Implementing Information Governance – Policies

There are three essential factors that contribute to the successful implementation of an Information Governance Framework: Policies, Management and Organization, and I will in this short post focus on the policies.

The Policy element of the Information Governance framework is concerned with matters such as who owns information.  In this context ownership means ‘responsible and accountable for’. So an example of Information Governance policy on ownership might be as follows: ‘When a document is first created, it is owned by the author, or in the case of an email from outside the organisation, the recipient.  Later, after the document has been reviewed and accepted, the manager who commissioned its creation may become the owner. Once it is declared a record, it is owned by the CIO on behalf of the business.’

The policy element of the information governance model is also concerned with the capture, storage, delivery, preservation and disposal of information.  That would include policies on

• What information must be kept (as records) and what must not be kept (as records), in other words what is to be destroyed when it has served its purpose
• Who is responsible for the capture of different kinds of information, and when;
• Who is responsible for storing it securely, and (in some cases) preserving access to it; and the policies which authorise its disposal.

Information Governance policy must also deal with the rules for accessing and sharing information; for example:

• Information belongs to the organisation, not the individual (this is almost always true in the case of records)
• Information should be shared within the organisation unless there’s a good reason for it not to be, it could be sensitive

Sensitive information must be identified as such, and must not be shared outside the organisation without appropriate authorisation, for example, commercially sensitive information, or information affecting security. Remember, the examples given above are just that – examples. It is essential that top-level approval is gained for Information Governance policies, and that they are universally accepted across the organisation.  (This is another reason why senior management commitment is crucial.)

Information Governance Framework

Many early adopters of ECM have realized that ECM technologies on its own is not the solution, - you need accountability for organisation’s information assets. Good governance ensure compliance with regulations and legislation, enables productivity improvements, enables organisation to respond to change and new opportunities, helps information exchange with customers, partners and providers, and it sustains good information management practices.

A sound Information Governance Framework, often known by its abbreviation, IGF, will include:

   

• Laying down policies that will govern behaviours
• Defining processes for all stages of the Information Lifecycle
• Setting standards that must be followed when carrying out a defined process
• Appointing specific people to be responsible for the information assets
• Providing tools and technology to enable staff to carry out the defined processes to the required standards
• Auditing the elements of the Framework regularly to ensure that the guidelines are being followed

Factors for success of Information Governance Framework implementation

• Policy – processes and standards for management of information – especially records – across organisation
• Management – Information Governance roles and responsibilities
• Organisation – groups and structures required to manage information

For more information access the online ECM or ERM Specialist training program; www.aiim.org/training, or take a look at my ealier post about how to implement ECM.