Take Charge of Information Governance and Compliance

Today, data breaches and cyber-theft are at an all-time high, with new and evolving technologies being used to instigate as well as prevent attacks. As a result, organizations are being compelled to take both defensive and offensive measures to protect the privacy and integrity of their information assets. The trend from both a regulatory as well as an operational point of view is toward more stringent, more comprehensive and more transparent, unified information governance policies and procedures.

security governanceHow can you take charge?  One way is to automate your information governance workflow, practices and procedures. The act of streamlining information governance helps organizations form more comprehensive strategies. Before any automation can be applied, every organization must conduct a comprehensive assessment of information assets across the enterprise and grapple with retention and disposition policies and practice. Best practices focus on applying frameworks and rules that encompass records classification, a set of retention rules, and a procedure to lock down records so that they cannot be deleted unless in accordance with retention rules. Also important is implementing a process to help ensure that systems can export records and all of their metadata in a format that can be imported to successor applications.

Another best practice for advancing your current information management program to an enterprise-wide, integrated and mature set of procedures is by conducting what Canon terms a business process assessment. This is an objective in-depth analysis of the current state of an organization’s records management program including strengths and weaknesses and what must be done to build upon positives and address the negatives. The ingestion and egress of information is mapped; repositories are identified (including “rogue” repositories that are created by employees without notifying the IT department); current taxonomies are identified including how they were implemented; concerns expressed by employees about how they access information are gathered; bad recordkeeping habits are documented; and how the current overall program may negatively impact the organization’s ability to meet regulatory requirements is clarified.

Create a framework

While leveraging the business process assessment for guiding future direction, the next step is to craft the information governance framework that will support program planning, monitoring and enforcing compliance. This, in turn, drives the company’s ability to define, approve and communicate the information management program (policy, retention schedule and procedures) while implementing it with new standards, architecture and analytics reporting functions. Figure 1 below highlights many of the key elements of an information governance framework.

information governance framework

Figure 1: Example of an information governance framework

This is a time-intensive and expensive undertaking, consisting of five phases:  the business process assessment, the resulting report that will be referenced for all initiatives, planning for change, implementation and analytics.  Within the table, each phase is summarized at a high level to provide an orientation on how to get started.

Consider additional steps

What are some additional steps you should take to automate and improve your information governance and compliance efforts?  Consider these four essential practices.

Modernize your information infrastructure. This is an important first step that includes assessing the current state, developing a set of goals and business requirements to leverage automation, and implementing changes to connect and consolidate repositories, extend information and process accessibility, and increase operational effectiveness. (The information governance framework spotlighted in Figure 1 offers one tactical and strategic approach to achieving these goals.)

Digitize core compliance and governance processes. This includes identifying processes that will be best suited to automation. Look to reduce or eliminate paper-based and manual activities that slow the process and expose the organization to additional risk. Then apply business rules and technology to automate the identification and classification of information, access controls, and keyword and full-text search.

Utilize data capture functionality. When it comes to information governance, it is important that organizations look further than simply a scan-and-store approach. For many, “digitization” tends to imply scanning a piece of paper and filing away an image file instead. However, you could be entirely paperless but still miss the broader opportunity to leverage information in a way that is increasingly more beneficial to the performance of your organization. Work to utilize inbound data capture for more than just indexing data for the image. This is at the heart of business intelligence and more expansive information governance.

Consider data remediation. Data remediation is a critical element of any sound information governance program. Employees are using shared and personal hard drives, cloud services and other devices for data storage. This makes it extremely difficult to manage the massive amount of information being created and stored. Under these conditions, there is no elimination of what is commonly referred to as ROT (redundant, obsolete and trivial data). There is also no consistency in storage syntax and naming conventions, and no data cleansing. Service providers such as Canon can provide the analytics to identify what you have, classify that information and cleanse it to eliminate the ROT.

Information governance and compliance are pressing concerns for C-suite leaders in all industries. With evolving compliance demands, quickly changing technologies and ever-more-pressing threats in cybersecurity, it’s easy to lose sleep at night. One way to rest better is to automate information governance and compliance. The technologies and approaches work to solidify your information governance strategy, while ensuring that policies and procedures are performed and adhered to automatically, every day.

Ken Neal

is a certified enterprise content management practitioner (ecmp) and director of corporate communications for Canon Business Process Services, a leader in managed services and technology.