Information governance has become a critical subject as businesses continue to generate an increasing amount of sensitive data that requires policy management and compliance. This presentation, outlined by Bassam Zarkout, CTO, RSD, will detail the steps that need to be taken in order to implement an information governance strategy across the enterprise.
Click through for steps that need to be taken in order to implement an enterprise-wide information governance strategy, as identified by Bassam Zarkout, CTO, RSD.
Information governance steering committee
The first step to implementing information governance across the company is to form an information governance steering committee, which includes all the relevant stakeholders such as the CEO, CIO, chief legal counsel, risk officer, compliance officer and a variety of line-of-business executives. Each member needs to understand the potential benefits and impacts it would have on his/her organization. This ensures that everyone is involved in the process from the early stages. The committee would govern the organization’s information policies and procedures.
Objectives and goals
The committee would then set the objectives and goals for the corporation’s information governance strategy, which should then get translated into a set of policies that can be enforced. They will create a written statement of what the initiative is looking to achieve, which lays out the vision and helps employees understand their relationship to information governance policies. These objectives include achieving greater overall operational efficiency, reducing IT infrastructure costs and re-allocating resources, improving compliance across the organization to reduce risks, ensuring the organization extracts and maximizes value from its information, and helping employees balance their roles and ensure accountability by assigning responsibilities.
Scope and vision
Information governance must be implemented enterprise-wide from a practical standpoint, and the vision must be shared across all stakeholders and jurisdictions, as well as aligned with the corporate agenda. The committee must define the scope and timeline as well as a plan for communication and training of all participants. The scope of the information governance policy should include information retention, data protection and personally identifiable information, legal holds and e-Discovery, audit of compliance, laws and regulations in multiple jurisdictions, use of cloud computing, mobile and on-device storage, migration of information across the storage hierarchy, and taxonomy and classification.
Enforcing information governance
The most effective way to minimize corporate risk and improve operational efficiency is to implement a “closed loop” records management program that applies legally defensible governance controls over the entire lifecycle of corporate information that may be housed in various jurisdictions, business units, IT systems and physical warehouses. This requires that corporate information policies are integrated with IT systems and actively enforced across jurisdictions; it also requires that executives have ongoing visibility into the process.
Information governance must be implemented enterprise-wide, but from a practical standpoint, a far-reaching implementation of this kind may be difficult to execute. The important point is to start with the end in mind: eventually, your program must encompass all business units, geographies, IT systems and jurisdictions. In addition, because governance will require constant maintenance, there needs to be a process to update policies when business conditions or regulations change.
Finally, identifying a technology platform that will ensure visibility into policy enforcement, across all jurisdictions, will also be important to the success of an information governance initiative.