Information Governance (IG)
Since 1995, ISSI has worked with government agencies, healthcare operations and many other types of clients to effectively govern their information. We have implemented records management software for many and are now focused on helping clients turn Information Governance principles into policies that help them effectively manage all of their information, people and processes.
ISSI has a strategy to help you formulate your new information governance (IG) plan. We begin by identifying your information governance gaps, then help you create policies to addresses them. We start with critical or at-risk departments and gradually expand to address your whole enterprise.
If you have an existing IG policy, we can help you compare it to relevant regulatory requirements. We evaluate your IG activities against best practices and make recommendations for both system and process improvements. We can also help you implement these recommendations. Our areas of expertise include:
- High and low-volume document scanning
- Using enterprise content management (ECM) software like Hyland OnBase to store, secure and manage documents
- Using network security software such as KOMpliance to manage document access and immutability
Published by ARMA International in 2009 and updated in 2017, the Generally Accepted Recordkeeping Principles® is a high-level framework of good practices grounded in practical experience and based on consideration and analysis of legal doctrine and information theory. Below is a high-level summary of these principles:
- Principle of Accountability: a senior executive (or a person of comparable authority) shall oversee the information governance program and delegate responsibility for information management to appropriate individuals
- Principle of Transparency: an organization’s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate, interested parties
- Principle of Integrity: an information governance program shall be constructed so the information assets generated by or managed for the organization have a reasonable guarantee of authenticity and reliability
- Principle of Protection: an information governance program shall be constructed to ensure an appropriate level of protection to information assets that are private, confidential, privileged, secret, classified, essential to business continuity, or that otherwise require protection
- Principle of Compliance: an information governance program shall be constructed to comply with applicable laws, other binding authorities, and the organization’s policies
- Principle of Availability: an organization shall maintain its information assets in a manner that ensures their timely, efficient, and accurate retrieval
- Principle of Retention: an organization shall maintain its information assets for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements
- Principle of Disposition: an organization shall provide secure and appropriate disposition for information assets no longer required to be maintained, in compliance with applicable laws and the organization’s policies
ARMA’s IG principles have since evolved into the Information Governance Maturity Model.
In 2003, the UK’s Department of Health introduced the concept of broad-based information governance into the National Health Service (NHS), which was the first published version of an online performance assessment tool with supporting guidance. The NHS IG Toolkit, now known as the Data & Information Security Toolkit, is used by over 30,000 NHS and partner organizations, supported by an e-learning platform with some 650,000 users. This was the first major IG initiative.
As originally defined by the NHS, Information Governance is related to how organizations “process” or handle information, covering personal information relating to patients, service users, and employees; and corporate information such as financial and accounting records.
The central tenant of information governance is the management of content typically contained in a records management program. This includes paper, electronic documents, and multimedia in whatever structured or unstructured system that maintains it. Records management programs should consider personal files, document management, enterprise content management (ECM) systems, shared drives, cloud files shares, departmental filing cabinets, records warehouses, and online and offline computer backups.
Information governance also includes email management, both policy and archival; physical and cyber security; information rights management (IRM); auditing for both security and information integrity; and compliance, both internal and external.