3 reasons for an information governance health check

Business leaders know that information governance is important. But that doesn’t necessarily mean they are managing their information for compliance.

According to Gartner, “Almost two-thirds of compliance, legal and privacy leaders agree that information governance is an urgent priority, yet only 6% are satisfied with their organization’s progress.”

Why the disconnect?

First, information governance is difficult. It’s a complex discipline with ever-changing regulations. It also requires buy-in from nearly every person in your organization.

Iron Mountain defines information governance as “the multi-disciplinary enterprise accountability framework that ensures the appropriate behavior in the valuation of information and the definition of the roles, policies, processes, and metrics required to manage the information lifecycle, including defensible disposition.”

For many organizations, just getting all those “multi- disciplinary” people involved and engaged can be difficult. In fact, in an AIIM survey, 37% of respondents said they struggled to get the right people at the table.

Those who did get the right people involved faced other issues with managing the complexities. Over a third (34%) said they struggled to enforce policies, and 31% reported that translating policy into system rules was difficult. Second, sustaining interest and effort over time can be exhausting. Information governance isn’t a one-and-done project. To do it well, it needs to be something that happens all the time. It needs to be an integral part of everyday process, and automated as much as possible.

If you are one of the many information management or governance leaders who isn’t satisfied with your organization’s progress to date, now is a great time to do an information governance health check. And even if you think your team is above average, you might want to consider doing one of these evaluations.

Here’s why

1. The world has changed.

If it’s been more than a year since you last evaluated your information governance practices, you probably need to account for at least one of the following types of changes.

• New regulations — One database that tracks legislation related to data retention averages nearly 200 updates per day. Even if you were fully compliant with all regulatory requirements six or 12 or 18 months ago, you might not still be fully compliant today... or tomorrow. Your health check should examine new rules to see if you need to alter your practices to meet your legal obligations. Fines for non-compliance can be millions, or even billions of dollars in some cases, so you need to make sure you are up to date.
• New technology — Your organization has likely deployed new hardware, software, and services in the last year. That means you have data residing in new locations that may or may not be integrated into your existing information governance processes. A health check provides an opportunity to find any outliers that you might not be aware of. In addition, technology from vendors is changing all the time. New tools or new features may be available that could help you optimize, or automate some of your information governance processes. The more you can harness the power of technology to enforce policies automatically, the more likely you are to maintain compliance.
• New ways of doing business — Your company probably doesn’t do things today exactly the same way it did a year ago. You might have new products or services. You might have entered new markets. You might have gone through a merger, shut down or sold some business lines. Your information governance strategy may need to change to reflect these new realities.

2. There’s room for improvement.

Another reason for doing an information governance health check is to see where you have room for improvement. Even if you are part of the 6% of leaders who are satisfied with your current progress, you probably still have opportunities for growth.

In fact, the best information governance programs have continuous improvement baked into their processes. Analysts from McKinsey advise organizations to “use iteration to adapt quickly.” They encourage companies to forge ahead in their efforts rather than waiting to develop perfect processes and policies.

Your health check provides an opportunity to see where you are in those iterative efforts. It provides reminders of what a high-achieving program should include, drawing attention to areas where you might still have gaps.

A health check also provides an opportunity to review any metrics you have been tracking to see if you are making progress toward your goals and meeting any targets you have set.

Ideally, your team should emerge from the health check with a targeted list of next steps that can help you make progress.

3. People need reminders.

Your information governance health check also provides an opportunity to re-energize your team. As McKinseynotes, “When people are excited and committed to the vision of data enablement, they’re more likely to help ensure that data is high quality and safe. Leading organizations invest in change management to build data supporters and convert the skeptics.”

Information governance is a marathon, not a sprint. Your team will require coaching to keep them on task, and committed to reaching your goals. A health check offers a chance to review why your efforts are important, celebrate what you have accomplished so far, and recommit to making progress.

While this reason for doing a health check might seem trivial, many information governance leaders say that people issues are among their most challenging. In fact, in the AIIM study, nearly a quarter (22%) of respondents named “Getting anybody to care” as one of their top three challenges.

A health check is not only good for your business — it’s also good for your people, helping them find new motivation and energy.

How to do an information governance health check

If you’re convinced a health check is a good idea, you might not be sure where to start. Your health check should cover the following areas:

1. Information governance structure — Do you have the right members on your information governance team? Does everyone understand their roles? Do you have the funding and executive sponsorship you need?
2. Strategic alignment — Is your information governance strategy aligned with your organizational strategy? Are you appropriately valuing information as a strategic asset for your business?
3. Enterprise information management — Do you have the right policies and tools in place for identity management, records and information classification, information exchange, and data retention and disposition? Does your enterprise information management follow best practices?
4. Privacy and security — Do you have appropriate safeguards in place to protect sensitive data? Are you able to identify and quickly respond to potential data breach incidents? Are you appropriately managing security risk?
5. Legal and regulatory — Are you complying with relevant regulations? Are there any recent or upcoming legislative changes that you need to prepare for? Are you appropriately managing your legal risk?
6. Data governance — Have you identified data owners? Are you effectively using techniques like master data management, data classification, data quality management, and metadata management?
7. IT governance — Do you have an IT governance framework in place? Do you have a business continuity/ disaster recovery plan? Are you monitoring your processes for change management, mobile device management, and email management?
8. Analytics — Are your analytics efforts aligned with your organization strategy and mission? Do your users have access to appropriate tools that include self- service and ad hoc reporting capabilities?
9. Information governance performance — Do your information governance goals and objectives align with your organization’s strategic direction? Are you measuring effectiveness and practicing continuous improvement?
10. Awareness and adherence — Do you have enterprise- wide awareness and training programs, and if so, how effective are they? Do your awareness and education efforts extend to partners and customers, where appropriate? How well are workers adhering to policies?

Iron Mountain’s Information Governance Advisory Services

More than 80,000 businesses around the world turn to Iron Mountain as a trusted partner to help them with information governance. We can help you digitize and manage records, protect your data, and securely dispose of documents and IT assets. We understand the challenges of protecting and managing information, and our expertise in all facets of information management helps to bring control of business- critical data back into your hands.