Information Governance



Similar documents
treasury risk management

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Creating a project management office (PMO)

Performance Management in Medical Affairs Kinapse Consulting, 2011

Insight Report. Digital marketing governance From fragmentation to alignment to impact. In this report

Role Description Enterprise Architect and Solutions Delivery Manager

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Defending against modern cyber threats

Industry. Head of Research Service Desk Institute

SAP Thought Leadership Business Intelligence IMPLEMENTING BUSINESS INTELLIGENCE STANDARDS SAVE MONEY AND IMPROVE BUSINESS INSIGHT

Career proposition for software developers and web operations engineers

Governance, Risk, and Compliance (GRC) White Paper

IT SECURITY POLICY (ISMS 01)

January Communications Manager: Information for Candidates

SAS Software Information Pack. Everything you need to know about getting started and to help you stay in touch

National Approach to Information Assurance

IT service management: resetting priorities for an uncertain economy.

Information Security: Business Assurance Guidelines

A NEW APPROACH TO CYBER SECURITY

BT Advise Connect. Delivering intelligent network capability around the globe. BT Connect IQ Quick Start. BT Advise

place-based asset management

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

INVESTMENT POLICY April 2013

Begin with the end in mind

Multi-channel Marketing

BUSINESS INTELLIGENCE MATURITY AND THE QUEST FOR BETTER PERFORMANCE

Business Plan 2012/13

Breaking Down the Silos: A 21st Century Approach to Information Governance. May 2015

BT Contact Centre Efficiency Quick Start Service

Confident in our Future, Risk Management Policy Statement and Strategy

Application Value Assessment

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

Changing the Enterprise Security Landscape

Chayuth Singtongthumrongkul

How to gather and evaluate information

Communicating and influencing

Delivering value to the business with IAM

Business Intelligence Competency Centre (BICC)

How to Become a Data Driven Business

Internal Audit Standards

Project, Programme and Portfolio Management Delivery Plan 6

eircom gains deep insights into customer experience

Change Management Office Benefits and Structure

Analytics & Big Data What, Why and How. Colin Murphy FSAI Dr. Richard Southern Sinead Kiernan FSAI

Scope The data management framework must support industry best practice processes and provide as a minimum the following functional capability:

Technology and Trends for Smarter Business Analytics

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

Corporate Governance Framework June 2015

Integrated Stress Testing

INFORMATION TECHNOLOGY FLASH REPORT

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

The metrics that matter

Job Description. Director - Policy & Communications. Corporate Director - Strategy & Performance

Assessing Your Business Analytics Initiatives

UK ICT Outsourcing Service Provider Performance and Satisfaction (SPPS) Study: 2013

Cloud Readiness Assessment (CRA) & Sample Report

REPORT. Next steps in cyber security

Head of Engineering Job Description

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

The Scottish Wide Area Network Programme

Defining the Modern Marketer From Real to Ideal Flourishes in The Digital Age

Information Governance Workshop. David Zanotta, Ph.D. Vice President, Global Data Management & Governance - PMO

E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION

Information governance: What is it? How is it implemented?

IDC MaturityScape Benchmark: Big Data and Analytics in Government. Adelaide O Brien Research Director IDC Government Insights June 20, 2014

Treasure Trove The Rising Role of Treasury in Accounts Payable

Enhanced Portfolio Management in uncertain times

Expense Reduction in the Insurance Industry

ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

BUSINESS INTELLIGENCE: IT'S TIME TO TAKE PRIVATE EQUITY TO THE NEXT LEVEL. by John Stiffler

How to ensure control and security when moving to SaaS/cloud applications

Health Data Analytics. Data to Value For Small and Medium Healthcare organizations

[ know me ] A Strategic Approach to Customer Engagement Optimization

City and County of Swansea. Human Resources & Workforce Strategy Ambition is Critical 1

Briefing Paper. How to Compete on Customer Experience: Six Strategic Steps. gro.c om SynGro SynGro Tel: +44 (0 )

Agenda Overview for Social Marketing, 2015

Finance in All-Channel Retail. Improving the Customer Proposition through Effective Finance and Enterprise Performance Management

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

White Paper Service Excellence: Transforming the Customer Experience

Analytics With Hadoop. SAS and Cloudera Starter Services: Visual Analytics and Visual Statistics

Transcription:

WHITE PAPER Information Governance Irrelevant, overhead or central to survival? Setting the information governance agenda

Table of Contents Introduction... 1 Defining the importance of information governance... 2 Summary of key recommendations...2 Answering the key questions... 3 About SAS... 5 ii

Introduction As the leader in business analytics software and services and the largest independent vendor in the business intelligence market, SAS is committed to improving both the governance and exploitation of data to drive business and public value. Laws do not persuade just because they threaten. Seneca 65 AD Although our experience and capabilities span the full information management life cycle, including data quality, integration, storage and security, we believe these areas already receive significant coverage in the debate about information governance. In this paper, we have therefore decided to place greater emphasis on the role of information governance in ensuring that data is turned into the insight and action required to deliver greater business and public value. Similarly, although the private sector have much to learn about good information management practice, our analysis of over 1000 information management maturity assessments performed worldwide indicates that, on average, the public sector lags the private sector in this area. We have therefore focussed this paper more on how government and public sector organisations can begin to improve and potentially set the benchmarks for the private sector. The public sector is particularly important because it can play a key role in creating or reducing the potential for a data crunch to rival the credit crunch. Structured and unstructured data volumes continue to grow, as do the associated power and space costs of storage plus the costs of compliance. At the same time, recent high profile, accidental data losses within public sector bodies and others have been picked up by the media in a self reinforcing feeding frenzy that is destroying public and market confidence. The government has responded with a seemingly uncoordinated and potentially confusing blizzard of investigations and reports. As a result, some public sector bodies have chosen the simplest option and responded by stopping information sharing even within the same public sector organisations; even when it is legitimate and fully justified in terms of public value. This is the financial market s equivalent of stopping the flow of (data) credit. And all this at a time when the transformational government agenda had just begun to achieve some recognition that transforming information management and working smarter was critical to doing more with less. Yet despite this clamp down, significantly less attention is being paid to the bigger threat of insider (data) dealing the threat from malicious, internal breaches of data security which, because they are deliberate and sometimes organised, can be far more damaging to the organisation and the public and are more likely to result in data meltdown in the long term. Analytics can be used to prevent, detect and protect organisations from such breaches by identifying abnormal patterns of behaviour. However, the deployment of such solutions in the public sector is currently limited. 1

Defining the scope of information governance Gartner define information governance as the specification of decision rights and an accountability framework to encourage desirable behaviour in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organisation to achieve its goals. SAS believes it is important that information governance is recognised to be about much more than simple compliance and the provision of safe harbour. Information governance is a systematic approach to managing information assets and resources with the same diligence and care used to protect AND leverage pounds, people and property assets, in order to achieve organisation goals. Indeed too much onus on information security and not enough on its use to improve performance can even be counter productive the equivalent to locking cash away in a safe because the information is not perceived by the employees to be a resource that is relevant and valuable to their day to day operations. Information governance involves a balanced approach designed to meet the needs of the organisation and all of its stakeholders, including its customers, shareholders and regulators. Furthermore information governance is one component of an organisation s wider enterprise information management strategy, which itself should be directly aligned with the overall business strategy. Information governance is about much more than simple compliance and the provision of safe harbour. It is a systematic approach to managing information assets and resources with diligence and care. Summary of key recommendations 1. Widen the scope of the Magee recommendation for a public protection commissioner to champion the cause of information exploitation and sharing. 2. Widen and standardise information management audits across the public sector and beyond to include information management maturity and strategy assessments, benchmarks and improvement goals. 3. Explicitly include a review of information management maturity and strategy in departmental capability reviews, NAO or audit commission reports, etc. to signal that data must be as valued as people, pounds and property. 4. Charge the government CIO council to champion the need for chief information officers (vs chief IT officers) and include it explicitly within the professionalism programme and roles and responsibilities. 5. Create a central public sector Business Intelligence Competency Centre, combining IT, analyst and business professionals to: coordinate information management strategies and plans promote and coach best practice encourage the consolidation and rationalisation of business intelligence tools, standards and expert resources facilitate secure information sharing. 2

Include greater information governance focus on preventing deliberate, internal and external information security breaches and not just the generally less damaging incidents of accidental loss. Answering the key questions How can and should good practice be identified, fostered and enforced? SAS has a well developed and deployed framework and methodology for assessing the as is and to be information management maturity of organisations, based on scores across four criteria technology, processes, people and culture. SAS research has shown not only a direct correlation between higher information management maturity scores and higher performance of organisations but also a direct correlation between information management maturity and the level of competition an organisation experiences. The results of over 1000 such assessments globally across a range of sectors indicate that few organisations have yet reached levels 4 (Optimise) or 5 (Innovate) and the public sector tends to lag the private sector. 50% Level 1 - Operate Level 2 - Consolidate Level 3 - Integrate Level 4 - Optimise Level 5 - Innovate By using the Information Evolution Model that SAS is pioneering, enterprises can make more incisive and strategic decisions about their information investments. A structured approach such as IEM allows CIOs and their staffs to come up with an investment strategy that can mobilise the entire organisation and improve communication with business stakeholders. Doug Busch CIO, IntelD 25% Government Other Industries 0% Level 1 Level 2 Level 3 Level 4 Level 5 Figure 1 Organisations such as Gartner have similar assessment frameworks. The available frameworks and their findings should be reviewed and a standard approach and metrics developed and adopted within the public sector. Information management maturity assessments should then be included as part of existing audit and performance assessment processes, including NAO / audit commission reviews and capability reviews. Notwithstanding the above there are some excellent examples of good information management practice within the public sector and these should be widely lauded and shared. 3

How much is about people processes rather than technology? It is generally acknowledged that a fool with a tool is still a fool, ie. that technology alone is rarely the sole cause of a problem and, although it is often a necessary ingredient, it can never be sufficient as a solution. To date our information management maturity assessments have shown that, on average, the key reason that public sector bodies lag private sector bodies is culture. Creating a culture that values information management and evidence based decision making often starts from the top with a recognition from leaders that information is the lifeblood of the organisation and critical to its survival. Creating a culture that values information management and evidence based decision making often starts from the top with a recognition from leaders that information is the lifeblood of the organisation and critical to its survival. IEM Dimensions Culture Knowledge Processes 2.6 2.4 2.2 2.0 Human Capital Infrastructure Government All other industries Figure 2 Overall scores for technology vary little between the sectors but there are signs that the public sector may be about to slip behind in this area too. For example, for the last 3 years the Gartner global CIO annual survey has seen business intelligence and analytics come out as the number one priority for CIOs globally across all sectors. This reflects the increasing recognition that information and its exploitation is key to almost all areas of an organisation s operations. However, this is not the case in the public sector which, the survey highlights, still tends to prioritise areas such as hardware, storage and security applications. Similarly Butler Group surveys have shown that public sector bodies are half as likely to already use business intelligence and analytics software and be half as likely to be planning to buy it in the future. 4

Should the agenda be driven by industry, the professions, government or regulators? We operate in an increasingly global, knowledge based and mixed economy. The trends and problems are cross sector and cross disciplinary, so a holistic approach is required to develop a more information management aware culture. Certainly the solutions cannot be left entirely in the hands of either government or IT. However, government should be required to set the benchmark for good information management practices and public sector CIOs should be expected to champion the cause. The trend for public sector IT outsourcing has often created scenarios where control of data is in the hands of companies who do not always have the commercial interest, or relevant experience, to fully support data exploitation. The choice of industry partners is therefore critical. Who is willing to lead? Who is willing to contribute what to make it all happen? Our research underlines that leadership from the top is critical to successful information management. Clearly such leadership is necessary in all sectors and needs to be encouraged by industry representative bodies, government ministers, senior civil servants, regulators and consumer watchdogs. All need to be involved in developing best practice guidelines, common standards, education and processes. SAS is willing to contribute our experience and capabilities, including our Information Management Maturity Assessment tool, to a wider forum. However, the success of such a forum will be dependent on cross sector backing, senior sponsors within government and industry and sufficient quantity and quality of resources to initiate and deliver change. About SAS SAS is the leader in business analytics software and services, and the largest independent vendor in the business intelligence market. SAS solutions are used by over 2,000 public sector bodies worldwide to do more with less by working smarter in all areas of their operations including strategy and policy formulation, compliance and reporting, safety and security, fraud and risk, efficiency and effectiveness, customer intelligence and social inclusion and overall performance management. In addition, SAS solutions for IT intelligence and sustainability management are helping customers to reduce both financial and carbon costs of their IT systems and also to manage and improve the sustainability performance of the wider organisation. SAS has pioneered the Information Evolution Model and Business Intelligence Competency Centres. http://www.sas.com/software/iem/ http://www.sas.com/consult/bicc.html Since 1976 SAS has been giving customers around the world THE POWER TO KNOW. www.sas.com/uk. 5

SAS UK WITTINGTON HOUSE HENLEY ROAD MEDMENHAM MARLOW BUCKS SL5 7AJ +44 1628 486933 www.sas.com/uk SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. indicates USA registration. Other brand and product names are trademarks of their respective companies. Copyright 2008, SAS Institute Inc. All rights reserved. 818UK1008

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information