13 questions to ask to close the information governance gap
Despite constant security threats and complex, rapidly evolving privacy regulations, the 2018 Information Governance Benchmark Study found a huge gap between the perception and reality of information governance (IG) maturity.
While 81 percent of respondents report progress on IG programs and 72 percent say they have appropriate levels of executive support, 66 percent acknowledge inconsistent collaboration among information stakeholders and a continued reliance on siloed, ad hoc processes—signs that an immature IG program is leaving an organization vulnerable to regulatory compliance failures, data breaches and increasing costs.
The slow progress being made on IG is also reflected in this surprising AHIMA survey. But with IG is now a board priority, what’s the obstacle to progress?
The answer is the piecemeal approach that most enterprises still take. Compliance, security, legal, records, IT and lines of business all set out their data requirements and are implementing solutions to meet them, but it’s difficult for executives to see the challenges across these functions.
This lack of cross-functional coordination means enterprises remain saddled with siloed data sources, little management of data quality and lineage, few automate end-to-end data management processes, and inconsistent compliance with enterprise-wide requirements, such as the GDPR.
A culture of IG
The only way to accelerate the adoption of IG and close the gap between maturity perception and reality is creating a culture of information governance, in which all information stakeholders work cross-functionally to design, implement, monitor and mature an IG program that meets the needs of everyone.
It may be the compliance team’s imperative to meet GDPR requirements, the CISO’s need to decrease risk and shorten the response time to a breach, the legal team’s desire to respond to an e-discovery request with the minimum required information, the marketing team’s need to mine data to power new marketing programs, or the CTO trying to reduce storage and application costs.
A successful IG program enables each stakeholder to execute more efficiently and effectively toward their goals without compromising the needs of the others. A successful program must also provide access to documentation to validate the progress toward IG process maturity.
To create this culture of IG, develop a cross-functional understanding of the people, activities and solutions that constitute your IG program. To do this, be sure you can answer the following 13 questions in the affirmative. If the answer to any of them is “no,” work with your peers to change them to “yes.” Think of this as your IG cheat sheet. Tape it to your computer or office door to make sure you continue making progress.
1. Do you understand each stakeholder’s expectations regarding data? For example, do you know how fast business users expect relevant data to be delivered? Do you have an actionable plan for eliminating data silos?
2. Is the importance of IG to the organization reinforced through regular training? For example, are there regular communications regarding IG policy effectiveness and user needs? Are business users and non-IT managers educated about storage utilization and costs?
3. Does your organization take a cross-functional approach to IG? Are the right stakeholders in place for each area? Do they understand their responsibilities? Does the CTO talk regularly with legal and the lines of business? Is the CDO involved in the IG program?
4. Can you clearly state the opportunity and impetus for organizational improvements to align with maturing IG processes? Are there stated KPIs?
5. Can your organization validate that investments in new policies, processes or software tools have achieved the desired results in the context of IG requirements?
6. Can your organization classify data according to its value and monitor the cost vs. the value?
7. Can your organization monitor and document compliance with applicable laws, regulations and standards?
8. Does your organization have controlled practices regarding setting retention policies, backup routines, establishing/monitoring user access to data – and are these practices applied consistently across the organization?
9. Can your organization identify, act on, and track risks that are not being effectively mitigated?
10. Are all relevant processes sufficiently documented, and is this documentation accessible to other stakeholders?
11. Does IT involve other information stakeholders in its purchase decisions? Do other information stakeholders see IT as a facilitator and not an obstacle?
12. Is the technology stack capable of supporting the people and activity goals? Can you measure this? Is the current technology sufficiently agile to adapt to a changing environment?
13. Given the necessity of data lakes, does IT have a clear approach to managing data stewardship, data lineage and data quality? Does IT have the technology to support this approach?
By answering these questions, you can determine just how wide the IG perception and reality gap is at your organization. It is also the only way you can begin taking the cross-functional steps to close it.
Many organizations – 34 percent according to the Benchmark Report – have already succeeded at maturing their IG programs, and a variety of online resources are available to support your efforts. The path may not be a simple or easy one, but the potential benefits extend across regulatory and legal compliance, data security, improved business insight, operational efficiency and cost control.
By spearheading this effort, you can help drive success in all these areas—a result that will certainly be appreciated by your board.