Technology plays an important part in enabling information security and the management of personally identifiable information (PII). However, recognising that human factors are just as important, Astral’s approach to PII risk management is driven by information governance, business alignment and stakeholder education. In this initial briefing, we look at what information governance means today.
What is information governance?
Information governance is a strategic framework of standards, processes, roles and metrics that ensure organisational and individual accountability for managing information assets.
As a cross-disciplinary practice, information governance touches on law, records management, information technology, security management and business analysis. It calls for a new breed of information professionals who are competent across diverse and complex fields.
It applies risk and quality management principles to ensure that business information is fit for purpose and capable of supporting corporate performance (value creation), governance and compliance goals.
What is the value of information governance?
Businesses often perceive information governance as a cost rather than an essential management practice that delivers business value from both business and employee perspectives. From a business perspective, information governance reduces various risks and offers measurable improvements in business efficiency.
From an employee perspective, these outcomes improve confidence in decision-making by providing more reliable information. Through the provision of a clearly defined framework for information exchange and knowledge-sharing, collaborative and strategic planning capabilities are enhanced.
Information governance capability is becoming even more important as businesses increasingly rely on data and information to drive core services, operational processes, customer interactions and supply chains. Companies are also subject to a broader range of compliance conditions, including sustainability goals and reporting requirements, which rely heavily on information governance capability. Hence why boards are increasingly involved and interested in corporate information governance.
Astral predicts that information governance will become a hot topic for CIOs in this decade, as cybersecurity risks increase, and blockchain, big data and AI, cloud computing and virtualisation (the so-called ‘metaverse’) become commonplace business tools.
Incremental & disruptive innovation relies on effective governance of big data,
according to a study of 175 firms in 2020.
Information & Management (2020)
As these technologies mature, there will be an increasing need to manage the risk and quality of the information and data these toolsets consume, utilise, and produce to drive business success and innovation.
What is information governance maturity?
Many organisations have some form of information /records management policies and procedures, especially concerning privacy, security, records retention and disposal. They usually have designated systems for managing various classes of data and information and may also have records or document management services.
This level of information governance readiness or maturity may have been adequate in the past but is insufficient today for the following key reasons:
- Increasing volumes of data and information are being produced, consumed and exchanged faster
- Increasing demands for compliance, sustainability and stakeholder accountability
- Emergence of new forms of data and information processing (e.g., artificial intelligence, big data, blockchain, collaboration technologies, cloud computing, simulation and virtualisation)
- The increasing need to protect business information and data from cybersecurity threats
- Increasing commercialisation of data, information and knowledge assets.
Data and information assets are increasingly used to:
- Make strategic economic and financial predictions
- Manage and optimise supply and value chains and production processes
- Determine public policy and service design
- Automate customer interactions and experience
- Assure corporate sustainability.
Information Governance is a predictor of sustainable knowledge creation,
which is a predictor for innovative, financial, and market performance
according to a study of 180 firms in 2019.
How can organisations improve information governance?
There is no ‘one size fits all’ approach to information governance. The right approach is highly dependent on factors such as:
- Current information governance maturity
- Nature of business operations
- Business priorities and strategy
- Current and planned technology ecosystem
- Compliance and regulatory environment.
Foundational aspects of information governance that are established through the majority of our strategy and implementation engagements include:
- User-centric information and data governance policy frameworks and standards
- Controlled processes, such as controlled document workflows that align with and support operational business processes
- Design and implementation of information classification and lifecycle management schemas
- Establishment of internal information governance working and reference groups
- Delivery of information management awareness, training and capability-building initiatives
- Implementation of information management continuous improvement and information risk management frameworks.
In some contexts, complementary approaches are possible, such as:
- Mature enterprise architecture practice can help drive information governance
- Strong continuous improvement capability can support metrics-driven governance
- Participatory approaches emphasise the development of roles-based information governance and building a corporate culture of information and digital literacy.
Benchmarking your organisation is an important first step before setting goals for improvement. We will publish a separate article on our information governance maturity assessment model soon.