CIOREVIEW >> Compliance >>

Best Practices for Seamless Information Governance Policy

By CIOReview | Tuesday, July 26, 2016

Information is a vital asset and plays an essential part in Governance, service planning and performance management. The recent years have seen an explosion in the volume of information, further creating the need for robust information protection, especially at the enterprise basis. The proprietary forms of management including record management are no longer sufficient in meeting the demands of business at current legal and regulatory requirements. To mitigate risk, reduce overall cost and increase revenue at the enterprise level has led to the evolution of stringent Information Governance, which is becoming indispensable in tackling the emerging pressure of global regulatory agencies.

Insight on Information Governance:

Information Governance is a combination of legal requirements, policy and best practice designed to ensure all aspects of information processing and handling. In addition, it addresses four main categories including; Confidentiality and Data Protection, Information Security, Data Quality, Records Management. The implementation of effective Information Governance in an enterprise helps to streamline customer relationship management, knowledge worker collaboration, employee and customer mobility, data mining, big data and content analytics.

Best Practices for Information Governance

1. Enable coordination and buy-in

First and the foremost process is the stringent coordination. One should develop policies through coordinating with the needs of stakeholders, including legal, compliance, risk management, HR, IT, data privacy, information security and the business units. The coordination model’s progress can also be documented through the help of designated operational and business unit contacts or committees. Regular monitoring and feedback should also be taken into considerations to ensure proper tracking of IG program targets and goals.

2. Information economics

Understanding an organization’s “information economics” helps in assessing IG program. Information economics is a holistic approach to leverage information as a strategic asset. Information enables robust decision making as well as improves agility and speed of execution. The aim of information economics is to increase organization’s revenue through improved decision making thus reducing risk of information misuse.

3. Defensible disposal programs for the rescue

The cost reduction and risk solely depends on defensible disposal of wretched information. The defensible disposal aims at regularly and automatically disposing unwanted legal, compliance or business purpose information. It includes business data, off-site storage, email, backup tapes and call recordings. The goal of the process is to develop a destruction program to channelize the identification of information to be held and remove all other undesirable information from the environment.

4. Fresh look at archiving

Archives are a primary source of vast amounts of unstructured data allowing IG policies and defensible disposal to address the data. The information in the Archives is further leveraged to support disposition through next-generation analytics and discovery tools to handle the volume and variety of data.

5. Replacing proactive e-discovery with early data assessment

The early data assessment (EDA) slashes the cost of e-discovery by moving the analysis phase to the beginning of e-discovery life cycle. It performs analysis at the point of identification after preservation and collection; bursting the myth of analyzing documents before processing and reviewing. Information Governance benefits EDA by increasing the chances of defensibly disposing data before collecting for e-discovery. In addition, it saves time and money by enabling faster response to discovery request.

6. Information Governance Objectives

The Information Governance aims at delivering essential compliance elements to enable and support the business and deliver better business benefits.

• Policy

Information Governance should implement a stringent policy and it should be further embedded into the day-to-day operations. The policy should also be clear, accessible and flexible, going in hand with the business requirements.

• Awareness

The main aim of businesses is to bring awareness to staff and supplier about the Information Governance policy. Bringing awareness in the organization can also help in achieving compliance thus slashing the risk of human error. Information Governance also aims at efficient handling of information to support and enable the business process.

• Monitoring and assurance

Monitoring and assurance of Information Governance policy implements and measures the effectiveness of the environment. Taking feedback from various Information Asset Owners about the operation of the policy is the ideal way of Information Governance.

• Records and information management

Information Governance also covers managing records and information through effective processes of creating receipt. The records should be maintained meeting the guidance set out in the Freedom of Information Act. The management of records provides the complete history of information available and stored thus leveraging information and transparency; saving time, effort and storage space.

• Information security

Businesses should support staff by ensuring clear and accessible information security policy and reduce human error through frequent training. The information security policies should take account of legislative requirements that are appropriate and part of the business. The policy should also work with business areas to align information security policy with operational requirements to find appropriate solutions.

• Collection and use of personal information

The personal information obtained during IG should be managed and used responsibly, securely and fairly. Individuals and third parties personal information should be handled with utmost transparency and openness to impart confidence in them.

In Closing:

The changes in handling information have a direct impact on data protection, information security and confidentiality. Even minor changes in processing information help to comply with legislation and best practices. The Information Governance Program construction differs from company to company but the intent remains rigid. It is a program with requisite support from executives and is not defined to a time span.