The need to control the hemorrhaging that results from poor information governance and records management is only increasing for today's digital enterprises - as even a modest review of current news of the day will demonstrate. With the realities of litigation and fines for non-compliance, organizations are forced to be more proactive and cautionary of the business risks associated with poor information management and records keeping.
Information Governance (IG) goes beyond traditional records management by incorporating Legal, IT, Information Security, Privacy, Compliance, Risk Management, eDiscovery, Master Data Management, Archiving, and more to manage information at the enterprise level in order to support current and future business, legal, and regulatory requirements.
Information governance drives decisions among the different possibilities, including decisions around a calculated-risk approach — and assesses risks, including compliance, ability to execute against project plans, revenue risk and brand risk. In the quest to operate with solid information management practices in place, more organizations are turning to the CIGO - Chief Informationn Governance Officer.
Why? Good information governance needs a leader who can own the information problem, coordinate information-related functions, and balance and prioritize the costs and value of information. Still, can a CIGO really stop the bleeding - and bring health to an organization's information governance practices? The three main gaps CIGOs must focus on are the following - if an organization is fortunate in having a CIGO aboard.
Since in most cases the Chief Information Officer (CIO) focuses on infrastructure, the Chief Financial Officer (CFO) looks at IT and information from an accounting perspective, the Chief Information Security Officer (CISO) is more concerned with cybersecurity and firewall threats and the Chief Digital Officer (CDO) is looking at information and its use in marketing, it is the CIGO that would be accountable for structured and unstructured information, and thus responsible for the execution of information fundamentals - identification, classification, protection, disposition, life cycle management. The CIGO must have the authority and mandate to lead information related activities, address holes in policy and bring order to unassessed “dark” data, foster communication between stakeholders, and address any missing or underdeveloped facets of the IG program.
Coordination of Information-Related Functions
Information is a business asset that is important across all functions of an enterprise and the CIGO would bring together the functional areas of Information Governance (IG), namely IT, Legal, Records & Information Management, Privacy, Information Security and Quality or Compliance. A digital record (IT) could be under legal hold (Legal), contain Personally Identifiable Information (Privacy), and require access for only named users (Information Security). A CIGO is the person who would assure the facets of IG across an enterprise are working together to achieve the common goal of gaining value from information while also balancing risk. If these IG facets are not working together, it can lead to a data bloat, compliance risks or a silo mentality where a lack of sharing and cooperation will lead to operational inefficiencies and waste time, money, and resources.
Prioritizing Risk & Value
Information is a business asset that has both value and risk. First you need to know what information your enterprise manages. As information bloat increases this is easier said than done. Information Remediation and Enrichment projects can help an organization utilize retention schedules and other business rules to identify, classify and take action – think protection, archiving or even defensible destruction on information bloat. Once you know what you have you can then focus on protecting the organization’s most important information since it’s impossible to secure all information equally. The CIGO can enable the business decisions to balance and prioritize the costs, risks, benefits, and value of information assets.
The CIGO role can be established as part of another C-level suite individual so long as these three gaps are filled by a senior executive with the proper experience and influence who is willing to take on the responsibilities of information leadership, coordination of information amongst key stakeholders, and decision-making based on an understanding of both the risk and value of information.
Where Does a CIGO Begin?
In the case of having fines levied according to specific findings – best to start there by assessing the identified gaps for remediation opportunities and then marrying these up against the risk/benefits of each mitigation strategy.
If there are no findings, organizations should look to the GARP Principles established by ARMA International and determine their organizations level of maturity. In assessing the organization according to GARP, opportunities for addressing gaps and increasing maturity will be spotted easily and a plan to address them across people, process and technology may be built and prioritized according to the risks and benefits to the organization.