Information Governance Prepared for 1
Personal IG Journey 2014 2015/16 2013 2012 2009 1990 1994 RM Solutions 1995 Join ARMA ARMA Principles Written Rewrite Principles and Maturity Model IGP Certification is Born First IGP Board formed WesternIM IG Process Developed ECM and Scanning/ Imaging Solutions 2
The ARMA Principles accountability transparency integrity protection compliance availability retention disposition http://www.arma.org/r2/generally-accepted-br-recordkeeping-principles 3
Principles Underlying "the Principles" Principle of Compliance The recordkeeping program shall be constructed to comply with applicable laws and other binding authorities, as well as the organization s policies. 4
What is a Maturity Model The Capability Maturity Model (CMM) was originally developed as a tool for objectively assessing the ability of government contractors' processes to perform a contracted software project.* Model usage evolved into: Project management Risk Management Business processes Services Used by Government Commerce Industry http://en.wikipedia.org/wiki/capability_maturity_model 5
"the Principles" Maturity Model A qualitative and quantitative measurement By principle Overall or average across all principles Rating of an organization s overall information governance of which records and information management is a component Systematic process guiding the evaluation of an organization s maturity with respect to recordkeeping and information related activities. 6
Information Governance Maturity Model Maturity Level 1 Sub-standard 2 In Development 3 Essential 4 Proactive Color Status RED ORANGE AMBER BLUE Rating less than 5 may be acceptable because of: Organization risk tolerance Comparable with industry peers or competitors 5 Transformational GREEN Previous level not a prerequisite for next 7
Compliance Principle and Maturity Level Definitions Level 1 Substandard Qualifications There is no clear definition of the records that the organization is obligated to keep. Records and other business documentation are not systematically managed according to records management principles. Various groups of the organization define this to the best of their ability based on their interpretation of rules and regulations There is no central oversight and/or consistently defensible position 8
Compliance Principle and Maturity Level Definitions Level 2 In Development Qualifications The organization has identified the rules and regulations that govern its business. The organization has introduced some compliance policies and recordkeeping practices around them. The policies may not be complete. There is no apparent or well defined accountability for compliance. 9
Compliance Principle and Maturity Level Definitions Level 3 Essential Qualifications The organization has identified all relevant compliance laws and regulations. Record creation and capture are systematically carried out and in accordance with record management principles. The organization has a strong code of conduct and it is incorporated into recordkeeping activities. Compliance and the records demonstrating compliance are highly valued and measurable. 10
Gartner predicts that, by 2017, 33 percent of the Fortune 100 organizations will experience an information crisis, due to their inability to effectively value, govern and trust their enterprise information 11
Universal Facts Today Across Many Sectors Information is in a mess Incorrect and outdated information is often used when making decisions Many have lost (or will lose) corporate information Many spend much more money than they should because projects are siloed 12
WesternIM Information Governance (IG) View The process and practice of aligning all corporate disciplines so that existing and future information assets and business processes are acted on in a coordinated way in order to satisfy internal and external regulations, legislation, standards, and policies to minimize risk and cost. 13
Information Disciplines RIM Legal Change Management Privacy IT Security Risk Administration Information Governance 14
Information Disciplines HR Engineering Finance Customer Relations Marketing Sales Health Safety Information Governance 15
RIM Legal Change Management Privacy IT Security Risk Administration Information Information Governance Governance HR Engineering Finance Customer Relations Marketing Sales Health Safety Information Governance 16
Records/Information Management RIM policy design Functional classification Current retention schedule ARMA IG Maturity Model assessment done Incorporate privacy laws and regulations into retention schedules Design an IG (Information Governance) Framework IG training Freedom of information requests L=Legal C=Corporate P=Privacy IT=IT S=Security R=Risk Management U=Users RIM=Records 17
Corporate Legal Develop a legal hold process Put an e-discovery framework in place Make sure that the corporations physical and electronic assets are inventoried and mapped Unified data governance required from IT and Legal L=Legal P=Privacy S=Security IT=IT RIM=Records U=Users C=Corporate R=Risk Management 18
Challenges Finding Information Trusting Information Integrating Information Retaining Information Securing Information Disposing of Information 19
Finding Information Our interviews during corporate assessments in both the public and private sector always show a high frustration level in users at all levels due to their inability to find the correct information that they are looking for. 20
Trusting Information Is this the right information? Is this the correct version? In using this information are we able to make the right decisions? 21
Integrating Information Enterprise Applications Optimizing Processes Maximizing Information Value 22
Retaining Information Holding Information is expensive All information has a best before date 23
Securing Information Internal threats External threats Environmental threats Technological threats 24
Disposing of Information Deleting is not disposing How do we know it s gone? Information must be properly disposed of 25
Options Do Nothing Most expensive option Most dangerous option Not long term feasible 26
Options Attempt to do it all Gigantic undertaking Likely doomed if attempted too quickly 27
Options Throw software at it Not recommended without doing the right things first 28
Suggestions Develop a Strategy Inclusive Flexible Achievable Governance gives long term success 29
Suggestions Execute Tactically One piece at a time Integrated Information Governance is the key to success Change management is critical 30
Suggestions Develop a Program Assessment Strategic Plan Set Policies Long term road map (use the ARMA Principles) Map your IG connection points Train Train - Train 31
As Senior Management Why Should I Do This? Business decisions at all levels need to be made with the use of the most current and accurate information all the time Ongoing savings should be available in many projects due to the strategic alignment of corporate resources and the information assets We need better and faster execution of new initiatives and projects Senior management will be able to assume proper compliance with regulation and legislation Consistency in handling corporate information at all levels will produce better stakeholder satisfaction 32
As Senior Management Why Should I Do This? There will be a higher level of confidence in each discipline in the organization that projects can be completed more cleanly without unknown last-minute costs The cross discipline communications should allow us to allocate the right people at the right time to any information governance role A consistent approach to dealing with corporate information assets will allow us to better deal with ongoing technology change and information growth Any potential requests for information can be handled quicker and with the use of current and consistent information 33
Western Information Management Inc. # 214 111 Research Drive Saskatoon, Sask. S7N 3R2 Phone (306) 384-6868 Fax (888) 752-3133 Rick Stirling President Rick.Stirling@WesternIM.com http://www.westernim.com 34