Challenges of Information Governance: the daily reality! 2 of 3

The pace of digital innovation

Technological innovation is permanent and irreversible. In today’s competitive landscape, businesses are leveraging each new technology to improve their time to market, enhance their customer services and expand their channels of distribution; or, alternatively, to reduce their costs with fewer points of sale and with optimized processes. This transformation has created the “digital universe” we know today where the quantity and the variety of information produced and consumed is exploding, year after year.

Organizations are now facing new challenges: moving into this digital universe means that manual processes related to organizing and managing information are no longer viable. A global information management strategy requires flexibility in order to facilitate the integration of each new service deployed, and each new department or acquisition. Such a strategy also needs to give end users an opportunity to be involved digital transformation and provide platforms for them to collaborate from day one.

Moving to cloud-based services

One important part of digital transformation is the transition from traditional server room software licensing arrangements to cloud-based services. Here we find a good example of what for many organizations is an increasingly urgent consideration. Cloud service models require no hardware purchases or deployment costs and can usually be brought online in mere hours. Often, up-front licensing costs are small or non-existent and the service adopts a pay-per-use mode. Not only that but cloud services are available from everywhere, facilitating a mobile workforce and work from home arrangements.

Cloud-based services have many great advantages. Nothing is easier for any department such as marketing or customer services, to deploy and use a new service with a simple credit card. However, because they are simple and easy to initiate by anyone in any department, they are often implemented outside of any information management or IT control, and information created and manipulated by these services is not accounted for by traditional records management, and avoids governance by information policies, the information lifecycle, retention schedules and disposition.

Cloud services therefore introduce a new complexity and represent a clear challenge for an information governance program. It simply won’t work if a company defines a set of global information policies but is unable to apply them to corporate systems and services in the cloud. Information policies must be enforced on any information wherever it resides and whatever the application that has created it, otherwise the organization cannot meet its compliance goals.

One particular cloud-based service, so-called cloud drives or cloud boxes contribute significantly to these challenges. Their deployment, in personal apps, exploded with the BYOD wave some years ago. This effectively provided an opportunity for any employee to access and sync all of their professional documents and files from their work computer or laptop onto a personal device such as a tablet, outside the control of the IT department. At the time this represented a big breach in information risk management and compliance.

Roll forward a few years, and we find that the cloud box suppliers have developed professional editions, that can be set up for an entire department in a couple of clicks. These business editions provide a new and easy file sharing system, with key collaboration features and basic lifecycle management functions, that can replace and bring many benefits over traditional local area network shared drives. But here again, these cloud boxes are not under the radar scope of records managers, and global information policies are not enforced on the documents they store. The breach in compliance is still there, and content consolidation in one place to facilitate its management is not a solution. Management has to be done in-place in every cloud-based service that the organization subscribes to.

Are records managers Information Governance managers?

This question is one that we have been commonly asked over the last few years. The answer remains open. From what we have learned (see the previous post LINK) and from the technology challenge discussed previously, it seems that record managers are challenged as well in their daily life. They fight to get their existing information policies understood and applied. But often in the digital world, their processes and workflows have too many analogies with physical records management. This may have worked when electronic records were first introduced, but many employees nowadays have never worked in environments where they needed to manage a paper workflow. These employees have come straight from school or college where there assignments are submitted electronically, and where the most popular device is their smartphone or their tablet.

It is increasingly tougher for traditional Records Managers as they try to balance their own priorities, preserving the long archive heritage of physical records, increase their collaboration skills across multiple departments, and to digest the new and permanent workplace technologies like cloud boxes and other new services. And, of course, they are also expected to define the strategies that need to be in place for implementing future Information Governance programs and initiatives. If new technologies allow end users to collaborate, find what they need, and improve the organization’s time to market, it is a clear indication that we need technologies that can answer the Records Manager’s challenges as well. If the relationship between Record Managers and the IT department haven’t been always good, at least this should provide an opportunity to reconcile their objectives.

Aren’t we too ambitious?

Many companies have perceived the Information Governance program as a global one. And only as a global one. Executives think that because Information Governance deals with risk management, the perimeter of the project has to be global. Some very specialized vendors have demonstrated that Information Governance could be similar to a journey. This means starting small, and following an iterative process, enlarging the program step-by-step, and adding functions or departments one-by-one.

Trying to introduce Information Governance guidelines into the mindset of any business manager or information owner and change organizational culture and behavior is inevitably a long process. The best chance of success is to start by looking for those areas of the organization where an Information Governance program will make the biggest impact, and the biggest value.

It is also critical to have metrics in place to objectively measure the program’s efficiency. These need to be set around the three key objectives: Minimizing Risk, Minimizing Cost and Optimizing Value. Organizations have found that defining a broad ROI for Information Governance has not been an easy thing to do. By focusing on these objectives the question, “Are we being too ambitious?” can be replaced with “Where can I find a flexible and innovative solution that can fit a progressive and flexible approach to my Information Governance program?”

Compliance and Governance

The interaction between the two concepts of compliance and governance is a key aspect of an Information Governance program. As described earlier, information policy related laws and regulations are increasing across all industries and in all countries. Today’s organizations need to protect themselves from any non-compliance. They are also looking for multi-jurisdictional capabilities as they provide their products and services all over the world through their website or on mobile apps. Often they have defined some information management policies in regards to their own internal processes, but they need to extend their policies by adding those relevant to their business in the countries where they operate. More than this, a multi-jurisdictional approach is now a must. Most countries have local adds-on to international regulations and must comply with laws that are defined at different levels. Examples of multi-jurisdictional legislation include the European GDPR (General Data Protection Regulation), the EU-US Privacy Shield, etc. Organizations need to stay on top of these emerging regulations.

For organizations where a changing information policy landscape is a permanent condition, any Information Governance solution that can evolve with customer requirements and offer a flexible value proposition is sorely needed. It is time to redefine Information Governance.

 

To find out more, read part 3.