How to Leverage Information Governance (IG)
Tuesday, June 11, 2019
In 2003, the UK's Department of Health introduced the concept of broad-based information governance ("IG" for short) into the National Health Service (NHS), which was the first published version of an online performance assessment tool with supporting guidance. The NHS IG Toolkit, now known as the Data & Information Security Toolkit is used by over 30,000 NHS and partner organizations, supported by an e-learning platform with some 650,000 users. This was the first major IG initiative.
Fast forward to today and there has been a lot of buzz about information governance, particularly in state and local government, but what is IG really and what does this mean for you?
What Is Information Governance?
As originally defined by the NHS, Information Governance is to do with the way organizations "process" or handle information, covering personal information (relating to patients/service users and employees), and corporate information (financial and accounting records).
The central tenant of information governance is the management of content typically contained in records management software. This includes paper, electronic documents and multimedia in whatever structured or unstructured system maintains it – e.g. multiple records management, document management and enterprise content management (ECM) systems, shared drives, cloud files shares, departmental filing cabinets, etc.
Information governance also includes email management (both policy and archival), information / cyber security, information rights management (IRM), auditing (both security and information integrity), and compliance (both internal and external)
Information Governance Principles
Published by ARMA International in 2009 and updated in 2017, the Generally Accepted Recordkeeping Principles® is a high-level framework of good practices that is grounded in practical experience and based on extensive consideration and analysis of legal doctrine and information theory. Below is a high level summary of these principles:
- Principle of Accountability: a senior executive (or a person of comparable authority) shall oversee the information governance program and delegate responsibility for information management to appropriate individuals
- Principle of Transparency: an organization's business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate, interested parties
- Principle of Integrity: an information governance program shall be constructed so the information assets generated by or managed for the organization have a reasonable guarantee of authenticity and reliability
- Principle of Protection: an information governance program shall be constructed to ensure an appropriate level of protection to information assets that are private, confidential, privileged, secret, classified, essential to business continuity, or that otherwise require protection
- Principle of Compliance: an information governance program shall be constructed to comply with applicable laws, other binding authorities, and the organization's policies
- Principle of Availability: an organization shall maintain its information assets in a manner that ensures their timely, efficient, and accurate retrieval
- Principle of Retention: an organization shall maintain its information assets for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements
- Principle of Disposition: an organization shall provide secure and appropriate disposition for information assets no longer required to be maintained, in compliance with applicable laws and the organization's policies
How to Leverage Information Governance
For the past 24 years, ISSI has worked with government, healthcare and many other types of clients to effectively govern their information. We've implemented records management software for many and are now focused on helping clients manage the people and processes needed to effectively apply ARMA's information governance principles beyond records management software.
We can help you identify your information governance gaps and what it will take to fill them, starting at the departmental level needing it the most and gradually addressing your whole enterprise.