Designing an Information Governance ProgramPosted 2013-04-16 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Information life-cycle governance reduces costs and risks by incorporating the value of information to stakeholders and disposing of data that has no value.
Creating an ILG
Creating and developing an ILG program requires bringing together the right people, assessing existing processes against the right criteria and acquiring the right technology.
People: Developing a collaborative approach to information across multinational organizations requires very careful consideration of the cross-functional team. An executive committee may include the global director of RIM, CIO, chief financial officer, general counsel and similar roles. An advisory group composed of functional representatives and line-of-business leaders can oversee implementation of the ILG strategy, identify and manage risks, and ensure policy compliance.
A global program office should drive and measure progress toward goals and direct the efforts of a working group that defines, develops and instruments the relevant processes. The internal audit department can measure progress toward the goals, report on process failures, help identify failure causes and ensure accountability for fixing issues.
Processes: The CGOC has identified 16 key business processes that should be developed maturely across multinational organizations to reduce risk and enable defensible disposal. The maturity level of these processes must be assessed based on criteria ranging from ad hoc and inconsistent at the immature end, to integrated and instrumented at the mature end.
Each of the 16 processes has an inherent risk, such as the failure to properly identify custodians or inadvertently exposing private customer data. The ILG team must identify the various processes across the organization that need to be matured and assess the operational capacity required to develop them and make them globally consistent.
Technology: Atechnology solution can support the ILG program by:
· creating a global standard taxonomy, a global retention policy and a global glossary that remain up to date with changing laws and regulations and bridge communications across all stakeholders;
· developing a catalog that lists the business value of all information;
· managing and automating legal holds;
· syndicating information that’s valuable for the IT systems that have custody of it, and communicating this value to the managers of the systems and their data; and
· implementing a shared data source catalog across all stakeholder organizations, along with a secure repository where records can be managed and automatically thrown out.
Getting started with an ILG program can seem daunting, but dividing the program into high-level tasks makes it more manageable. For example, here is a sample program charter that can be modified to suit your specific organization:
· Define and manage policies, governance and operating models pertaining to information governance, such as e-discovery, records management, legal hold, data protection and disposal.
· Lead process development for e-discovery records management, archiving and disposal, such as e-discovery management, fulfillment, legal hold, collections and preservation.
· Provide and communicate business requirements and standards, such as the records-retention schedule and the configuration specifications for regulatory archives.
· Monitor and track policy compliance globally to ensure functional and regional consistency.
It’s also important to look for assistance from expert sources, such as the CGOC, a forum of more than 1,900 legal, IT, records, privacy and information management professionals. CGOC conducts primary research, has dedicated practice groups on challenging topics, and hosts meetings throughout the UnitedStates and Europe, where practice leaders convene to discuss discovery, retention, privacy and governance.
Another excellent resource on information governance programs is the Electronic Discovery Reference Model (www.edrm.net). An EDRM project, the Information Governance Reference Model, offers a common, practical and flexible framework for developing and implementing effective, actionable information management programs that unify stakeholder processes.
Richard Kessler, a faculty member of the CGOC, is executive director and head of Group Information Management & Discovery Services, IT Contracting and Shared Services Legal, at UBS. He is responsible for information governance, including records and information management, legal and regulatory archives, corresponding policies and strategy.
The opinions expressed in this article are those of the author and not necessarily those of UBS AG or its affiliates.