Principles of Holistic Information
Governance

Chris Walker
January 15, 2014
Copyright © Christian Walker All rights reser...
Information governance is about …
•
•
•
•
•
•

Records
Security
Info architecture
Storage
Acceptable use
Etc.

GETTING STU...
Principles of Holistic Information
Governance
(PHIGs)
1.
2.
3.

Information is an organizational asset
Understand what you...
Information is an organizational asset
 Belongs to the org – not the person
 Costs of acquisition, maintenance
 Value m...
Understand what you’re using
information for
 Different orgs / depts can use the same info
for different purposes
 What ...
Understand where it’s coming from &
where it’s going to
 Where are you getting your info & where are
you sending it?
– In...
Understand when you need it
• When do you really need it?
• Is real-time really necessary?
• What do you do when you don’t...
Understand who can & should be using
it, & for what
• It’s about more than just security
– Don’t give people info they don...
Understand your social, regulatory, &
compliance obligations
• What are your social, regulatory, compliance
obligations
• ...
Understand your information related
risks
• Too much or not enough?
– Bad decisions or analysis paralysis?

• What if it l...
Understand how stakeholders are
interacting with it
• How are stakeholders interacting with it?
– What kinds of devices?
–...
With few exceptions, information has a
finite useful life
• Most information
doesn’t last forever
• Get rid of it when you...
Make someone accountable
• C-level, single role
accountability
– Typical CIO focus is
infrastructure

• ½-step below CEO, ...
Wrapping it up
• Time to switch
– Risks -> Benefits
– Cost -> Value

• Policies -> procedures -> education -> tools
– Revi...
Additional Resources
 The Blog posts that started this
– Principles of Holistic Information Governance
– Policies First –...
Get in touch …

Copyright © Christian Walker. All rights
reserved.
Upcoming SlideShare
Loading in …5
×

Principles of Holistic Information Governance - Presented to ARMA Edmonton Jan 15/14

1,824 views

Published on

Principles of Holistic Information Governance (PHIGs) presentation for the January 15, 2014 ARMA Edmonton Chapter lunch event.

PHIGs are a business centric way of looking at managing corporate information.

Published in: Business, Education
1 Comment
3 Likes
Statistics
Notes
No Downloads
Views
Total views
1,824
On SlideShare
0
From Embeds
0
Number of Embeds
789
Actions
Shares
0
Downloads
29
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide
  • Holistic IG is more than records management and security. It’s really about how orgs use, organize, and manage info to conduct business.Info format is irrelevant.
  • Information is an organizational asset.In the course of our employ we produce and receive information. It doesn’t belong to us, it belongs to our employers. As such, we need to treat it like any other corporate asset. Even if you use a personal device to produce the information, it still belongs to the organization.Assets have acquisition costs, maintenance costs, residual value (sometimes), and get disposed of at the end of their useful lives. Tell me how this doesn’t apply to information.Residual Value – when info is ready for disposition there may still be some value that can be leveraged for reporting & analytics. E.g.: Invoice data may be copied to data warehouse prior to invoice being disposed.
  • Understand what you’re using information for.How does information help you achieve strategic objectives? A government entity and a direct-to-consumer sales organization may use some of the same information, but they will use it differently and for different purposes.Understanding what you’re using information for ought to help you understand what information you actually need. If the information you control can’t be tied to a business or compliance purpose – you don’t need it.
  • Understand where it’s coming from and where it’s going to.Information doesn’t just magically appear; it comes from somewhere. You need to identify your internal and external information sources.Most organizations don’t just fire information out willy-nilly. Information is intended for specific audiences, for specific purposes. You need to understand what effect your information is intended to have, and who you want/need it to effect.Don’t ignore or underestimate the value/obligations/impacts of information transmitted via social media channels.
  • Understand when you need it.The next person that says “I need this yesterday.” wins a smack in the head with a frozen mullet (the fish, not the hairstyle).Information is needed at various points in business and decision making processes. Is real-time information really necessary or can you wait a few minutes or hours for it? Figure out when you actually need the information in order to make a decision.
  • Understand who can and should be using it, and for what.This is not just about security, though that’s a big piece. This is also about getting the information out to those that need it or to those that you want to influence with it. Think about it in terms of getting your message out to your target audiences.Once the information has found its way to the audience, what are they going to do with it? Are they going to make a decision, buy something, receive a benefit…?
  • Understand your social, regulatory, and compliance obligations.Depending on what you do and for whom you do it, you have information related obligations. Some of these are imposed by statute, some by convention, and some are self-imposed. These obligations determine how long you must keep information, what you can do with it at the end of its life, and to whom you may or must disclose it when asked.
  • Understand your information related risks (too much, not enough, disclosure, etc.).If some of your information leaks, what’re the consequences and can you live with them?If you’re overwhelmed by information how does it impact performance?If you’re missing information can you still get stuff done?How likely are you to be sued?
  • Understand how stakeholders are interacting with it.It’s not enough to know what your stakeholders are doing with information. You need to figure out how they’re doing it.It’s not enough to identify the types and locations of devices that stakeholders are using; you also need to find out if the interactions are passive or active. Active interaction typically means that stakeholders are contributing, as well as, consuming content.
  • With few exceptions, information has a finite useful life.Unless your information has historical/archival/archeological value, get rid of it as soon as you can. It’s not just about the whole discovery/litigation thing; it’s also about de-cluttering and being info-efficient.Information is a perishable good; once it’s stale or rotted, get rid of it.Litmus Test:Does it have business value?Is there a legal/regulatory reason to keep it?Does it have archiva;/historical value?If answer to any of these is yes, keep it.The less info you have to sort through the quicker you’ll find what you’re looking for.
  • Make someone accountable.Overall organizational performance, financial performance, legal, technology … they all have single-role accountability and responsibility. As, arguably, the second most important asset of an organization, information deserves at least the same level of attention as finance, IT, HR, legal, etc.A C-level executive needs to be accountable for how information is governed and managed across the organization.
  • None of these ten “principles” is much good on its own; they only work as a whole. Other than the first and last, the key is to go only as deep as you need to in order to make things work for your organization. Nobody is expecting perfection; things just need to be good enough.I’m not trying to downplay the difficulty in formulating information governance policies and procedures. However, much complexity can be avoided if common sense is applied and business objectives remain the primary focus.
  • Principles of Holistic Information Governance - Presented to ARMA Edmonton Jan 15/14

    1. 1. Principles of Holistic Information Governance Chris Walker January 15, 2014 Copyright © Christian Walker All rights reserved.
    2. 2. Information governance is about … • • • • • • Records Security Info architecture Storage Acceptable use Etc. GETTING STUFF DONE!!! Gartner defines information governance as the specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals. Copyright © Christian Walker. All rights reserved. 2
    3. 3. Principles of Holistic Information Governance (PHIGs) 1. 2. 3. Information is an organizational asset Understand what you’re using information for Understand where it’s coming from and where it’s going to 4. Understand when you need it 5. Understand who can and should be using it, and for what 6. Understand your social, regulatory, and compliance obligations 7. Understand your information related risks (too much, not enough, disclosure, etc.) 8. Understand how stakeholders are interacting with it 9. With few exceptions, information has a finite useful life 10. Make someone accountable Copyright © Christian Walker. All rights reserved. 3
    4. 4. Information is an organizational asset  Belongs to the org – not the person  Costs of acquisition, maintenance  Value may depreciate over time  In aggregate, value may increase over time  Information has REAL value  http://christianpwalker.wordpress.com/2013/10/07/i-cant-can-youvaluing-information/  http://christianpwalker.wordpress.com/2013/11/04/i-think-i-canvaluing-information-pt-2/ Copyright © Christian Walker. All rights reserved. 4
    5. 5. Understand what you’re using information for  Different orgs / depts can use the same info for different purposes  What does your info do? – Cause action – Help plan – Support decisions – Inform / educate / entertain • Tie info to business process – Info not tied to biz proc, probably not needed Copyright © Christian Walker. All rights reserved. 5
    6. 6. Understand where it’s coming from & where it’s going to  Where are you getting your info & where are you sending it? – Internal or external – Social media – Cloud  Can you trust the sources?  What will recipients do with it? Copyright © Christian Walker. All rights reserved. 6
    7. 7. Understand when you need it • When do you really need it? • Is real-time really necessary? • What do you do when you don’t get it in time? • Stale information Copyright © Christian Walker. All rights reserved. 7
    8. 8. Understand who can & should be using it, & for what • It’s about more than just security – Don’t give people info they don’t need – E.g.: don’t present travel / expense policies to employees that don’t travel • Who can have or use it? What can they do with it? • What’s the best way to get info to audience? Copyright © Christian Walker. All rights reserved. 8
    9. 9. Understand your social, regulatory, & compliance obligations • What are your social, regulatory, compliance obligations • Historical perspective • Multiple jurisdictions • Data sovereignty • Self-imposed / business vs. Statutory – Most stringent wins? • Curator or Custodian? Copyright © Christian Walker. All rights reserved. 9
    10. 10. Understand your information related risks • Too much or not enough? – Bad decisions or analysis paralysis? • What if it leaks? • Legal, FOIP/FOIA/ATIP • Risk profile – Probability of occurrence – Impact of occurrence – Litigation frequency • Costs of mitigation vs. Impacts of occurrence • You can’t protect against everything Copyright © Christian Walker. All rights reserved. 10
    11. 11. Understand how stakeholders are interacting with it • How are stakeholders interacting with it? – What kinds of devices? – Where are they accessing? • Passive or active interactions? – Do your consumers become contributors? Copyright © Christian Walker. All rights reserved. 11
    12. 12. With few exceptions, information has a finite useful life • Most information doesn’t last forever • Get rid of it when you can – Legally defensible destruction is only one aspect – If it still has business value, keep it • De-clutter, become infoefficient Copyright © Christian Walker. All rights reserved. 12
    13. 13. Make someone accountable • C-level, single role accountability – Typical CIO focus is infrastructure • ½-step below CEO, ½-step above rest of C-suite – Stakeholder input, 1 person accountable • No room for bias – Balance business objectives against compliance & risk Copyright © Christian Walker. All rights reserved. 13
    14. 14. Wrapping it up • Time to switch – Risks -> Benefits – Cost -> Value • Policies -> procedures -> education -> tools – Review & repeat as required • It doesn’t have to be perfect, good enough is good enough • Focus on business first • Balance business benefits against compliance, risk • Approach depends on org type & info type • Information governance is about getting business done Copyright © Christian Walker. All rights reserved. 14
    15. 15. Additional Resources  The Blog posts that started this – Principles of Holistic Information Governance – Policies First – Holism in Information Governance – Governance Sucks but Doesn’t Have To Copyright © Christian Walker. All rights reserved. 15
    16. 16. Get in touch … Copyright © Christian Walker. All rights reserved.

    ×