Post on 23-Jul-2015
transcript
Navigating the Maze of Information Governance
IGStart Here
Diane E. Walker, CRM, CMC
Presenters
Robin Athlyn Thompson, CEDS | Vice President, Marketing | Business Intelligence Associates | Phoenix • ACEDS Advisory Board • ACEDS Phoenix Chapter Vice President • Manages BIA educational webcasts and strategic private briefings• Stevie Award winner for lifetime achievement in e-discovery, information
governance and RIM
Diane Walker, CRM, CMC | Manager of Records and Information | McDermott, Inc. | Houston• Helps Fortune 500 companies develop and manage records and
information resources • Appointed as one of six international judges for ARMA International’s
prestigious Cobalt Award in 2008• Participated in development of the Information Governance Professional
Certification
What is Information Governance?
• IG is an overarching discipline that encompasses a variety of key concepts of:
• Regulatory Compliance• Risk Management• Records and Information Management (RIM)• Content Management• Data Governance• Information Security• Data Privacy • Litigation Readiness
Who is Information Governance?
IG Team
Legal
RIM
IT
Core Business
Regulatory
Steering Committee
Change ManagementCompliance
Risk Management
Finance & Accounting
Audit
Business Development
QA/QC
Why Does IG Makes Sense?• Organizations need ONLY keep/manage the information they need, for as
long as the information has value… PERIOD• Improved security, visibility, and access to information enhances
productivity• Courts and regulatory agencies expect a fiduciary duty of care (SARBOX,
HIPPA, GLBA, FTC, EAR, Basel II, Litigation Hold Orders, etc.)
• Risk mitigation and overall awareness that an IG program offers can positive effect on the bottom line • It will never get easier• Edward Snowden
10K View
Information Risk & Compliance
• Monitor Legal & Regulatory Landscape• Identify Internal and External Compliance Requirements• Prepare Risk Profile• Conduct a Risk Assessment• Develop Risk and Compliance Metrics• Create a Migration Plan• Manage the Risk Mitigation Process• Conduct a Risk and Compliance Audit
Information Risk & Compliance (Duties, Tasks, Steps)
Legal & Regulatory Landscape
ID Internal & External
CompliancePrepare Risk
ProfileConduct a Risk
AssessmentDevelop Risk
ad Compliance Metrics
Create a Mitigation Plan
Manage the Risk Mitigation
Process
Conduct Risk and
Compliance Audit
Engage w/Legal & Stakeholders
Investigate Industry Practices
Collaborate and Consult with Stakeholders
ID Risk Assess Methodology
Define Compliance Success
Conduct a Cost Benefit Analysis
Monitor & Update Metrics
Develop Audit Framework
ID & Interpret Laws (All Jurisdictions)
Review Business Practices
ID Management’s Risk Tolerance ID Stakeholders ID Measurement
MethodologyPrioritize Risks to
Mitigate Respond to Anomalies ID Resources for Audit
ID Resources for Current Development
Collaborate w/internal
StakeholdersCreate Risk Profile
DocumentID and Collect
ResourcesID Non-Compliance
TriggersDevelop
Methodology for Mitigation of Risks
Communicate with Stakeholders
Assign Audit Responsibilities
Document Relevant Laws & Regulations
Conduct Benchmarking
Obtain Stakeholder Signoff
Develop Interview Materials
Conduct Ongoing Gap Analysis
Communicate Mitigation Plan to
StakeholdersModify Risk Mitigation
Program As NeededOversee Audit Performance
Establish Review Process
Interview and Collect Data Document Metrics
Provide Implementation
AssistanceAnalyze Audit Results
Analyze Risk Data Present Metrics to Stakeholders
Monitor Implementation of
Mitigation Plan
Present Findings & Recommendations to
Stakeholders
Prepare Risk Assessment Report
Obtain Signoff on Metrics
Update Risk Mitigation Plan on
Audit Findings
Obtain Signoff
IG Strategic Plan
• Align Resources to Develop Plan• Analyze Internal Drivers• Analyze External Drivers &
Trends• Develop a Strategic Plan
IG Strategic Plan (Duties, Tasks, Steps)
Align Resources to Develop Strategic Plan Analyze Internal Drivers Analyze External Drivers & Trends Develop Strategic Plan
Obtain Executive Sponsor Incorporate Enterprise Strategic Plan into IG Plan ID Technology Needs Define Strategies Based Upon Collected
Information
ID Stakeholders Incorporate IT Strategy Into IG Plan Identify Information and Data Trends (e.g., information types and new data formats) Prioritize Strategies
ID Roles and ResponsibilitiesIncorporate Business Plans into IG Plan to
Maximize Business Improvement Opportunities Through Governance Efforts
Identify External Dependencies Align Goals to Strategies
Incorporate Corporate Culture Into IG Plan Evaluate Economic Environment/Conditions ID Initiatives to Achieve Goals
Incorporate Corporate Risk Tolerances Into IG Strategic Plan Evaluate Political Environment Define Critical Factors
Incorporate Cost Benefit Analysis Into IG Plan Evaluate Legal and Regulatory Environments Define Measurement for Success
Review Constraints (e.g., financial, time, resources, legal) ID Industry Best Practices & Trends Write the Strategic Plan
Evaluate Competitive Landscape Review with Stakeholders
Obtain Approval for Strategic Plan
Regularly Review and Update Plan as Needed
IG Framework
• Conduct Due Diligence to ID Standards to Guide the IG Framework• Establish Enterprise IG Policies and
Standards• Develop Authority Roles and
Responsibilities• Develop Communications and Training• Develop Auditing and Enforcement
Mechanisms for the Framework
IG Framework (Duties, Tasks, Steps)
Conduct Due Diligence to ID Standards
Establish Enterprise IG Policies and Standards
Develop Authority Roles & Responsibilities
Develop Communications & Training
Develop Audit & Enforcement Mechanisms
Evaluate External Standards, Guidelines, Technical Reports, Best
PracticesDefine Discrete Policies and Standards Define Authority, Roles and
Responsibilities ID Communication Audiences Establish Auditing Criteria and Metrics
Evaluate Internal Policies, Standards, Guidelines, Technical Reports, Best
PracticesValidate against Organizational Goals
& Objectives Asses Role Requirements Draft Communication Plan Establish Enforcement Mechanisms
Select Standards, Guidelines, Technical Reports, Best Practices Draft Internal Policies and Standards Review Roles with Stakeholders
Document the Selection Process Review Draft Documents with Stakeholders
Obtain Role Assignment Approval From Steering Committee
Review and Verify Selection with Stakeholders Obtain Approval and Signoff Assign Authority, Roles and
Responsibilities
Establishing The IG Program
• Establish Program Scope, Mandate and Reporting• Assign Accountabilities• Implement The IG
Program• Manage the IG Program
IG Program (Duties, Tasks, Steps)
Establish Program Scope, Mandate & Reporting Assign Accountabilities Implement the IG Program Manage the IG Program
Engage Executive Leadership and establish Primary & Secondary Organizational Structure ID IG Program Roles & Responsibilities Develop Communication Plan for the IG Program Monitor the Adoption of the IG Program
Define IG Program Mandate and Scope Assign IG Program Roles and Responsibilities Implement a Change Management Plan for the IG Program Evaluate Effectiveness of the IG Program
Establish Appropriate Funding and Resources Provide Training of Assigned Resources Evaluate and Align Resources
Establish Ongoing Executive Reporting Report to Management
Obtain Executive Management Signoff
Business Integration and Oversight
• Define Current State of Business Processes• Define Current State of
Technology Use in Business Process• Align IG Framework with
Business Area Requirements• Guide Information Management
Decisions
Business Integration & Oversight (Duties, Tasks, Steps)
Define Current State of Business Processes
Define Current State of Technology Use in Business
ProcessAlign IG Framework with Business
Area RequirementsGuide Information
Management Decisions
Interview Business Areas Identify Business and Technology Stakeholders and Users Identify Strategic Goals of the Enterprise Develop an Ongoing Participation Process
Review Current Business Environment (e.g. culture, systems, processes)
Survey and Interview Technology Stakeholders and Users Identify Strategic Goals of the Business Areas Develop an Ongoing Approval Process
Identify Information Needs of the Business Collect and Analyze Data Collaborate with each Business Area to Develop IG Framework
Implement a Participation and Approval Process
Document Current Environment and Desired State Identify Gaps Review and Approve Each Business Area IG
Framework
Address Gaps Through Responsible Channel Draft Detailed Change Management Process as Required
Align Technology with IG Framework
• Identify How Technology is Used in the Business• Monitor & Evaluate Technology
Trends• Evaluate Hardware, Software
and Data Life Cycles• Align IG Strategic Plan and
Framework with the IT Strategy and Operations
Align Technology With IG Framework (Duties, Tasks, Steps)
ID How Technology is Used in the Business
Monitor and Evaluate Technology Trends
Evaluate Hardware, Software and Data Life Cycles
Align Strategic Plan and Framework with the IT
Strategy and Operations
Review IT, Information Asset Inventory or
Register, Architecture and Strategic Plan
Review Existing Policies Pertaining to Information
Review General Technology Trends in the Markets (e.g., Cloud Computing, Social Media) Review IT Procurement Procedures Review Goals of IT Organization
Review Technology Adoption
Review Help Desk Strategy
Evaluate General Technology Trends for IG Implications
Incorporate Information Governance Requirements to IT Procurement Process Assess and Analyze IT Goals
Review Back Up Strategy
Review Technology Outsourcing Strategy
Review Implications with Stakeholders in Accordance with IG Framework
Incorporate Information Governance Requirements to IT Development Process
Collaborate with IT to Develop Strategy to Incorporate Information Governance Requirements Into Existing Systems
Review Disaster Recovery Strategy
Review Content Retention & Disposition
Strategy
Review Technology Trends Specific to IG in the Markets (e.g., Record/Content Management,
Applications, Developing Standards, Data Discovery, Storage, New Data Formats)
Incorporate Information Governance Requirements Into System Requirement and Data
Migration ProcessesCollaborate with IT to Incorporate IG Requirements Into Legacy Systems
Review Privacy Strategy Review Digital Preservation Plans*
Participate in the Evaluation of IG Specific Technologies
Incorporate Information Governance Requirements to Decommissioning Process
Collaborate with IT to assist in System Upgrade and Replacement Strategy
Review Information Mobility Strategy
*= To Ensure Data Quality Through
Integration of New Technologies to
Enhance Business Operations (e.g.,
Master Data Management,
Metadata Management)
Review IG Specific Technologies with Stakeholders in Accordance with IG Framework
Review Information Storage Practices (hard
copy, digital, microforms)
Review Use of Vendors and Outsourcing
References
• Sailing in Dangerous Waters – A Director’s Guide to Data Governance (Michael Power & Roland Trope)
• Information Governance – Concepts, Strategies & Best Practices (Robert Smallwood)
• Chucking the Daisies – Randolph Kahn• ARMA International - IG DACUM Chart• The Sedona Conference –
WWW.TheSedonaConference.com• EDRM.net • ARMA.org• AIIM.org
Thank You!
Diane E. Walker, CRM, CMCWalker.Diane.CRM@Gmail.com281-799-8910