The Doculabs practice in information governance is designed to help you take a holistic approach to managing information risk and governance—one that encompasses how you manage the data behind your firewalls. We’ll assess the data you’re storing and where you’re storing it. We’ll also review and update your policies and procedures. And we’ll help you execute a legally defensible cleanup and migration of data. The result? Information secured in the right repository, and for only as long as it’s business-relevant, with the most sensitive and at-risk data under the tightest control—and all those redundant, outdated, and trivial (ROT) files purged from your repositories.
Benefits of an IRG (Information Risk and Governance) Program
Historically information security professionals have focused on building walls to protect sensitive data. Despite those walls, there will at some point be a breach. Information risk and governance programs reduce the footprint of sensitive data stored within your organization, resulting in lower risk and lower impacts in the event of a breach. Information governance programs also improve compliance, and the capability to manage the lifecycle of business records and other information assets.
Information Governance Impacts Stakeholders Across the Enterprise
Information governance impacts domains across the enterprise, each with a different focus leading to a unique set of concerns. The key domains, along with their focus areas, are:
- Business functions: the creators and consumers of information, that are ultimately responsible for the governance of content and data.
- Compliance: concerned about conforming with stated requirements through management processes that identify the applicable conditions and that prioritize, fund and initiate any corrective actions.
- Risk: concerned with identifying and addressing possibilities that might adversely affect realization of the organization’s business objectives.
- Information security: concerned with defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
- Privacy: concerned with safeguarding information that must remain private throughout the process of collecting and disseminating data, to address expectations of information protection and the legal and political issues surrounding them.
- Records and information management: concerned with categorizing, retaining and disposing of business information as needed to support legal, regulatory or business requirements.
- E-discovery: concerned with the process in which electronic data is sought, located, secured, preserved and searched with the intent of using it as evidence.
- Information technology: concerned with developing, managing and supporting systems to ensure data access and transactional integrity.
Components of an IRG Program
There are numerous activities to plan and manage for a successful information risk and governance program. Some of the key components include:
- Data mapping (scan and analysis of content using file analytics software);
- Policies and procedures for retention;
- Disposition protocols for defensible disposition;
- Cleanup and migration of data; and
- Change management.
New Tools and Approaches to Information Governance
While AI technology has been applied to records management and related information governance activities for many years, typically the results were disappointing. Now that technologies have matured, there is greater justification for the cost, effort and risk of deployment. We see AI being used more effectively now for compliance and classification - particularly when part of a "governance by design" approach.
This governance by design approach is key to success. Our most advanced clients have spent three or more years building out information governance capabilities, and are now beginning to provide these capabilities as services to the rest of the enterprise through an IG Service Center model.
To stay up to date on this, and other developments in information governance, visit our blog.