave an organization through any individual, terminal or interaction. The process of developing an IG program therefore needs to include all relevant stakeholders and requires organization-wide buy-in. It is imperative that all stakeholders understand the benefits of IG and how it impacts their business practices. An inconsistently applied IG program leaves an organization vulnerable. The smallest data breach can have an organization-wide impact.
Focus on People, Not Technology
When considering compliance with IG objectives, the key is people and not technology. There is no value in acquiring a software tool until the day-to-day activities of people within an organization are fully understood and they are ready to adopt the tool. It is a fruitless endeavour to force a technological solution to fit the culture of an organization. The goal of IG is to institute a consistent and logical framework for employees to manage information. A combined top-down, bottom-up approach must be taken to maximize the value of an IG initiative. Technology solutions must complement how data is produced and used within an organization.
Know Your Data
Before decisions are made about how to manage data, it is essential to fully understand the types of data created and used within an organization. To accomplish this, an organization must engage in content management to administer digital content from creation through permanent storage or deletion. This includes looking at how information is made available to users and managing updates and version control. To avoid a content management problem, depending on the maturity of an organization's IG program, it may be appropriate to retain external support to undergo a comprehensive data assessment to fully understand the organization's data handling activities, identify the most pressing IG risks associated with those activities, and evaluate the most effective and efficient way to mitigate those risks.
There Is No One-Size-fits-All Solution
IG programs take time to develop and there is no one-size-fits-all solution. The process of creating and implementing an IG program is multi-layered and multi-phased. The development of a complete IG program must take into account the needs of all stakeholders and cover legal/regulatory concerns, business operations, and technology. A CIO should therefore rely on his or her knowledge of the organization's culture and data handling activities to help develop, implement, and enforce measures that are tailored to its unique business profile. Overcoming the information overload through employing IG best practices maximizes the value of an organization's data. In doing so, today’s CIO plays a key role in achieving the organization's business goals.