1 Breaking Down the Silos: A 21st Century Approach to Information Governance May 2015
2 Introduction With the spotlight on data breaches and privacy, organizations are increasing their focus on information governance Unfortunately, most companies are still relying on a 20 th century organizational structure to solve a 21 st century problem From: usbtypewriter on Estsy available at: Huron Consulting Group.
3 Information Governance Failures and Missteps Information is a critical asset to any organization and can pose a serious liability and risk if not adequately addressed. Increasing recent events highlight public failures in the lack of a strong Information Governance framework. (Source: The Sedona Commentary on Information Governance, 2013) Data privacy and security breaches, such as a global electronics company attributing $171 million in out-of-pocket remediation costs to a data breach affecting 100 million persons estimated to exceed $1 billion ; E-discovery sanctions, such as an award of $8.5 million in monetary sanctions against patent holder for willfully failing to produce tens of thousands of discoverable documents ; Recordkeeping compliance penalties, such as a national clothing retailer fined over $1 million by the U.S. Immigration and Customs Enforcement Agency for information compliance deficiencies in its I-9 employment verification system, and a retail pharmacy chain reaching an $11 million settlement with the U.S. Government for record-keeping violations under the Controlled Substances Act. Almost two-thirds of data breaches are caused by human or systems errors Malicious or criminal attacks average about $160 per compromised record The recent data breach at America s third largest retailer and six others affected 1 in 4 U.S. consumers Huron Consulting Group.
4 What is Information Governance? Gartner: Information Governance is the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals Huron Consulting Group.
5 What is Information Governance? Wikipedia: Information governance, or IG, is the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements Huron Consulting Group.
6 What is Information Governance? Sedona: an organization s coordinated, inter-disciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value. As such, Information Governance encompasses and reconciles the various legal and compliance requirements and risks addressed by different information-focused disciplines, such as records and information management ( RIM ), data privacy, information security, and e-discovery. Understanding the objectives of these disciplines allows functional overlap to be leveraged (if synergistic); coordinated (if operating in parallel); or reconciled (if in conflict) Huron Consulting Group.
7 What is Information Governance? The coordinated, inter-disciplinary approach to satisfying information compliance requirements, managing information risks and optimizing information value Encompasses and reconciles the various legal and compliance requirements and risks addressed by different information-focused disciplines such as records and information management, data privacy, information security, and e-discovery Involves a top-down, overarching framework, informed by the information requirements of all information stakeholders that enable an organization to make decisions about information for the good of the overall organization and consistent with senior management s strategy Huron Consulting Group.
8 Information Governance and Data Governance Information Governance focuses on optimizing and leveraging information while keeping it secure and meeting legal and privacy obligations in alignment with business objectives Includes information lifecycle management and ownership Driven from the business and legal perspective Data Governance focuses on data quality, reliability, and uniqueness (deduplication), so that downstream uses in reports and databases are more trusted and accurate Includes master data management (MDM) Driven from the Information Technology perspective Huron Consulting Group.
9 Information Governance and Data Governance DAMA IGRM Huron Consulting Group.
10 Information as an Asset Risk Cost Value Huron Consulting Group.
11 Information as an Asset: Moving from T to I Information Value I T Infrastructure Technology Huron Consulting Group.
12 The Challenge Rising Business Demands Increasing Regulatory Mandates Information Increasing Information Volume Investment Prioritization Challenges Huron Consulting Group.
13 Information Governance Approaches Informal Information Governance Committee Information Governance Function Huron Consulting Group.
14 Informal Information Governance From: Sedona Conference Commentary on Information Governance Huron Consulting Group.
15 Information Governance Steering Committee From: Sedona Conference Commentary on Information Governance Huron Consulting Group.
16 Information Governance Function From: Sedona Conference Commentary on Information Governance Huron Consulting Group.
17 Why Form and Information Governance Committee or Function Aligns priorities and investments Identifies stakeholders Ensures the business is involved Increases independence Huron Consulting Group.
18 Huron Consulting Group. Current State Focus
19 New Problems, Same Old Structure RIM Discovery Privacy InfoSec Huron Consulting Group.
20 Current State: Records and Information Management Retention Organization and taxonomy Store & Protect Dispose Create / Receive Organize & Manage Paper legacy Use Huron Consulting Group.
21 Current State: E-Discovery Often reactive Evidence v. business information Preservation v. retention Identification Preservation Collection Processing Hosting Review Production Huron Consulting Group.
22 Current State: Privacy Increasing visibility Proactive v. reactive involvement Staffing challenges Huron Consulting Group.
23 Current State: Information and Cybersecurity Prevention and response Technology focused Requirements driven Huron Consulting Group.
24 What do they have in common? Understanding what you have, where it is, and how it is managed Policies, Procedures, Standards, Guidelines Communications, Training, Monitoring, Reporting Technology Investments Huron Consulting Group. 24
25 Coordination is Good, But Collaboration is Better Metcalfe s Law: The more people who use something, the more valuable it becomes. RIM InfoSec Discovery Information Governance Enterprise Functions Privacy Lines of Business Huron Consulting Group.
26 What about the business? Enterprise Functions Lines of Business Huron Consulting Group.
27 Comprehensive Information Governance Framework Dispose, Destroy Migration, system change, conversion Destruction, Disposition Long-term preservation Determining which information to create and capture Holistic Information Governance Form & structure of information Which technologies to use Metadata creation & mgt. Create / Receive Safety, security, privacy Organizing Information Maintain, Control Risk assessment Retrieval, use and transmittal of information Retention requirement: regulatory, legal, & operational Use, Consume, Share, Distribute Huron Consulting Group.
28 Key Sedona Principles on Information Governance independence from any particular department or division (Principle 2) All information stakeholders should participate (Principle 3) should be established with the structure, direction, resources, and accountability to meet program objectives (Principle 5) effective, timely, and consistent disposal of physical and electronic information that no longer needs to be retained (Principle 6) Acting in good faith to reconcile conflicting laws and obligations should establish reasonableness (Principles 7 & 8) Huron Consulting Group. 28
29 The Retention / Minimization Balance Privacy RIM Business and Analytics Shorter Retention Longer Huron Consulting Group.
30 Tactical v. Strategic Information Governance is strategic To be strategic, you need partners, sponsors, and a network Tactical vs. Strategic Characteristics Tactical Top down Silo d accountability Difficult to value Strategic Up, down, and across Collective accountability Measurable Huron Consulting Group. 30
31 Building an Information Governance Committee Huron Consulting Group.
32 Get Organizational Buy-In and Commitment Huron Consulting Group.
33 Who Should Sponsor? CEO / COO CIO / Chief Information Officer CLO / Chief Legal Officer CCO / Chief Compliance Line of Business Executive Huron Consulting Group.
34 Information Governance Committee Model Executive Sponsorship Information Governance Sponsors CIO CLO CCO CFO Information Governance Committee Legal / Discovery Information Technology Risk Management Information Security Enterprise Functions BU and Regional RIM Compliance / Audit Privacy Lines of Business Champions Working Teams Strategic Policies and Procedures Projects and Platforms Incident Response Change Management Projects Tactical ECM Data Classification Employee Training Information Mapping Huron Consulting Group.
35 Scope Goals Objectives Information Governance Strategy Components Environment Assessment Mission, Vision, Values, Guiding Principles External Forces Regulations Standards Trends Benchmarks Internal Forces Assumptions Constraints Benchmarks Strategy Strategy Strategy Action Plans Annual Operating Plan & Budget Communications Plan Current State Assessment Issues Risk Resources CSFs Desired Future State Gaps Evaluate Results Assumptions Ongoing Feedback Huron Consulting Group.
36 Develop a Charter Define roles and responsibilities Set objectives and mission Identify sponsor, chairperson, steering committee and working teams Establish structure for meetings, reporting and communication Huron Consulting Group.
37 Assess and Identify Understand what you have Identify gaps and risks Measure cost, risk and value Huron Consulting Group.
38 Build a Roadmap Agree on priorities Establish project and working teams Huron Consulting Group.
39 Amount of Information Execute and Extend Time Huron Consulting Group.
40 Measure and Optimize Determine metrics up front Report often Optimize and adjust the roadmap Huron Consulting Group.
41 Practical (and Political) Tips Who sometimes matters more than where Identify members and information ownership early Leverage organizational mission statement and values Huron Consulting Group.
42 Don t Forget the Orphans Digital Signatures Defensible Disposition Messaging Policies Cloud Strategy Huron Consulting Group.
43 Beyond the Steering Committee: Emerging Roles and Functions Dedicated IG Function Provides greater independence New IG Roles Chief Information Governance Officer Chief Data Officer Director of Information Governance Information Governance Manager Huron Consulting Group.
44 What are the benefits of this approach? Alignment of enterprise goals and investments Decreased Costs Consolidated change management Increased access to and value of information Greater defensibility and consistency Huron Consulting Group.
45 Questions? For more information, contact: David Ray Director Huron Consulting Group Tel: Huron Consulting Group.
Fundamentals of Information Governance: More than just records management PETER KURILECZ CRM CA IGP Hard as I try, I simply cannot make myself understand how Information Governance isn t just a different
From Information Management to Information Governance: The New Paradigm By: Laurie Fischer Overview The explosive growth of information presents management challenges to every organization today. Retaining
Functions & Importance of a Strategic Business Plan Komal A Gulich, CRM, IGP Manager, Enterprise Records Management FirstEnergy Service Co April 15, 2014 Agenda Brief recap of Workshop Look at Function
Information Governance: Where is ARMA International Headed? David M. Fleming, CRM, IGP, CIP ARMA Utah-Salt Lake Chapter Meeting September 18, 2014 Discussion Points Defining Information Governance Defining
21st Century Best Practices for Information Governance & Policies Presented by: John Isaza, CEO- Information Governance Solutions, LLC Partner - Rimon PC ARMA NOVA Chapter Friday, February 28, 2014 12:30
White Paper Enterprise Information Governance Date Released: September 2014 Author/s: Astral Consulting Disclaimer This White Paper is published for general information purposes only. Nothing in the White
Implementing Information Governance: A Best Practice Approach to Enable Compliance and Reduce Costs & Risks July 23, 2015 2015 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design
Global Records and Information Management Risk: Proactive and Practical Approaches to Effective Records Management September 16, 2014 Maura Dunn, MLS, CRM Lee Karas, MBA Agenda Drivers for your Records
Implementing Enterprise Information Governance: A Practical Approach TAD C. HOWINGTON, CRM, CA, FAI MANAGER, RECORDS AND INFORMATION COPANO ENERGY HOUSTON, TEXAS 512.627.9181 Learning Objectives Upon completion
Information Governance what it is and how it relates to your customers Julie J. Colgan, IGP, CRM 2015 PRISM Annual Conference How much of the world s data was created in the last 2 years? 30% 50% 70% 90%
Better Data is Everyone s Job! Using Data Governance to Accelerate the Data Driven Organization Intros - Name - Interest / Challenge - Role Data Governance is a Business Function Data governance should
Amir Jaibaji - Product Management Program Director IBM Information Lifecycle Governance IBM Unstructured Data Identification & Management An on ramp to reducing information costs and risk Enterprise big
Information Governance 2.0 A DOCULABS WHITE PAPER Information governance is the control of an organization s information to meet its regulatory, litigation, and risk objectives. Effectively managing and
Understanding Today s Economics of Information Get Your Act Together Now! Sylvan Sibito H Morley III IBM Worldwide Director Information Lifecycle Governance Information Economics: The discipline of analyzing
THE STATE OF INFORMATION GOVERNANCE IN CORPORATIONS Advice from Counsel is Sponsored by: 2016 FTI Consulting Inc. Advice from Counsel: The State of Information Governance in Corporations 1/16 INTRODUCTION
The World of Information Governance Society of Corporate Compliance and Ethics Maggi Johnsen, CRM October 12, 2012 Table of Contents What is Information Governance (IG)? What Might Lead to an IG Failure?
E-PAPER DECEMBER 2014 Guide to Information Governance: A Holistic Approach A comprehensive strategy allows agencies to create more reliable processes for ediscovery, increase stakeholder collaboration,
ARMA: Information Governance: A Revenue Source Potential Presenter: Martin Tuip Executive Director for IG Products ARMA International Agenda About ARMA International What is Information Governance? Generally
May 19-22, 2014, Toronto ON Canada Information Governance & Records Management for Today's World Presented by Colin Cahill LI22 5/20/2014 1:15 PM - 2:45 PM The handouts and presentations attached are copyright
Information Asset Management that Drives Business Performance Jeremy Pritchard 1 The amount of data you have doubles every 12 to 18 months Thomas Redman Data-Driven 1 The average amount of inaccurate data
DATA GOVERNANCE Enterprise Data Governance Strategies and Approaches for Implementing a Multi-Domain Data Governance Model Mark Allen Sr. Consultant, Enterprise Data Governance WellPoint, Inc. 1 Introduction:
Certified Information Professional 2016 Update Outline Introduction The 2016 revision to the Certified Information Professional certification helps IT and information professionals demonstrate their ability
RM-Speedy  From Records Management to Information Lifecycle Governance Sven Hapke IBM Deutschland GmbH The Information Governance Problem 98% Companies that cite defensible disposal as key result of
Enterprise Content Management (ECM) Policy Version Information A. Introduction Purpose 1. Outline and articulate the strategy for enterprise content management across Redland City Council (RCC). This document
ANALYTICS GOVERNANCE May 16, 2014 Dr. Tamira Harris, PhD, MBA, MSN, CPHQ, CCM What is Enterprise? The core of enterprise analytics is to create a technological and management infrastructure to get an enterprise-wide,
Getting Started with Data Governance Philip Russom TDWI Research Director, Data Management June 14, 2012 Speakers Philip Russom Director, TDWI Research Daniel Teachey Senior Director of Marketing, DataFlux
Tactics v. Strategy: From Records & Information Management to Information Governance David M. Fleming, CRM, CIP ARMA Silicon Valley Chapter Meeting March 14, 2013 Discussion Points About Zions Bancorporation
Allison Stanton, Director of E-Discovery U.S. Department of Justice, Civil Division Benjamin Young, Assistant General Counsel U.S. Department of Agriculture 1 Disclaimer The views expressed in this presentation
What We ll Cover Foundations of Records and Information Management Creating a Defensible Retention Schedule Paper v. Electronic Records Organization and Retrieval of Records and Information Records Management
Planning for a Successful Information Governance Program Kathy Downing, MA, RHIA CHPS,PMP AHIMA Senior Director IG Objectives Overview of Project Management Applying Project Management techniques to Information
ARMA CENTRAL IOWA APRIL 25, 2013 MAKING THE BUSINESS CASE FOR INFORMATION GOVERNANCE: MORE CARROT, LESS STICK AGENDA The information imperative The time is NOW Why RIM Making the case for IG 2 THE INFORMATION
Informatica Data Governance Framework Defining a Strategy for Success Clarke Patterson Sr. Director Product Marketing 1 Agenda The Role of Data Governance Assessing Maturity Understanding the Components
Information Governance for Healthcare Executives Lesley Kadlec, MA, RHIA Lydia Mays Washington, MS, RHIA, CPHIMS Objectives Understand the opportunity to capitalize on Information through a solid governance
Generally Accepted Recordkeeping Principles How Does Your Program Measure Up? GARP Overview Creation Purpose GARP Overview Creation About ARMA International and the Generally Accepted Recordkeeping Principles
Killing Two Birds With One Stone: Optimizing Information Governance for Easier E- Discovery 1 Agenda Presenters The relationship between information governance and e-discovery Sanctions and case law Corporate
TRENDS AND DEVELOPMENTS IN INFORMATION GOVERNANCE AND RECORDS MANAGEMENT William Saffady (718) 246-4696 email@example.com Key Concepts Defined Governance the process or system by which an organization s
Big Data Governance ISACA Chapter Annual Conference Sarova Whitesands Hotel, Mombasa 29th - 31st July, 2015 Prof. Ddembe Williams KCA University Presentation Overview 1. What is Data Governance and why
INFORMATION GOVERNANCE A Holistic Approach to Information Governance David Peterson June 6, 2014 Presentation Overview WHAT IS INFORMATION GOVERNANCE? CHALLENGES OUTCOMES ESSENTIAL ELEMENTS STANDARD DEFINITIONS
Master Data Management Defining & Measuring MDM Maturity, A Continuous Improvement Approach DEFINE IMPROVE MEASURE Presentation by Mark Allen 1 About the Author Mark Allen has over 25 years of data management
- 1 - Information Governance: 3 Initial Steps on the Way to Success by Mike Frazier Director, Information Governance, TERIS - 2 - Lately, the phrase information governance has become one of those buzzwords
Director, Value Engineering April 25 th, 2012 Copyright OpenText Corporation. All rights reserved. This publication represents proprietary, confidential information pertaining to OpenText product, software
Defensible Disposition Strategies for Disposing of Structured Data - etrash Presented by John Isaza, Esq., FAI Co-Founder & CEO, Information Governance Solutions, LLC Tom Reding, CRM Executive Consultant,
Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff The Challenge IT Executives are challenged with issues around data, compliancy, regulation and making confident decisions on their business
Access and Privacy Conference Edmonton, June 13, 2012 Rick Klumpenhouwer, MA, MAS, CIAPP-M Partner, Cenera INFORMATION GOVERNANCE FOR PRIVACY COMPLIANCE Course Objectives Understand the principles of information
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
Considerations for Outsourcing Records Storage to the Cloud 2 Table of Contents PART I: Identifying the Challenges 1.0 Are we even allowed to move the records? 2.0 Maintaining Legal Control 3.0 From Storage
STATS-DC 2012 Data Conference July 12, 2012 Washington State s Use of the IBM Data Governance Unified Process Best Practices Bill Huennekens Washington State Office of Superintendent of Public Instruction,
City of Toronto Business Architecture Overview 2012 Huw Morgan Enterprise Architecture City of Toronto - Low Sensitivity City of Toronto Enterprise Architecture Program @ the City of Toronto Business Capability
Data Governance Unlocking Value and Controlling Risk 1 White Paper Data Governance Table of contents Introduction... 3 Data Governance Program Goals in light of Privacy... 4 Data Governance Program Pillars...
DATA INTEGRATION Defensibly reducing your data during Mergers, Acquisitions & Divestitures Ronke Ekwensi Tuesday May 19, 2015 MER Session 12 My Background Ronké Ekwensi is a Managing Director in the Legal
Successful Implementation of Enterprise-Wide Information Governance ARMA Austin Monthly Meeting November 13, 2014 TAD C. HOWINGTON, CRM, FAI Manager, E- Records and Information Governance Kinder- Morgan
Global Excellence Mergers and Acquisitions: The Dimension A White Paper by Dr Walid el Abed CEO Trusted Intelligence Contents Preamble...............................................................3 The
Welcome to the Data Analytics Toolkit PowerPoint presentation on data governance. The complexity of healthcare delivery, the exploding demand for actionable information, pressure for greater public accountability,
University of Michigan Medical School Data Governance Council Charter 1 Table of Contents 1.0 SIGNATURE PAGE 2.0 REVISION HISTORY 3.0 PURPOSE OF DOCUMENT 4.0 DATA GOVERNANCE PROGRAM FOUNDATIONAL ELEMENTS
Explore the Possibilities 2013 HR Service Delivery Forum Best Practices in Data Management: Creating a Sustainable and Robust Repository for Reporting and Insights 2013 Towers Watson. All rights reserved.
Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State
Information Governance, Risk, Compliance April White Paper By Galaxy Consulting A At Your Service Today Tomorrow We Appreciate The Privilege Of Serving You! Abstract May 2014 Information is the lifeblood
SAP Brief SAP Extensions SAP Regulation Management by Greenlight, Cyber Governance Edition Objectives Cyber Governance Preparing for the Inevitable Perimeter Breach Augment your preventive cybersecurity
Enterprise Data Management - The Why/How/Who - The business leader s role in data management Maria Villar, Managing Partner Business Data Leadership Introduction Good Data is necessary for all business
Sarbanes-Oxley Compliance for Cloud Applications What Is Sarbanes-Oxley? Sarbanes-Oxley Act (SOX) aims to protect investors and the general public from accounting errors and fraudulent practices. For this
Building the Case for Information Governance in Healthcare Lesley Kadlec MA RHIA Director, HIM Practice Excellence AHIMA #IG NOW @l_kadlec ahima.org/infogov Objectives Define information governance and
Information Governance Manage in Place Use Cases Workshop James Seeley Vice President, Governance Sales threat protection compliance archiving & governance secure communication Information Governance -
Turning INSIGHTS Into ACTION Sue Trombley, Managing Director, Thought Leadership, Iron Mountain February 20, 2015 2014 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the
NAVIGATING THE MAZE 2013 LEGAL CIO ROUNDTABLE RETREAT March 3-5, 2013 The Boulders Hotel Carefree, Arizona Information Governance Define your Process and Framework Agenda Information Governance Defined
Project Management Office (PMO) Charter Information & Communication Technologies 10 January 2008 Information & Communication Technologies Enterprise Application DISCLAIMER Services Project Management Office
Empower Decision-Making with Information Insight Veritas Information Governance Solutions genius resides in the capacity True for evaluation of uncertain, hazardous, and conflicting information. Winston
2014 Vendor Risk Management Benchmark Study Introduction/Executive Summary You can have all the security in the world inside your company s four walls, but all it takes is a compromise at one third-party
Data Governance Best Practices Rebecca Bolnick Chief Data Officer Maya Vidhyadharan Data Governance Manager Arizona Department of Education Key Issues 1. What is Data Governance and why is it important?
Governance from the Cloud threat protection compliance archiving & governance secure communication Speakers Darren Lee Vice-President & GM, Proofpoint 2 Agenda for Today s Discussion Agenda Who is Proofpoint?
Thinking SharePoint? Think Jornata. SharePoint Governance: Planning, Strategy and Adoption Scott Jamison Managing Partner & CEO Jornata LLC firstname.lastname@example.org About Scott Jamison CEO of Jornata,
Brochure Gain control over all enterprise content HP Autonomy ControlPoint Turning Big Data into little data Most organizations today store data in a number of business systems and information repositories.
Data Governance Overview Anthony Chalker Managing Director August 12, 2014 2:05 2:55 Session What is Data Governance? Data Governance is the specification of decision rights and an accountability framework
Lynda Hilliard, MBA, CHC, CCEP Deputy Compliance Officer University of California Webinar Essentials 1. Session is currently being recorded, and will be available on our website at http://www.utsystem.edu/compliance/swcacademy.html
Privacy Engineering for Cloud and Geolocation and Data Governance THOMAS R FINNERAN PRINCIPAL CONSULTANT - IDENNEDY PROJECT Some Privacy Requirement Questions related to the Cloud How does Cloud Provider
Agile Master Data Management TM : Data Governance in Action A whitepaper by First San Francisco Partners First San Francisco Partners Whitepaper Executive Summary What do data management, master data management,
New 2011 Report! Information Governance Fundamentals, Best Practices & Implementation Issues A Management Primer Including: Information Governance Framework Information Governance Maturity Models E-Document
Banff Health Privacy Summit October 19, 2012 Rick Klumpenhouwer, MA, MAS, CIAPP-M Partner, Cenera INFORMATION GOVERNANCE FOR HEALTH PRIVACY MANAGEMENT The challenge Health providers and health institutions