Information Governance Policy Development Paper.
develop an information governance (IG) policy, you must inform and frame the policy with internal and external frameworks, models, best practices, and standards—those that apply to your organization and the scope of its planned IG program. In this chapter, we fi rst present and discuss major IG frameworks and models and then identify key standards for consideration. Information Governance Policy Development Paper.
ORDER A CUSTOM-WRITTEN, PLAGIARISM-FREE PAPER HERE
A Brief Review of Generally Accepted Recordkeeping Principles®
In Chapter 3 we introduced and discussed ARMA International’s eight Generally Accepted Recordkeeping Principles ® , known as The Principles 1 (or sometimes GAR Principles). These Principles and associated metrics provide an IG framework that can support continuous improvement.
To review, the eight Principles are:
1. Accountability 2. Transparency 3. Integrity 4. Protection 5. Compliance 6. Availability 7. Retention 8. Disposition2
The Principles establish benchmarks for how organizations of all types and sizes can build and sustain compliant, legally defensible records management (RM)t programs. Information Governance Policy Development Paper. Using the maturity model (also presented in Chapter 3 ), organizations can assess where they are in terms of IG, identify gaps, and take steps to improve across the eight areas The Principles cover.
IG Reference Model
In late 2012, with the support and collaboration of ARMA International and the Com- pliance, Governance and Oversight Council (CGOC), the Electronic Discovery Ref- erence Model (EDRM) Project released version 3.0 of its Information Governance Reference Model (IGRM), which added information privacy and security “as pri-y mary functions and stakeholders in the effective governance of information.” 3 The model is depicted in Figure 6.1 . Information Governance Policy Development Paper.
The IGRM is aimed at fostering IG adoption by facilitating communication and collaboration between disparate (but overlapping) IG stakeholder functions, includ- ing information technology (IT), legal, RM, risk management, and business unit
Figure 6.1 Information Governance Reference Model Source: EDRM.net
Linking duty + value to information asset = efficient, effective management
Duty: Legal obligation for specific information
Value: Utility or business purpose of specific information
Asset: Specific container of information
VALUE
Create, Use
DUTY ASSET
Dispose
Hold, Discover
Store, Secure
Retain Archive
UNI FIED GOVERNANCE
BUSINESS Profit
IT Efficiency
LEGAL Risk
RIM Risk
PRIVACY AND
SECURITY Risk
PROCESS TRANSPARENCY
POLIC Y INTEGRATION
Information Governance Reference Model / © 2012 / v3.0 / edrm.net
ORDER A CUSTOM-WRITTEN, PLAGIARISM-FREE PAPER HERE
stakeholders. 4 It also aims to provide a common, practical framework for IG that will foster adoption of IG in the face of new Big Data challenges and increased legal and regulatory demands. It is a clear snapshot of where IG touches and shows critical in- terrelationships and unifi ed governance.5 It can help organizations forge policy in an orchestrated way and embed critical elements of IG policy across functional groups. Ultimately, implementation of IG helps organizations leverage information value, re- duce risk, and address legal demands. Information Governance Policy Development Paper.
The growing CGOC community (2,000+ members and rising) has widely adopted the IGRM and developed a process maturity model that accompanies and leverages IGRM v3.0. 6
Interpreting the IGRM Diagram *
Outer Ring Starting from the outside of the diagram, successful information management is about conceiving a complex set of interoperable processes and implementing the procedures and structural elements to put them into practice. It requires:
■ An understanding of the business imperatives of the enterprise, ■ Knowledge of the appropriate tools and infrastructure for managing informa-
tion, and ■ Sensitivity to the legal and regulatory obligations with which the enterprise
must comply. Information Governance Policy Development Paper.
For any piece of information you hope to manage, the primary stakeholder is the business user of that information [emphasis added]. We use the term “business” broadly; the same ideas apply to end users of information in organizations whose ultimate goal might not be to generate a profit.
Once the business value is established, you must also understand the legal duty attached to a piece of information. The term “legal” should also be read broadly to refer to a wide range of legal and regulatory constraints and obligations, from e-discovery and government regulation to contractual obligations such as payment card industry requirements.
Finally, IT organizations must manage the information accordingly, ensuring pri- vacy and security as well as appropriate retention as dictated by both business and legal or regulatory requirements. Information Governance Policy Development Paper.