How to develop a relevant and effective information governance strategy
The AIIM community has long connected the excessive amount of information flowing into our organizations with the risk and cost it carries.
A Necessary Shift in Information Governance Mindsets and Methodologies
The AIIM community has long connected the excessive amount of information flowing into our organizations with the risk and cost it carries. That’s why the “language” spoken by the Information Governance (IG) community has largely been punctuated by fear, uncertainty, and doubt. As a result, business executives – who are known for playing the negative lottery – have treated IG as a cost of doing business and seemingly unconnected to strategic efforts around innovation and growth. Even the rising attention now paid to personal data privacy and protection has largely failed to change the perception that information governance practices typically lack the ability to influence decisions around data-first and customer-first strategies over the long term. Recent AIIM research within the IG community confirms this:
Clearly, it is difficult to avoid talking about risk and compliance in highly regulated industries. However, those IG professionals reporting vastly improved alignment with their business partners and executives have learned to focus on the information assets unique to their businesses and customers. Said one AIIM Certified Information Professional (CIP) interviewed for this report, “many of the processes that dictate the creation of a particular record type are driven by regulatory, legal, and business requirements. However, those are not the primary drivers; the business or agency’s core mission is.”
"What is a CIP?: Information is your organization’s most valuable asset. As such, it deserves the highest level of protection and nurturing. A Certified Information Professional (CIP) provides that stewardship by applying a set of proven methodologies and best practices. Developed by AIIM, the CIP designation is awarded to individuals demonstrating competence in all aspects of information management. They complete a rigorous study and examination process."
The executive “mindshare” challenge is particularly acute given that the benefits of many governance projects cut across multiple departments and functions, creating “crowding out” and “free rider” issues when it comes to funding time. Therefore, rising customer expectations – and executive pressure to respond to them – necessitates a shift in IG mindsets and methodologies. This shift has been a long time coming, but it isn’t easily made. That’s because it requires deliberate proof points, seamless automation, and practices that focus on the role that timely and trusted information delivered in context play in achieving the customer-centric goals of the organization.
The sections that follow explain how IG professionals can design a strategy that aligns with, and enables these business goals by:
- Articulating why IG is needed to achieve mission-critical objectives.
- Considering all the sources of information residing in the organization.
- Automating the identification, classification, and indexing of key information.
- Scaling, simplifying, and streamlining the supporting infrastructure.
- Planning for the overall lifecycle of information.
Developing your Proof Points for the “Why” of Governance
The guiding principle lies in not “selling” governance per se but rather describing the higher-order objectives that executives care about that can be achieved through good governance. Successful IG pros now know that they must articulate the link between IG and customer experiences because that’s where the business value is most apparent. This means less of a focus on the “how” of governance when communicating with senior executives – they don’t care – and more of a focus on the specific benefits that a governance project will yield in terms of customer experience, timely information delivery, and better decision-making.
CIPs encourage their fellow IG professionals to identify cultural pressure points, business initiatives, and key drivers that are unique to their organization. One CIP contributor has recently joined a large American retailer to apply her many years of records management and IG experience to a single enterprise-level purpose: improving the employee experience. Because content and information are at the heart of delivering on this strategic priority, she was able to effectively communicate the business case and gain executive buy-in to a strategy of centrally managing information delivery.
IG pros should look at the prominent business productivity tools to identify potential information issues (within Outlook or Teams, for example) across the enterprise. Since these are the productivity tools in use by most of their business users, this is an excellent way to help colleagues to optimize their effectiveness. Get involved from the outset in assessing a product and understanding exactly what types of information that product is going to be touching, managing, using, and storing. (You may be doing this to identify all those risks and controls that need to be applied, but that’s not what your true value is; it’s to ensure business success.) Be definitive about asking and listening to what your users need to be more efficient.
CIPs understand that people-centered culture plays a powerful role in propelling growth, attracting and retaining the best staff, and advancing organizational mission. They invite you to change your vocabulary. Instead of words like “governance” or “compliance,” use “process automation,” “workplace effectiveness,” and “customer journeys” to describe your area of expertise. Become THE authority on one or more of those business activities. Quite simply, when you solve internal and external customer issues, you create for yourself an indispensable role in moving the organization to those higher-priority business goals.
Know What You’ve Got
Enterprise information is scattered across the organization, and you can’t manage what you can’t see. CIPs suggest that you create an internal framework to understand and balance both risk AND value. Start by assigning both risk and value metrics to each source of information and begin by attacking information sources that are low-risk and high-value. Put in records management terms, it means transitioning from viewing a record as something you just store, archive, and retain to something of value that can be leveraged to extend and enhance work processes.
Organizations continue to tell us that they face the greatest challenges in dealing with information overload at the intersection of content and processes. They say that simply managing the documents and content necessary for knowledge workers to get their job done is a struggle. This is an ideal opportunity for IG professionals to solve this problem. CIPs share a commitment to enabling business projects through these efforts. They advise their peers to leverage and refine the other elements of Intelligent Information Management (IIM) for intelligent capture/extraction and knowledge sharing. “We focus our efforts on data and insights in order to provide the most relevant goods and services to our customers,” says a CIP in manufacturing. Being able to bring data and information together is key to overcoming a siloed approach to the customer.
Whether it’s finding the right information an employee needs when onboarding to a new role or ensuring that another employee’s work artifacts are captured for future use, retaining, maintaining, and accessing this organizational knowledge can be a key strategic differentiator. Customer journey mapping within and across departments is a good first step to identifying the gaps that exist in information strategies caused by inconsistent and unconnected information silos. Those CIPs reporting improved alignment between their IG and business strategies extended their efforts at journey mapping to internal customers, to gauge employee experience with information management processes and systems.
Automation Is the Key Ingredient
The volume, velocity, and variety of information that most organizations need to manage, store, and protect now exceeds their ability to even marginally keep pace with big content challenges. The current and future rate of growth simply can’t scale with manual IG processes. Growing customer expectations for real-time access to, and interaction with organizational information makes it more imperative than ever that organizations make a commitment to move away from manual governance. As the stakes for digital competence rise, organizations put their very existence in jeopardy if they do not automate the processing of information wherever and whenever they can.
Unfortunately, many organizations operate in an environment in which workers are encouraged, expected, or required to identify and capture their own information – and that’s an additional challenge in effective information governance. Why? Because these users have other business responsibilities that take precedent. They view IG as administrative overhead or busy work that they’d rather not do. And, even if they do, their lack of training leads to mistakes. The risks of manual governance are not just about data breaches or noncompliance with regulations. When workers are tasked with these activities, they are taken away from higher-value work. To be effective, organizations must embrace the approach of “streamline and automate.” Governance and compliance tasks need to be automated to the maximum extent possible so that information security and records management are seamlessly occurring without the need for worker intervention.
I know I’m doing my job when my business users don’t know I’m doing my job. – Steve Clark, Raytheon.
Unless governance can be made invisible, it will fail. Making governance invisible to the day-to-day knowledge worker is not a glamorous task, but a necessary one and one whose time has come. The key is the use of Machine Learning and Artificial Intelligence to automatically classify, extract, and enrich physical and digital content and data. This means software that can be trained to understand the meaning and the context of information, classify it into categories that cut across the traditional boundaries between content and data, and automatically apply governance categories and retention schedules.
As they use machines to standardize and understand all information flows, organizations will reap a wide variety of benefits from governance that go far beyond reduced compliance risk and increased efficiency. They will be able to more seamlessly integrate information into core processes to uncover relationships between parts of the business that they never knew existed. Organizations that are committed to this journey will be able to use these insights to create new customer value.
Modernizing your Infrastructure
The previous section speaks to the volume of data being accumulated in enterprise and government organizations. Organizations contemplating a true governance initiative cannot possibly gather, classify (with human intervention), and set policies on all the information that they need to understand to feel confident that they can comply with intelligent procedures for governing content. To cost-effectively apply the requisite analysis techniques to allow IG professionals to govern enterprise information, governance architecture demands a scalable platform that can aggregate a view of all the relevant data in place. It must be extensible across commodity hardware, fit into the virtual server environments of modern data centers, and deploy easily.
In the modern governance era, solutions must include an ability to extend almost infinitely across larger and larger data sets with little or no provisioning of storage and server capacity being necessary. These solutions should also have a portable indexing capability that can be expanded as the data within the enterprise expands.
Migration is an important element of the modernization process. The following definition for migration is taken from ISO 15489, the international standard about records management. It defines migration as the “act of moving records from one system to another, while maintaining the records’ authenticity, integrity, reliability, and usability.” Clearly, migration is much broader than just records. Any time a legacy system is decommissioned, it should be reviewed to determine what information is stored therein and whether that information still needs to be actively accessible.
A migration strategy should first identify the purpose of the migration. How the migration will be conducted, what will be migrated, and where it will be migrated to will all depend on the purpose. This might include:
- A system is becoming obsolete. Data needs to be migrated from the obsolete system to a current system.
- The system is not usable, or perceived to be so, such that users no longer want to use it.
- Standardization. Data is stored in one or more proprietary hardware or software systems or file formats. The data is migrated from the proprietary format to a standardized one.
"The AIIM CIP study guide describes the Migration Plan in detail. The migration plan and process consist of six key steps including strategy, planning, preparation, migration, post-migration, and decommissioning."
It’s Dynamic!
AIIM research clearly demonstrates that the real value of IG may be found by building capabilities that focus on increased strategic opportunity and business performance, not just on averting risk and maintaining security. Doing more with data to improve processes and products, boost brand satisfaction, and enable more effective and strategic business decisions are just a few of the benefits of a modern IG approach and a good reason for reconsidering information lifecycle management. According to Gartner, “Information Lifecycle Management is an approach that recognizes that the value of information changes over time and that it must be managed accordingly... seeking to classify information in line with its current business value and establish policies to migrate and store that data appropriately.”
Effective information lifecycle management requires a fully focused approach rooted in customer-centered governance policies and procedures. From beginning to end, the entire information lifecycle must be considered in strategic planning. Process design efforts should include a cross-functional team that, along with IT, includes departments and stakeholders with an interest in how information is stored, used, and managed. Adoption of technologies and solutions should work to automate the governance process with tools that extend the value and effectiveness of information to boost organizational performance.
Conclusion
AIIM’s 2022 research within the IG professional network revealed that information management strategies centered primarily on risk, compliance, and governance for governance’s sake, fail to improve the current misalignment between those strategies and BUSINESS strategies. By taking an audience-focused approach to information management/governance initiatives, practitioners have the potential to open their organization (and their executives) to new ways to engage the customer, communicate with them, and provide products/services to them. No approach is more effective at closing the information governance and business strategy gap.
While a holistic strategy and approach to IG is ultimately the long-term solution, it’s not necessarily effective or realistic right now. Given all the business challenges that organizations are facing, it’s too big of a task, with no mandate to sustain it. Perhaps attempting to boil the ocean just buries IG in an even deeper, invisible hole. CIPs suggest that “most businesses are still focusing on moving product/services to recoup what they have lost due to the pandemic. Information management is only as important as those survival strategies call for.” Their advice is to avoid looking back. Rather, you should begin with where you are now, tackling small but visible projects that can deliver big business results.