Executing on an Information Governance Strategy

By Carl Weise posted 11-02-2012 13:06


ECM technologies offer several capabilities designed specifically to meet the obligations to organize, preserve, discover and dispose of content.  These capabilities are needed to act in accordance with an information governance accountability framework.  These core technologies include document management, records management, content and email archiving, search, taxonomies and metadata management.  The needs of your business, IT and records or legal users can be met by using tools that can be accessed through a variety of user interfaces, on a variety of devices.  User engagement and ease-of-use are important to encourage broad adoption of the ECM system.

Document and records management capabilities provide the version control, access controls and audit history to ensure electronic content can be authenticated.  Lifecycle management rules can be applied to ensure scheduled disposition and storage.  Records management systems also provide legal hold capabilities and allow risk managers to flag content subject to disclosure.  Search, metadata and taxonomy tools allow business users to find and retrieve content accurately and efficiently.  IT managers can leverage the storage rules in most archiving systems for load balancing, storage management and migration of content for more cost efficient long term storage devices.

An information governance program will communicate the internal responsibilities and accountabilities needed to meet legal, regulatory and policy-driven compliance.  Meeting compliance requirements will reduce risk of missing deadlines, submitting incomplete records or not delivering on commitments.  Poor record-keeping or document security can lead to complaints, or invite deeper audit or investigation from regulatory bodies.  Reducing these risks means pro-actively avoiding costs such as fines, penalties and other financial sanctions. 

A well-executed information governance program can also reduce storage costs by removing need for additional server capacity, file rooms or archive devices.  Timely disposition of obsolete business content will relieve the hardware and storage burdens faced by IT.

All private and public sector enterprises have some level of compliance obligations.  There will be significant differences across industries and jurisdictions.

Compliance as a broad definition means “conforming to stated requirements”.  In the context of content and information management, this means abiding by the laws, regulations and internal standards for business activities.  Compliance in the ECM world can mean everything from applying security and access controls to confidential information, saving and protecting records for a fixed period of time, and/or tracking approvals and signatures on executive agreements.

To understand the compliance requirements of your organization, it is important to understand the legal, regulatory and internal audit factors that affect your type of business.  Health records, employee files, safety audits, financial reporting documents, customer contracts: these are just a few enterprise content types that may have external rules or regulations that affect their creation, handling, storage or destruction. 

Compliance with internal quality or audit requirements will be important in manufacturing organizations, professional service organizations or public sector.  For example, an ISO 9000 certified manufacturing plant will have stringent record-keeping requirements for defect or incident reporting, while a law firm will have rigorous standards for client communication security and management. 

Deploying an ECM application, even one with cutting edge records management, document management or workflow capabilities, is only one step towards achieving compliance.  We also need clear accountabilities, consistent practices and user engagement, not just software.

Clearly defined, communicated and executed policies, procedures, standards and accountabilities are all essential ingredients when deploying ECM to meet compliance obligations.  Installing software but then using it inconsistently, or not educating end users on their content management obligations, can lead to problems should your company face an audit, inspection or legal dispute.  Compliance will be an outcome of doing good business.  Installing software and writing procedures that go unread will not be sufficient to create the environment of accountability, consistency and responsibility that is necessary in an information governance framework. 

The on-going education, coaching and communication skills and tactics will apply fully for this use case as well.  Organizations with a strong culture of accountability and meeting compliance obligations will ensure business and IT are comfortable with their responsibilities to handle regulated content in line with policies and procedures.

Companies with a strong commitment to high quality of product or service delivery include internal compliance obligations in their information governance framework.

Manufacturing or consumer goods companies will often adopt industry practices for quality control or meeting environmental standards.  Common examples are the ISO 9000 set of standards for goods and service delivery, and ISO 14000 for environmental impact.  Strong document control and record-keeping practices are part of these global standards.

Corporations may also have internally-developed requirements for ethical business practices.  This could mean standards for client communication, dealing with competitors, or employee recruiting.  Clearly defined practices for the capture, preservation and sharing of these sensitive types of communication may carry non-compliance repercussions for employees or management who don’t respect company standards.  An ECM deployment can help ensure consistent capture, management, sharing and preservation, within a secure online environment.

Compliance can also mean meeting internally mandated guidelines for accessibility and universal access.  Technology can be a powerful way to be more inclusive of a diverse workplace, making information and content available through a variety of means.  Compliance with standards such as US Section 508 helps governments and private companies serve clients and employees who have visual impairments.  Ensuring users with different abilities can find and use electronic content an important consideration for organizations of all sizes.  Technologies related to ECM, such as Web Content Management, Collaboration or publishing tools, can deliver on this type of compliance requirement.

ERM/ECM system functionality has become very sophisticated and powerful to enable us to capture, management, retrieve and dispose of our content and records.  However, building and maintaining an information governance strategy is critical to support and protect our organizations.


I will be speaking at the following events:

November 13th– 16th, 2012  AIIM ECM Master class in Amsterdam

December 4th– 7th, 2012  AIIM ERM Master class in Amsterdam 

#ElectronicRecordsManagement #ERM #ECM