Information Governance…in Seven Really Difficult Steps

By Monica Crocker posted 10-23-2012 16:10


Why would I pick a title that almost guarantees no one will read this, especially in the shadow of Marc Solomon and Chris Walker’s recent, excellent blogs on the topic of information governance (Big Governance and the Politics of Self-Regulationand Governance sucks but doesn't have to)?  Because I’m not going to sugarcoat this.  The difficulty is not, of course, that the steps are complex or hard to understand.  As with most things, it is the actual implementation of the steps that brings the challenge.     

Step 1:  Launch the Information Governance Program

This is not as obvious as it seems, I have learned.   Part of the problem may be that my organization does not have an “Information Governance Officer” or an “Information Governance Department.”  Not many do.  So, it is difficult to get the kind of visibility needed to socialize this initiative.  Luckily, I have a C-level sponsor who is willing to take on the task of making other C-level folks aware of the need for Information Governance.  Once you get them on board (the hard part), you can figure out how to make it known throughout the land (emails, intranet blurbs, hand out Information Governance candy at the employee entrance, treatise nailed to the front doors…whatever works).  Something to the effect of: Hear ye, hear ye…we have information…and it shall be governed…Thus sayeth the people who sign your paychecks. 

Step 2: Convene an Information Governance Team

Round up the usual suspects….Legal, IT, Risk, Records.  Then try to put an EQUAL NUMBER of representatives of the business in the room.  Not only is there strength in numbers, but you might need business representatives to form a tag team so that one of them is always rested and ready to fight the battle.  I initially tried to accomplish this by saying “I represent the business; trust me, I know what they need” but that wasn’t convincing, so now I have nice business people who would rather be doing other things show up and represent their interests.

Step 3: Announce the Information Governance Policy

You could re-work your Records Management Policy to be a more inclusive “Information Governance” policy.  Or you could adopt our approach, which was to create an additional “Information Use” policy that lays out the rules for Information Governance at Land O’Lakes (encompassing information creation, sharing, storage, and ownership).  Our Information Use Policy includes a reference to the Records Management Policy.  Make the policy known by whatever means are appropriate in your organization.  Ideally, those communications come from a C-level representative.

Step 4: Create the Toolbox

In order to achieve compliance with any policy, you have to give people the tools necessary to follow the rules.  My goal for these tools is as follows: it should be easier to manage information in accordance with the policy that not to.  In other words, following the policy should be the path of least resistance.  That requires many tools; including standards, training, processes and technologies that support the policy.  Some examples might be:

  • Ensuring the only “portable media” available via the standard procurement channels are the encrypted ones that meet your Information Storage Standard,
  • Configuring your email solution so that it supports your organization’s email policy, (see Mark Mandel’s recent blog on this very important topic: The Email Pyramid
  • Disabling the creation of folders in SharePoint libraries, (as intimated in Daniel Antion’s recent blog: Site vs Library)
  • Creation of an enterprise taxonomy so that the organization has consistent methods to describe information.

One of the required tools is a Retention Schedule, which is so critical that I made it a step of its own.   It was also our FIRST step, since and updated Records Management Policy and Retention Schedule set the context for everything that followed.

Step 5: Publish an Updated Retention Schedule

I suggest making sure the Retention Schedule is an Information Retention Schedule, not just a Records Retention Schedule.  Ours is inclusive of all information, including convenience copies, transitory communications and administrative content. 

You may also need to rework your retention schedule so that it is in the language of the business, instead of records management language.  No one in the business knows or cares what “CYFY + 6” means.  Spell it out.  They also don’t know what “Record Series 425.3” is, but they probably know what “Accounts Payable Information” is, so base your record categories on high level business activities.  And they don’t know to look up the retention for the “HR-01-2012 Form,” but they might be able to find the “Position Description Files,” so define your record series based on the business activities they support, instead of trying to list each and every kind of document in the organization.

Step 6: Train

Once again, training is a tool so important that it merits its own step.  Train the representatives on the Information Governance team to be able to effectively socialize the key aspects of the program.  Train Legal, IT and Records Management representatives to be able to field (and if necessary, refer) questions.  Teach Records Coordinators what resources exist and where to find them.  Train IT on any processes they will need to follow and, most importantly, why.  Then make some convenient training  available (on-line, for instance) to every single member of your organization.  If you really want to put some teeth into your program, make the training required.

Step 7: Repeat Steps 1-6

As many of them as necessary, as often as necessary.   

#information #InformationGovernance #ElectronicRecordsManagement #governance