1 Breaking Down the Silos: A 21st Century Approach to Information Governance May 2015
2 Introduction With the spotlight on data breaches and privacy, organizations are increasing their focus on information governance Unfortunately, most companies are still relying on a 20 th century organizational structure to solve a 21 st century problem From: usbtypewriter on Estsy available at: Huron Consulting Group.
3 Information Governance Failures and Missteps Information is a critical asset to any organization and can pose a serious liability and risk if not adequately addressed. Increasing recent events highlight public failures in the lack of a strong Information Governance framework. (Source: The Sedona Commentary on Information Governance, 2013) Data privacy and security breaches, such as a global electronics company attributing $171 million in out-of-pocket remediation costs to a data breach affecting 100 million persons estimated to exceed $1 billion ; E-discovery sanctions, such as an award of $8.5 million in monetary sanctions against patent holder for willfully failing to produce tens of thousands of discoverable documents ; Recordkeeping compliance penalties, such as a national clothing retailer fined over $1 million by the U.S. Immigration and Customs Enforcement Agency for information compliance deficiencies in its I-9 employment verification system, and a retail pharmacy chain reaching an $11 million settlement with the U.S. Government for record-keeping violations under the Controlled Substances Act. Almost two-thirds of data breaches are caused by human or systems errors Malicious or criminal attacks average about $160 per compromised record The recent data breach at America s third largest retailer and six others affected 1 in 4 U.S. consumers Huron Consulting Group.
4 What is Information Governance? Gartner: Information Governance is the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals Huron Consulting Group.
5 What is Information Governance? Wikipedia: Information governance, or IG, is the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements Huron Consulting Group.
6 What is Information Governance? Sedona: an organization s coordinated, inter-disciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value. As such, Information Governance encompasses and reconciles the various legal and compliance requirements and risks addressed by different information-focused disciplines, such as records and information management ( RIM ), data privacy, information security, and e-discovery. Understanding the objectives of these disciplines allows functional overlap to be leveraged (if synergistic); coordinated (if operating in parallel); or reconciled (if in conflict) Huron Consulting Group.
7 What is Information Governance? The coordinated, inter-disciplinary approach to satisfying information compliance requirements, managing information risks and optimizing information value Encompasses and reconciles the various legal and compliance requirements and risks addressed by different information-focused disciplines such as records and information management, data privacy, information security, and e-discovery Involves a top-down, overarching framework, informed by the information requirements of all information stakeholders that enable an organization to make decisions about information for the good of the overall organization and consistent with senior management s strategy Huron Consulting Group.
8 Information Governance and Data Governance Information Governance focuses on optimizing and leveraging information while keeping it secure and meeting legal and privacy obligations in alignment with business objectives Includes information lifecycle management and ownership Driven from the business and legal perspective Data Governance focuses on data quality, reliability, and uniqueness (deduplication), so that downstream uses in reports and databases are more trusted and accurate Includes master data management (MDM) Driven from the Information Technology perspective Huron Consulting Group.
9 Information Governance and Data Governance DAMA IGRM Huron Consulting Group.
10 Information as an Asset Risk Cost Value Huron Consulting Group.
11 Information as an Asset: Moving from T to I Information Value I T Infrastructure Technology Huron Consulting Group.
12 The Challenge Rising Business Demands Increasing Regulatory Mandates Information Increasing Information Volume Investment Prioritization Challenges Huron Consulting Group.
13 Information Governance Approaches Informal Information Governance Committee Information Governance Function Huron Consulting Group.
14 Informal Information Governance From: Sedona Conference Commentary on Information Governance Huron Consulting Group.
15 Information Governance Steering Committee From: Sedona Conference Commentary on Information Governance Huron Consulting Group.
16 Information Governance Function From: Sedona Conference Commentary on Information Governance Huron Consulting Group.
17 Why Form and Information Governance Committee or Function Aligns priorities and investments Identifies stakeholders Ensures the business is involved Increases independence Huron Consulting Group.
18 Huron Consulting Group. Current State Focus
19 New Problems, Same Old Structure RIM Discovery Privacy InfoSec Huron Consulting Group.
20 Current State: Records and Information Management Retention Organization and taxonomy Store & Protect Dispose Create / Receive Organize & Manage Paper legacy Use Huron Consulting Group.
21 Current State: E-Discovery Often reactive Evidence v. business information Preservation v. retention Identification Preservation Collection Processing Hosting Review Production Huron Consulting Group.
22 Current State: Privacy Increasing visibility Proactive v. reactive involvement Staffing challenges Huron Consulting Group.
23 Current State: Information and Cybersecurity Prevention and response Technology focused Requirements driven Huron Consulting Group.
24 What do they have in common? Understanding what you have, where it is, and how it is managed Policies, Procedures, Standards, Guidelines Communications, Training, Monitoring, Reporting Technology Investments Huron Consulting Group. 24
25 Coordination is Good, But Collaboration is Better Metcalfe s Law: The more people who use something, the more valuable it becomes. RIM InfoSec Discovery Information Governance Enterprise Functions Privacy Lines of Business Huron Consulting Group.
26 What about the business? Enterprise Functions Lines of Business Huron Consulting Group.
27 Comprehensive Information Governance Framework Dispose, Destroy Migration, system change, conversion Destruction, Disposition Long-term preservation Determining which information to create and capture Holistic Information Governance Form & structure of information Which technologies to use Metadata creation & mgt. Create / Receive Safety, security, privacy Organizing Information Maintain, Control Risk assessment Retrieval, use and transmittal of information Retention requirement: regulatory, legal, & operational Use, Consume, Share, Distribute Huron Consulting Group.
28 Key Sedona Principles on Information Governance independence from any particular department or division (Principle 2) All information stakeholders should participate (Principle 3) should be established with the structure, direction, resources, and accountability to meet program objectives (Principle 5) effective, timely, and consistent disposal of physical and electronic information that no longer needs to be retained (Principle 6) Acting in good faith to reconcile conflicting laws and obligations should establish reasonableness (Principles 7 & 8) Huron Consulting Group. 28
29 The Retention / Minimization Balance Privacy RIM Business and Analytics Shorter Retention Longer Huron Consulting Group.
30 Tactical v. Strategic Information Governance is strategic To be strategic, you need partners, sponsors, and a network Tactical vs. Strategic Characteristics Tactical Top down Silo d accountability Difficult to value Strategic Up, down, and across Collective accountability Measurable Huron Consulting Group. 30
31 Building an Information Governance Committee Huron Consulting Group.
32 Get Organizational Buy-In and Commitment Huron Consulting Group.
33 Who Should Sponsor? CEO / COO CIO / Chief Information Officer CLO / Chief Legal Officer CCO / Chief Compliance Line of Business Executive Huron Consulting Group.
34 Information Governance Committee Model Executive Sponsorship Information Governance Sponsors CIO CLO CCO CFO Information Governance Committee Legal / Discovery Information Technology Risk Management Information Security Enterprise Functions BU and Regional RIM Compliance / Audit Privacy Lines of Business Champions Working Teams Strategic Policies and Procedures Projects and Platforms Incident Response Change Management Projects Tactical ECM Data Classification Employee Training Information Mapping Huron Consulting Group.
35 Scope Goals Objectives Information Governance Strategy Components Environment Assessment Mission, Vision, Values, Guiding Principles External Forces Regulations Standards Trends Benchmarks Internal Forces Assumptions Constraints Benchmarks Strategy Strategy Strategy Action Plans Annual Operating Plan & Budget Communications Plan Current State Assessment Issues Risk Resources CSFs Desired Future State Gaps Evaluate Results Assumptions Ongoing Feedback Huron Consulting Group.
36 Develop a Charter Define roles and responsibilities Set objectives and mission Identify sponsor, chairperson, steering committee and working teams Establish structure for meetings, reporting and communication Huron Consulting Group.
37 Assess and Identify Understand what you have Identify gaps and risks Measure cost, risk and value Huron Consulting Group.
38 Build a Roadmap Agree on priorities Establish project and working teams Huron Consulting Group.
39 Amount of Information Execute and Extend Time Huron Consulting Group.
40 Measure and Optimize Determine metrics up front Report often Optimize and adjust the roadmap Huron Consulting Group.
41 Practical (and Political) Tips Who sometimes matters more than where Identify members and information ownership early Leverage organizational mission statement and values Huron Consulting Group.
42 Don t Forget the Orphans Digital Signatures Defensible Disposition Messaging Policies Cloud Strategy Huron Consulting Group.
43 Beyond the Steering Committee: Emerging Roles and Functions Dedicated IG Function Provides greater independence New IG Roles Chief Information Governance Officer Chief Data Officer Director of Information Governance Information Governance Manager Huron Consulting Group.
44 What are the benefits of this approach? Alignment of enterprise goals and investments Decreased Costs Consolidated change management Increased access to and value of information Greater defensibility and consistency Huron Consulting Group.
45 Questions? For more information, contact: David Ray Director Huron Consulting Group Tel: Huron Consulting Group.
WHITE PAPER: EDISCOVERY AND LITIGATION READINESS Becoming Litigation Ready Through Proactive Information Governance OCTOBER 2008 Peter Pepiton II CA INFORMATION GOVERNANCE SOLUTIONS Table of Contents Executive
Records Management Best Practices Guide A Practical Approach to Building a Comprehensive and Compliant Records Management Program Protecting and Managing the World s Information. Since 1951, Iron Mountain
Managing Information for E-discovery Readiness A Docula bs Wh i te Pa pe r 2009 Doculabs, 200 West Monroe Street, Suite 2050, Chicago, IL 60606 (312) 433-7793 firstname.lastname@example.org. Reproduction in whole or
The Impact of Electronically Stored Information on Corporate Legal and Compliance Management White paper The impact of electronically stored information on corporate legal and compliance management: An
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
Is it in the Cards? December 2007 Page 2 Executive Summary This research benchmark provides insight and recommendations for all organizations that are looking to integrate their logical security infrastructure
Province of British Columbia Enterprise Content Management Strategy Defining the Government Content Ecosystem Version 2.0 ii P age Foreword Driven by the need to control the content chaos that pervades
Best Practices for Cloud-Based Information Governance Autonomy White Paper Index Introduction 1 Evaluating Cloud Deployment 1 Public versus Private Clouds 2 Better Management of Resources 2 Overall Cloud
Information Technology Outsourcing GTAG Partners AICPA American Institute of Certified Public Accountants www.aicpa.org CIS Center for Internet Security www.cisecurity.org CMU/SEI Carnegie-Mellon University
Practice Guide Reliance by Internal Audit on Other Assurance Providers DECEMBER 2011 Table of Contents Executive Summary... 1 Introduction... 1 Principles for Relying on the Work of Internal or External
J U L Y 2 0 1 2 OpenText Enterprise Information Management CIOs are under siege Do more with less is no longer an ideal, it s a mandate. With growing volumes and a host of information formats to manage
Brochure Best practices for cloud-based information governance Autonomy Cloud solutions Information governance in the cloud Key advantages to cloud computing Cloud computing alleviates adoption complexity,
Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship
White Paper An Enterprise Security Program and Architecture to Support Business Drivers seccuris.com (866) 644-8442 Contents Introduction... 3 Information Assurance... 4 Sherwood Applied Business Security
February 9, 2015 February 9, 2015 Page i Table of Contents General Characteristics... 1 Career Path... 3 Typical Common Responsibilities for the ure Role... 4 Typical Responsibilities for Enterprise ure...
Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach
Planning for the Future Strategic Plan U. S. S e c u r i t i e s a n d E x c h a n g e C o m m i s s i o n F I S C A L Y E A R S 2 0 1 4 2 0 1 8 D R A F T F O R C O M M E N T This document presents the
Outsourcing Workbook Page 1 Copyright 2008 Notice of rights All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical, photocopying, recording,
the Future series Predictions and insights The spotlight is now on tax Never before has tax been more important to governments, taxpayers and other stakeholders. Tax forms the basis for public spending,
Operational Excellence Management System An Overview of the OEMS Contents 2 4 6 8 14 16 17 Back Cover Operational Excellence Management System Leadership Accountability Management System Process OE Expectations
WHITE PAPER Cloud Economics: A Financial Analysis of Information Management IT Delivery Models Sponsored by: Viewpointe LLC Michael Versace October 2013 Randy Perry IDC OPINION Executive Summary Cost optimization
Creating Effective Cloud Computing Contracts for the Federal Government Best Practices for Acquiring IT as a Service A joint publication of the In coordination with the Federal Cloud Compliance Committee
1 Issue 1 2 3 3 5 CommVault paper: Solve Big Data Management Problems with an Intelligent Archive The Trouble with Disparate Solutions The Solution: Simpana OnePass for Converged Backup, Archive & Reporting
United States Department of Justice Federal Bureau of Investigation Information Technology Strategic Plan FY 2010 2015 CIO s Vision to deliver reliable and effective technology solutions needed to fulfill
Information Technology Outsourcing 2nd Edition Global Technology Audit Guide (GTAG ) 7 Information Technology Outsourcing 2nd Edition June 2012 GTAG Table of Contents Table of Contents...1 Executive Summary...2