Log In

Publications

KM World Covers the Latest Best Practices in IG

The IGI is pleased to share the latest by KM World: a useful best practices whitepaper digging into the details of IG, sponsored in part by IGI Supporter Actiance, that includes the following perspective on the efforts of the Information Governance Initiative.

"The Information Governance Initiative, is widely credited with moving the discipline forward. It has legitimized information governance as a free-standing business exercise, distinct from enterprise content management (ECM). It is not seen as synonymous with information security but the two are most definitely related- or perhaps joined at the hip is a better way to phrase it."

This whitepaper covers the latest best practices in IG including thought-provoking points such as:

- Information Value and Risk are Everywhere
- Your Policies Need to Reflect Today’s Communications
- Employees Need to be Directly Engaged in Design of IG Training
- Your Governance Tools Must be Designed for Today’s Communications
- The Likelihood of Governance Success is Directly Proportionate to Cross-Functional Involvement

  (more…)

 

Download Our Newest Comprehensive Case Study on Les Schwab

As part of the IGI’s ongoing work to help professionalize and promote information governance (IG) we have the opportunity to see how hundreds of different organizations approach IG. Although every organization’s IG challenge is unique there are actually more similarities than differences in IG problems and their solutions.

By looking at one organization’s experience with IG in detail, we can learn valuable lessons and gain practical insights that will help all IG professionals mature their IG programs.

This case study reveals a typical but complex IG problem: managing the relationships among key IG players, including:

  1.  Outside law firms that play a central role in approving, blocking, and/or advising on key IG decisions (like information retention and preservation).
  2. IG technology vendors that supply the necessary capabilities to understand and take action on your information.
  3. IT departments that actually have their hands on the dials and levers of the systems that house and control your information.
  4. Business stakeholders like department heads who will be directly affected by the policy and technology choices you make.
  5. Risk-focused departments like legal and audit that own key IG decisions.

IG projects require tight alignment and coordination amongst these groups. However, given that these groups often have differing levels of interest, expertise, and even competing goals, this dynamic often derails otherwise well-designed and executed initiatives.

The key to navigating this dynamic is establishing clarity about the role of each stakeholder – especially about each player's mandate and level of authority. Again and again we see nobody taking IG decision-making authority unless it is clearly given to him or her – often simply out of a desire to avoid conflict and to get along with colleagues. Given the relative immaturity of IG, the owner of this authority is often unclear.

As we will see in this case study, Les Schwab found a way to work closely with these stakeholders, and in particular establish a close and fruitful relationship with an outside law firm that not only accelerated its project, but also helped to increase its positive impact on the organization.

Click here to access the case study in the IGI Community.

 

Information Security & Information Governance – how they work together

By Richard Kilpatrick - Information Technology & Services

Richard Kilpatrick is a highly experienced consultant in information technology, focusing on realistic data governance, security and privacy.  Richard has led programs of work to discover and classify data across multiple business units, within banks, telcos, health and media. In this Information Governance ANZ article, he outlines the difference between Information Security and Information Governance, explaining why IG frameworks are essential for the successful orchestration of specialized security systems.

Information (data) security, cybersecurity and IT security all usually refer to the protection of computer systems and information assets by suitable controls, such as policies, processes, procedures, organizational structures and software and hardware functions. The type and extent of controls depends on the scope and maturity of the business function (usually the Security Department) applying the controls, or, depends on the specialization/focus of the team, such as Perimeter/Firewall or Identity Management. Each function tends to have a different perspective of information security, compared to other functions, due to their focused specialization.

A close parallel is the health profession. You see a GP doctor when unwell, and are referred to a specialist who knows much more than your GP about a particular field of expertise. I know that my GP would not want to perform open heart surgery at all. And equally, a heart specialist would not have up-to-date and practical knowledge of all areas of the body. Tinea treatment? – see somebody else please.

In other words, people specialize in a particular aspect of their work. You can’t be an expert in everything. People prioritize – for example, in busy times, a SysOp will not be as vigilant with security when their primary role is to keep the sales /finance system up and running for all users. This is exactly how Information Security Systems operate.

To read the rest of 'Information Security & Information Governance – how they work together' head over to the original article on Information Governance ANZ.

 

Download Our Newest Deep Dive Case Study on Pandora Media

How Pandora Tuned In to Information Governance
To Take Control of Its Most Sensitive and Valuable Information Assets

An IGI Case Study

Usually when we think "Information Governance," we think traditional, large, litigated and regulated organizations. But as more and more organizations come to understand the value of IG, this image is rapidly changing. Recently, Pandora Media — a juggernaut in the streaming music business — partnered with IGI Supporter Active Navigation and its experts in governance and file analysis on a major IG project. We were fortunate enough to be able to do a deep dive on this project and bring the details to you.

Download the latest entry in our IG At Work series to learn:

  • How Pandora got rid of 60 percent of its unstructured data.
  • What it took for the company to identify and protect its most valuable and sensitive data. 
  • How Pandora developed policies for governing unstructured information.
  • How Pandora built executive support for IG. 
  • How Pandora used file analysis software to reach its IG goals.
  • How Pandora was able to sell the merits of IG to its employees.

The company that emerged on the other side of this critical IG project was more efficient, more versatile and more competitive. And their IG program only continues to grow in its sophistication and impact.

Click here to access the case study in the IGI Community.

 

How the General Counsel Can Shape Information Governance

Jake Frazier – Senior Managing Director, FTI Consulting & Sonia Cheng – Senior Director, FTI Consulting
As seen on ethicalboardroom.com

 

Information governance is often thought about in the context of IT efficiency, data security and regulatory compliance. While it is true that these are the most critical drivers for executing data governance programmes, there is an equally important factor that deeply resonates with a corporation’s board and C-suite: reputational risk.

Just as trust is a key and fragile pillar for relationships in our personal lives, it is essential – among shareholders, clients, customers and employees – for a business to thrive. Ultimately, top company leadership is responsible for managing reputational risk and ensuring that the overall direction of the company will uphold trust in the brand.

As we’ve seen countless times, failure to handle data properly often results in damaging data breaches, which beyond legal and compliance violations, break trust and allow doubt to become part of a company’s image. Thus, it is critical that the board views information governance (IG) as being about compliance and legal risk, as it must be, but also as an effort to instil a high standard for ethics and privacy into the company’s culture. By embracing this mindset, a corporation’s leadership can set the correct tone from the top down, building advocacy for actionable programmes that ensure safe and responsible handling of sensitive data, as well as strong compliance and efficiency.

“BECAUSE THE GENERAL COUNSEL HAS HISTORICALLY BEEN THE GO-TO STAKEHOLDER FOR DEALING WITH HIGHLY SENSITIVE ISSUES… THE CORPORATE LEGAL TEAM IS UNIQUELY POSITIONED TO LEAD THE CHARGE TOWARDS PROACTIVE DATA GOVERNANCE”

Because the general counsel (GC) has historically been the go-to stakeholder for dealing with highly sensitive issues – primarily for litigation and investigations – the corporate legal team is uniquely positioned to lead the charge towards proactive data governance. Given this fact, the issue of ethical obligation comes into play. In the US, federal and state laws require companies to implement reasonable security protections to safeguard personal data. There is a wide range of similar requirements around the world.

Beyond the duty to disclose, legal teams also have an ethical obligation to maintain a level of technical knowledge. In Day v. LSI Corp., in-house counsel was sanctioned for failing to document and supervise the discovery collection process and for allowing the company’s document retention policy to be ignored. In the context of IG, this is important, as legal teams must have a clear understanding about data sources and retention practices, the impact of how they choose to handle electronically stored information, and accuracy of how facts are represented to regulators, opposing parties and the courts. Ultimately, these points illustrate the fact that ethical obligations cannot be overlooked when considering the GC’s role in IG efforts.

Click here to continue reading about the top issues for 2017...

 

Getting Past Some of the Top Barriers to IG Success

Recently, the IGI caught up with Scott Burt, President and CEO of Integro, one of IGI’s newest supporters to discuss some of the IG challenges they see in the market and how organizations are overcoming them. Integro, a Gartner “Cool Vendor” and recipient of IBM’s Worldwide Business Partner Governance Excellence Award, joined the Information Governance Initiative (IGI) this year. IGI Supporters, like Integro, provide an annual financial contribution that enables the activities of the IGI, and by doing so demonstrate their commitment to the advancement of information governance (IG).

Executive Support Is Key

We asked Scott what he thought were the biggest challenges organizations face today in terms of their ability to implement successful IG programs and projects.

“I believe the biggest challenge is having the consensus and the broad executive support to affect the culture and to effect change on the company to mature to the next level. Often IG initiatives don’t become a big enough priority or the cultural challenges seem too difficult. It’s hard to imagine IG having less of a priority when I see all the risk and exposure that I do, but not all companies recognize IG’s potential, not only in reducing risk, but also greatly improving business decision-making,” says Scott.

The good news is, challenges like this can be overcome and successful change management is possible, explains Scott. He’s witnessed and helped foster success across a variety of IG projects. Scott sees high level support and goal-setting as key elements to success.

“Support from the executive level makes a huge difference in a successful project. I recommend forming an executive level, cross-functional committee that has support from the Board or CEO. When chartered with goals and metrics that are effective for the company, this cross-functional leadership group can lead and direct and delegate to an executive who runs the program.

Likewise, it’s important to have goals and objectives that matter for the company. If the initiative and its goals don’t hold value for executives, they aren’t going to give it the time of day. With a cross functional executive team and goals that matter, the benefits can be huge,” he added.

Scott’s observations are consistent with IGI’s research results as reported in the 2015-16 IGI Annual Report. Change management was the third most commonly reported barrier to successful IG; 60% of IG practitioners identified it as a barrier to IG progress at their organizations. Additionally, more than one third of practitioners identified lack of executive support as a barrier.

IG Results Are Achievable: A Customer Success Story

One of Integro’s specialties is email governance, an area in which change management can be very tricky. All too often, Scott shares, he hears organizations and stakeholders within them making all types of excuses as to why they can’t effectively govern their emails.

“The thought of trying to change users’ email habits scares a lot of company executives. But it doesn’t need to be complicated or controversial. I’ve seen companies of all sizes, from small firms to large, multinational corporations, have success. explains Scott.

Scott points to a large email governance initiative as an example of a customer who achieved IG success by effectively garnering executive support and developing strong goals, as he recommends.

“We have a global, fortune 500 client with tens of thousands of users in dozens of countries. They have had tremendous success with an enterprise-wide email management solution Integro helped the company implement. The solution, which leverages Integro’s product, Integro Email Manager and Microsoft Exchange, enables the company to organize and manage email by its value. They retain a small percentage of corporate email that has value, while at the same time regularly, defensibly and soundly disposing of the transient content. The end result for the client has been millions saved on eDiscovery and storage costs. They are achieving the goal that so many think is too big of a challenge,” Scott says.

“This customer, like others who have been successful, did a great job of change management and communication. They had strong executive support up to the highest levels, and they followed a thorough change management plan that involved internal marketing and communications about the program and its importance,” he notes.

The customer’s specific approach to change management was so successful that Integro has used best practices from the project to help other companies undertaking similar endeavors.

“With the right amount of planning, forethought, and executive support, IG projects are very doable and can result in tremendous benefit for any company,” comments Scott.

 

About Integro

Integro is an award winning, industry recognized products and services firm specializing in Information Governance, Enterprise Content Management, and Content Security solutions. Since 1995, Integro has been delighting clients with technology solutions that support defensible disposal, minimize risk, reduce eDiscovery and storage costs, ensure compliance, govern email records, and enable auto-classification. Integro is proud to be named a Top ECM Consultant by research firm, Clutch, a “Cool Vendor” by analyst firm, Gartner, and a Worldwide Governance award-winner by IBM. Learn more at www.Integro.com.