Information Governance



Similar documents
Document Management & Workflow

Document Management & Workflow

Document Management & Workflow

E-DISCOVERY: A Primer

Electronic Records Management: Software Evaluation Decision Guide

Electronic Health Records: Trends, Issues, Regulations & Technologies

E-discovery Project Decision Guide

ENTERPRISE DIGITAL RIGHTS MANAGEMENT SOFTWARE

What We ll Cover. Defensible Disposal of Records and Information Litigation Holds Information Governance the future of records management programs

ARMA: Information Governance: A Revenue Source Potential

Fundamentals of Information Governance:

Information Governance: Where is ARMA International Headed? David M. Fleming, CRM, IGP, CIP ARMA Utah-Salt Lake Chapter Meeting September 18, 2014

Breaking Down the Silos: A 21st Century Approach to Information Governance. May 2015

How the Information Governance Reference Model (IGRM) Complements ARMA International s Generally Accepted Recordkeeping Principles (GARP )

3 Initial Steps on the Way to Success. Information Governance: by Mike Frazier Director, Information Governance, TERIS - 1 -

Generally Accepted Recordkeeping Principles

Technology Assisted Review Goes Left: Predictive Analytics In Information Governance

The Smart Archive strategy from IBM

Information Governance

Real World Strategies for Migrating and Decommissioning Legacy Applications

Managing Electronic Records. Methods, Best Practices, and Technologies. Wiley CIO

How To Manage Cloud Data Safely

The Relationship Between Information Governance, Data Governance, and Big Data. Richard Kessler November 2015

Data Management in the Cloud Era

TRENDS AND DEVELOPMENTS IN INFORMATION GOVERNANCE AND RECORDS MANAGEMENT. Key Concepts Defined. Key Concepts Defined 4/30/2015

Information Governance in the Cloud

FIVE TIPS TO ENSURE SALESFORCE CHATTER MEETS COMPLIANCE REQUIREMENTS

Enterprise Archiving Simplified

SAME PRINCIPLES APPLY, BUT NEW MANDATES FOR CHANGE

The Importance of Information Governance and Risk Management

Information Governance: A Presidential Perspective. (ARMA Presidents, that is)

Symantec Enterprise Vault for Lotus Domino


NAVIGATING THE MAZE LEGAL CIO ROUNDTABLE RETREAT March 3-5, 2013 The Boulders Hotel Carefree, Arizona CIO Roundtable Retreat

Information Governance

archives: no longer fit for purpose?

Director, Value Engineering

PRESENTATION TOPICS 2/27/2014. Why Update Policies? 21st Century Best Practices for Information Governance & Policies. Why update policies??

Applying Technology to Information Governance. Bennett Borden, Drinker Biddle Cathleen Peterson, Kroll Ontrack March 26, 2015

W H I T E P A P E R E X E C U T I V E S U M M AR Y S I T U AT I O N O V E R V I E W. Sponsored by: EMC Corporation. Laura DuBois May 2010

Governance, Risk, and Compliance (GRC) White Paper

Reduce Cost, Time, and Risk ediscovery and Records Management in SharePoint

Rethinking Archiving: Exploring the path to improved IT efficiency and maximizing value of archiving solution investments

3. Ensure the management of information is compliant with legislative requirements to maximise the benefits and minimise risks;

BIG DATA STRATEGY. Rama Kattunga Chair at American institute of Big Data Professionals. Building Big Data Strategy For Your Organization

The World of Information Governance

Tactics v. Strategy: From Records & Information Management to Information Governance

Washington State s Use of the IBM Data Governance Unified Process Best Practices

InfoGov: Not Just Another Pretty Buzzword

WHITE PAPER. Realizing the Value of Unified Communications

Implementing Information Governance: A Best Practice Approach to Enable Compliance and Reduce Costs & Risks

Building the Case for Information Governance in Healthcare

AHIMA: Leading Information Governance for Healthcare

The IBM Archive Cloud Project: Compliant Archiving into the Cloud

Information Governance as a Holistic Approach to Managing and Leveraging Information

A 15-Minute Guide to 15-MINUTE GUIDE

Leading the Pack - IBM Enterprise Content Management Solutions

CommVault is the leading supplier of Data & Info Management Software

Information Governance, Risk, Compliance

Agenda. You are not in the business to manage records

WHITE PAPER and Data Protection: Best Practice Guidelines for Europe

GARP and how it helps you achieve better information governance

Who is Savvis. * Pro forma. 2 Savvis Proprietary & Confidential 10/24/12

IBM Unstructured Data Identification & Management An on ramp to reducing information costs and risk

InfoSphere Governance Solutions Maximizing your Information Supply Chain

FACULTY BIOGRAPHIES FOR ARMA/EDI EVENTS

The role of Information Governance in an Enterprise Architecture Framework

Big Data, Big Risk, Big Rewards. Hussein Syed

The Business Case for Enterprise Content Management. A Collection of Enterprise Content Management (ECM) and Document Management Research Data

Perceptive Software: Corporate Profile

ECM Migration Without Disrupting Your Business: Seven Steps to Effectively Move Your Documents

Best Practices for Long-Term Retention & Preservation. Michael Peterson, Strategic Research Corp. Gary Zasman, Network Appliance

IBM Optim. The ROI of an Archiving Project. Michael Mittman Optim Products IBM Software Group IBM Corporation

management solutions

Defensible Disposition Strategies for Disposing of Structured Data - etrash

ARCHIVING. What it is, what it isn t, and how it can improve your business operations

IBM Information Archive for , Files and ediscovery

Information Governance Challenges and Solutions

A Practical Guide for Creating an Information Management Strategy and Strategic Information Management Roadmap

Building a Business Case for SharePoint ECM & Records Management Initiative

3 MUST-HAVES IN PUBLIC SECTOR INFORMATION GOVERNANCE

Information Governance: Now is the Time

Table of Contents. White paper. Executive Summary

Speed the transition to an electronic environment. Comprehensive, Integrated Management of Physical and Electronic Documents

A Beginner s Guide to Information Governance

8 REASONS TO OUTSOURCE RECORDS MANAGEMENT

Gain Efficiency, Cost Savings and Compliance with Iron Mountain s Portfolio of Services

Information Archiving

Symantec Enterprise Vault

ARMA CENTRAL IOWA APRIL 25, 2013 MAKING THE BUSINESS CASE FOR INFORMATION GOVERNANCE: MORE CARROT, LESS STICK

The Business Case for Enterprise Content Management. A Collection of Enterprise Content Management (ECM) and Document Management Research Data

ediscovery Solution for Archiving


Comprehensive Agentless Cloud Backup and Recovery Software for the Enterprise

The IBM data governance blueprint: Leveraging best practices and proven technologies

Compliance Cost Associated with the Storage of Unstructured Information

Archiving and the Cloud: Perfect Together

A GUIDE TO Business Continuity Planning and Disaster Recovery Solutions

BACKUP IS DEAD: Introducing the Data Protection Lifecycle, a new paradigm for data protection and recovery WHITE PAPER

Metrics-Based Information Governance

Transcription:

New 2011 Report! Information Governance Fundamentals, Best Practices & Implementation Issues A Management Primer Including: Information Governance Framework Information Governance Maturity Models E-Document Security SharePoint 2010 Information Governance by Robert F. Smallwood, MBA Information Governance Primer 2011 R. F. Smallwood Do Not Copy 1

Who we are IMERGE Consulting is North America's largest and most experienced team of experts in the fields of enterprise content management (ECM) and business process optimization. IMERGE is also a leading provider of education courses in records management, electronic document capture and e-discovery. IMERGE has offices in major cities including Boston, San Francisco, Toronto, Chicago, Houston, Los Angeles, Minneapolis, Seattle, New Orleans and Washington, DC. Our track record speaks for itself: We have completed more successful projects, published more articles and given more expert presentations than any other enterprise content management consulting firm in the world. Learn more about us at imergeconsult.com or contact an IMERGE professional today to discuss putting our expertise to work for you. About the Author Robert Smallwood, MBA, Master of Information Technology, Laureate of Information Technology is a founding Partner of IMERGE Consulting and has been recognized as one of the industry s 25 Most Influential People and Top 3 Independent Consultants by KM World magazine. Some of his past organizations include Bank of America, AT&T, Xerox and IBM. He has published more than 100 articles and given more than 50 conference presentations on document, records and content management. He is the author of the book, Taming the Email Tiger, and several others. Disclaimer The references provided in this book should not be considered as legal advice, and is only provided as a resource and starting reference point for further foundation to your own research. All cited references should be verified and updated with your own organization s legal counsel and findings as applicable. 2

Information Governance A Management Primer Table of Contents Executive Summary... 4 Information Governance Defined... 5 WikiLeaks: A Basic Failure in IG... 8 EU Warns of Cloud Use for Sensitive Data... 9 Corporate and Industrial Espionage to Rise In 2011...10 Alarming Breaches of Confidential Patient Data...12 Data Breaches: Who is to Blame?...13 6 Consequences of Not Employing E-Document Security...14 8 Reasons Why IG Makes Sense...15 Impact of a Successful IG Program...16 Information Governance Framework...17 4 Key Components of an IG Framework...18 Critical Factors in an IG Program...22 IG is a Moving Target...25 ARMA Maturity Model of Information Governance...25 MIKE Information Maturity Model...28 How Should IG Be Implemented?...29 Who Should Determine IG policies?...31 Governance Features in SharePoint 2007...32 Applied SharePoint 2010 Governance...35 Protecting E-Documents Inside & Outside of an Enterprise...40 Limitations of Current e-document Security...41 A Quick Primer on Information Rights Management Capabilities...44 10 Legal, Regulatory, and Business Reasons to Archive Email...49 3 Best Practices for Email Record Management...51 Are All Emails a Record?...51 How Long Should You Keep Old Email?...53 Destructive Retention of Email...53 5 Characteristics of Reliable Email Evidence...53 5 Risks of Corporate IM Use...55 How to Offset IM Security Risks...56 5 Key Characteristics of IMs as Reliable Legal Evidence...59 5 Best Practices for Business IM Use...60 8 Tips for Safer IM...65 5 Ways to Control Business IM Use...66 Regulations Related to Records Management...67 Glossary of Terms...70 Information Governance Primer 2011, R. F. Smallwood, Do Not Copy 3

Executive Summary Information Governance (IG) is an emerging multidiscipline field which is still being defined, but it has gained traction in the last several years, appearing more and more on executives radar. It is an all-encompassing term for how and organization is going to manage the totality of its information. Specific policies apply to specific information and document types. IG is a subset of corporate governance, which has been around as long as corporations have been around, and it draws on IT governance, but it goes much further. IG is the set of policies, procedures and controls to manage information in compliance with external regulatory requirements and internal governance frameworks. With the revelations of the WikiLeaks scandal, security of electronic documents and records is a critical issue on managers minds, and utilizing information rights management and information governance to create and enforce security policies are presented in this report. More and more organizations are looking at systematic ways in which they can manage their information. One way that can make a real difference is by adopting an Information Governance Framework (IGF). 1 An Information Governance Framework brings together all the requirements, standards and best practice that apply to the management of information. It can help you assess how well your organization manages the information it creates. The Maturity Model for Information Governance begins to paint a more complete picture of what effective information governance looks like. It is based on the eight Generally Accepted Recordkeeping Principles (GARP ) from ARMA International, as well as a foundation of standards, best practices, and legal/regulatory requirements. The maturity model goes beyond a mere statement of the principles by beginning to define characteristics of various levels of recordkeeping programs. The need for IG is increasing, based on the growth of theft and misuse of internal documents and communications. Organizations should reevaluate IG policies and their internal processes following any security breach or theft. This Management Primary will assist senior managers, records managers, IT managers, compliance managers and others involved in electronic records and e- discovery implementations to make intelligent, informed decisions. 1 http://adventuresinrecordsmanagement.blogspot.com/2007/11/information-governance-framework.html 4

Information Governance Defined Information is the lifeblood of any modern-day business. Companies succeed or falter based on the reliability, availability, and security of their information. But are most companies properly governing how their information is used, shared, and analyzed? 2 The information that companies are busily generating, collecting, and mining offers a wealth of potential benefits. However, its use carries substantial risks. As a result, some organizations are forming formal governance bodies to create strategies, policies, and procedures surrounding the distribution of information inside and outside the firm. Information Governance is an emerging multidiscipline field which is still being defined, but it has gained traction in the last several years, appearing more and more on executives radar. It is an all-encompassing term for how and organization is going to manage the totality of its information. Specific policies apply to specific information and document types. IG is the set of policies, procedure and controls to manage information in compliance with external regulatory requirements and internal governance frameworks. IG is the set of policies, procedure and controls to manage information in compliance with external regulatory requirements and internal governance frameworks. IG is a hybrid field, using a set of multidisciplinary methods and technologies to support an organization s operational and compliance requirements. IG includes elements of records management, IT governance, corporate governance, information security and privacy, enterprise content management, and knowledge management. This means that it also includes subcategories such as document management, email archiving, e-discovery, enterprise search, and business continuity/disaster recovery. What is information governance? There s no single answer to that question. At a high level, information governance encompasses the policies and technologies meant to dictate and manage what corporate information is retained, where and for how long, and also how it is retained (e.g., protected, replicated and secured). Information governance spans retention, security and lifecycle management issues. 3 2 http://www.emc.com/leadership/business-view/future-information-governance.htm 3 http://blogs.the451group.com/information_management/2009/08/05/the-rise-of-information-governance/ 5

Simply put, information governance is the way in which an organization handles, uses and manages its information in an efficient, effective and secure manner to all the appropriate ethical, legal and quality standards. 4 According to Gartner Group, information governance is the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals. 5 Industry expert Barclay T. Blair of ViaLumina Group defines the Information Governance (IG) market as the market for goods and services designed to help organizations manage their information in accordance with externally or internally defined criteria. 6 Although IG is most commonly Information governance is the way in which an organization handles, uses and manages its information in a secure manner to meet all the appropriate ethical, legal and quality standards. associated with externally-mandated criteria (such as laws, regulations, etc.), it is equally important to recognize that internally-derived criteria (such as providing better customer service, faster time to market, etc.) also provide significant IG drivers. Blair goes on to explain that IG is a relatively new term for which the precise meaning is still being shaped by the market and those that promote its use. However, it is clear that the term incorporates (in whole or in part) concepts from disciplines such as: Records Management Compliance Information Management IT Governance (such as COBIT and ITIL) Corporate Governance (such as COSO, SOX, PCAOB Standards) Information Security/Information Protection Privacy Enterprise search, portals, and knowledge management 4 http://adventuresinrecordsmanagement.blogspot.com/2007/11/information-governance-framework.html 5 http://blogs.gartner.com/debra_logan/2010/01/11/what-is-information-governance-and-why-is-it-so-hard/ 6 http://vialumina.com/our-services/what-is-information-governance/ retrieved 3-15-2011 6

Enterprise content management Document management Archiving Business continuity, backup and disaster recovery E-Discovery This is why IG is a multidisciplinary pursuit. 7 IBM Corporation states that Information Governance offerings establish sustainable management of information quality, master the complete lifecycle of information and secure and protect privacy across all types of information projects. 8 IG is a subset of corporate governance, which has been around as long as corporations have been around. Effective information governance can enhance the quality, availability and integrity of a company s critical data. Organizations are beginning to adopt information governance which can be thought of as a quality-control discipline for managing, using, improving and protecting information. 9 It fosters cross-organizational collaboration and structured policy-making and balances factional silos directly impacting the four factors that an organization cares about most: increasing revenue, lowering costs, reducing risks and increasing data confidence. Information governance is a holistic approach to managing and leveraging information for business benefits and encompasses information quality, information protection and information life cycle management. With information governance, organizations achieve many goals, from improving decision making to simplifying and strengthening regulatory compliance. 10 IG is a subset of corporate governance, which has been around as long as corporations have been around, and it draws on IT governance, but it goes much further. So IG is expansive and amorphous and difficult to get one s arms around but the key is that IG involves creating, maintaining and monitoring policies for the use of information including unstructured information such as electronic documents to meet external compliance demands and internal governance controls. 7 http://vialumina.com/our-services/what-is-information-governance/ retrieved 3-15-2011 8 http://www-01.ibm.com/software/info/itsolutions/information-governance/ 9 http://www.ctoedge.com/content/three-steps-trusting-your-data-2011 10 http://www.ctoedge.com/content/three-steps-trusting-your-data-2011 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information