Information and data proliferate; the emergence of new information sources and the growth of connected devices mean that information governance (IG) is more important than ever before. By 2016, 20 per cent of CIOs in regulated industries will lose their jobs for failing to successfully implement effective information governance, according to Gartner.
How can organisations successfully strike the balance between governing their information appropriately whilst using data to power their business?
Data has grown at an overwhelming rate and organisations are dealing with a massive increase in its quantity and velocity. It is predicted that 2016 will be the year that we enter the zettabyte era.
The vast array of data types that diversify and evolve all the time compound the problem. Traditional data types, such as documents, emails, jpegs and standard video, are now joined by high definition video, lossless audio and short message services. These sit alongside relational, big data and block chain databases. The complexity does not stop there. The transitions of data as viewed through the lens of storage, compression and secure transmission is becoming more intricate too. Cloud storage offerings, personal devices, social media, machine-to-machine and paper filing systems (yes many of us still have these!) are creating a stimulating mix for those with the responsibility of oversight. Further, regulatory and legal requirements, such as Sarbanes-Oxley, Solvency II, Basel II and HIPAA, place obligations upon enterprises to properly handle and manage their data regardless of format.
The increasing complexity in data, with expanding external requirements, continues to create challenges for those responsible for managing it. We see too often that organisations are in firefighting mode, putting out flares rather than treating data as an opportunity. And this is where organisations can use Information Governance to benefit the business.
Data in a silo more often than not has purpose and value, principally for those departments and functions that created it. Operating in such silos not only adds to the growth of data, but as people transition in and out of organisations, demands change. More often than not, systems fall out of use, are forgotten and not decommissioned – this is where risk lies because organisations cannot govern or protect what they are unaware of.
Enterprises need to strike the balance between properly governing this information and using valuable data to its best advantage. Siloed data, however useful it might be to a small group of people, can become potent when combined with data from other sources, for example, in building a unified dataset of an organisation’s suppliers, products and customers. By bringing together structured, transactional and unstructured data, enterprises can gain insight and realise the benefits of business intelligence through an Information Governance framework.
Information Governance and The Goldilocks Syndrome
Information Governance can help organisations deliver operational efficiency and to mitigate risk. Too often, enterprises view this as a restrictive process rather than an empowering one. We urge CIOs to consider the Goldilocks Syndrome and to assess whether there may be too little or too much governance for particular information assets? This means finding a middle ground between setting the right structures and processes while operating appropriate controls to effectively manage information and not over-govern and stifle innovation and enterprise growth.
Organisations need to start or overhaul their Information Governance process by asking themselves, “Are there barriers making data sharing difficult?”, “Is there an opportunity in the marketplace that could make use of our data?”, “Are current information and data management practices reflective of current industry good practice?” When addressing these questions, keep in mind the following:
- Framework: Setting the right structures and operating principles will cement good practice. The framework should be based upon the operating principles of the organisation incorporating jurisdiction and legislation duties, where pertinent. This stage is all about assessing the risks and identifying opportunities. Taking a capability-led approach will help to align the framework to the organisation’s vision and strategic goals.
- Policy: Develop policies that encourage adherence to the framework. The policy stage is about defining practices in the treatment of both information and data. Policy does not define ‘who’ in the capability-led framework for IG but ‘how’ information is managed, stored, and shared securely during its lifecycle.
- Control: The exercising of controls can be the most challenging part to IG. The assignment of roles and responsibilities are set at this stage. Where possible try to realise monitoring and reporting mechanisms through automation.
- People: Communicating the framework and policies and selling this good practice throughout the organisation will set the direction to ensure control over data through IG. The challenge around automation is that accidents are likely to happen and processes are only as good as the people operating them.
Capability-led planning offers organisations the opportunity to get the maximum benefit from their data through unification. This process ensures that Information Governance not only supports the enterprise as a whole, but that it also maintains core business functions and delivers business-critical insight.
On-going Information Governance
Information Governance is not a one-time event but an on-going activity that is recognised through changed behaviours. Organisations willing to transform their information practices will benefit through business and IT alignment and process design. This is vital in helping them to manage risk as well as gaining value from greater insight into their data. This can only be achieved by creating a distinction between people who administer the infrastructure (CTO) and those who manage the content in the system (CIO).