Effective Information Governance
Legal Tech Asia Technology Summit March 3, 2014
Marilyn Bier, CEOARMA International
Agenda•Introduction to ARMA International•Drivers creating need for Information Governance
•Defining Information Governance?•Generally Accepted Record Keeping Principles
•Measuring Information Governance•Tips on Where to Start
About ARMA InternationalARMA International is the industry leading association for the Information Governance
Profession providing resources, education and leadership opportunities.
Our members by the numbers:
27,000Members
120Local Chapters
130Countries
94%play a role in their
organizations purchase decisions of informationgovernance resources
98%Faithfully read ARMA
International’s Information Management magazine monthly to keep up-to-
date on industry and best practices
ARMA and IGARMA International is the standard bearer for information governance resources. We support legal, IT and information management professionals by providing resources, education, support and certification.
Key Driver –Data Explosion• Contributors
• Social Networks, Blogs, Social Media-based Information, Internet-based Text and Documents (Cloud), etc.
• Definitions of Big Data• Laymen’s definition – Data bases so large they become
awkward to work with when using on-hand tools• Gartner – High volume, high velocity and high variety
information assets that demand cost-effective innovative forms of information processing for enhanced insights and decision making.
• Forrester adds a fourth “v” – variability
Big DataLink to Information Governance
•Potential of big data huge•Smarter decisions at faster rate•Gaining competitive advantage•Improving efficiency and customer targeting
•Importance of techniques and technologies•Crucial decisions must be based on good data•Business cost to retaining ROT (redundant, obsolete, or trivial) information
Information Governance DefinedInformation governance is a strategic framework comprised of standards, processes, roles, and metrics that hold organizations and individuals accountable to create, organize, secure, maintain, use, and dispose of information in ways that align with and contribute to the organization’s goals.
ARMA, 2012
Records and Information Management RIM – The Foundation of IGA RIM program defines the rules and controls to manage corporate records and information from creation/receipt until no longer needed:• Email management• Retention policy/process• Legal/regulatory compliance• Risk assessment• Litigation/e-Discovery
IG’s Collaborative Partnership• Key Stakeholders
– Business units– IT, Security– Legal, Compliance– Information Governance
• Shared Priorities– ROI– Risk management– Match systems to ROI– Effective litigation– Documenting key systems– Handling legacy data
www.edrm.net/projects/igrm
Unifies perspectives:• Business – profit• Security/Privacy-
risk • IT – efficiency• Legal – risk• RIM - risk
EDRM’s Information Governance Reference
Model (IGRM)
IGRM
Generally Accepted Recordkeeping Principles
•Framework for information governance•Introduced in 2009•Carefully vetted “best practices”
International & national standards•Industry independent
The Strategic FrameworkThe Principles provide effective Information Governance. •Objective•Reasonable•Reality-based•Scalable•Standards-based
Generally Accepted Recordkeeping Principles
ACCOUNTABILITY
INTEGRITY
TRANSPARENCYPR
OTEC
TION
COMPLIANCE
AVAILABILITY
RETENTION
DISPOSITION
GOOD BUSINESS PRACTICE
.
Standards/Best Practices Mapped to Principles*• ISO 15489: Information & Documentation - Records
Management• ISO 30300: Management Systems for Records• ANSI/ARMA 18-2011: Implications of Web-based Technologies• ARMA TR20-2012: Mobile Communications and
Records/Information• Evaluating / Mitigating Records & Information Risks• Outsourcing Records Storage to the Cloud• ISO TR 17068: Trusted Third-Party Repository• ARMA TR 21-2012: Using Social Media in Organizations• ARMA: Website Records Management• ANSI/ARMA 2010: Vital Records Programs
*not comprehensive
Information Governance Maturity Model
Information Governance Maturity Model• Basis for
benchmarking– Level 3 considered minimum
acceptable for any organization
• Identify and rate deficiencies
• Establish improvement targets and reassess regularly
Information Governance Assessment
Information Governance Assessment
Practical Information Governance Tips on Where to Begin
•Identify your stakeholders and champions
•Establish goals and targets at the beginning of the process
•Be sure to address all information and consider historical and future-generated information
•Preform some type of assessment•Do a gap analysis
Practical Information Governance - Tips•Based on targets, which scores are lower?•You don’t need to ‘fix’ everything at once!•Which pose the greatest risks for your organization?
•Prioritize and do a cost analysis based on your industry
Practical Information Governance - Tips•Deploy systematic and repeatable process to discover, classify and enforce policy on all organizational assets
•Develop executive dashboards that demonstrate effectiveness of Information Governance program
•Provide training for end users•Consider employing a certified IGP – Information Governance Professional
Information Governance Professional
Contact InformationMarilyn Bier, CEO
ARMA International11880 College Blvd. Suite 450Overland Park, KS 66210 USA