If employees in your organization are spending more and more time searching for documents in the electronic or “virtual” storage spaces; or maybe they are getting creative to find that critical report yet still coming up short, you may want to put that dog on a leash and gain some control over the organizational information.
Information governance may not be the sexiest part of your organization and it may not bring in any cash, but not having it in place can sure can bring an organization to a grinding halt. Whether the lack of work productivity is informal (delays in finding information stored) or formal (regulatory orders halting the business) the costs of not properly managing information can be devastating. In a survey conducted by AIIM last year, 40% of respondents reported that information compliance breaches could result in fines, compensation claims and business suspensions.
Now with that real risk in mind, the next step is to critically assess the manner in which the organization creates, stores and manages its information. Not only do you want to see where the technical gaps are, but you need to understand the exact nature of what problems are, what order they need to be tackled and what are the best methods for addressing them. The last thing you want to do is “fix” a $1,000 problem with a $1M solution or worse yet, think you have solved a problem only to find the solution did not meet your business goals.
Because most organizations have some type of electronic storage systems: whether it be a centralized share drive or USB drives scattered throughout employees’ workstations, identifying those storage silos and how they are currently governed is a starting place. What policies and procedures govern the information? Not only take a look at whether there are any governing policies, but also look at how (if, at all) those policies are being applied in the operational setting and whether staff has been properly trained on the policies. Often organizations have spent significant resources to develop retention schedules only to have staff members admit that the schedules are not being followed and worse are unknown to apply to the electronic information that overruns the drive space.
Assessments also cover how the information gets into the system, who has access to it and what audit and history trails exist to track the information stored, in addition to the technical aspects of where it is stored and what security models are applied. Under the AIIM Recommended Practices and ISO standards, the guiding principal is: developing a methodology to demonstrate that the documents/records/information ingested into the system can be accurately reproduced at a later date without concern that it has been modified, altered or deleted in some unauthorized fashion.
Once you know where the information is stored and who has access to it, your organization needs to develop high-level baselines for understanding how the information flows through the business processes. This high-level view is critical to developing a solid strategic plan for addressing the management of the electronically stored information. Without it, organizations may fail to realize that certain business processes rely upon the information flowing through it in a particular order. It also will help identify areas of the business where further evaluation is needed and process improvements can be designed if needed.
The assessment is just the first step in the process. From it a strategic plan and budget can be developed that identifies specific issues and the solutions to be implemented. Metrics against which the success of the project can be measured will be developed and a change management strategy identified — moving the entire organization toward a successful information governance strategy.
