Presentation is loading. Please wait.

Presentation is loading. Please wait.

Peter Kurilecz crm ca igp

Similar presentations


Presentation on theme: "Peter Kurilecz crm ca igp"— Presentation transcript:

1 Peter Kurilecz crm ca igp
Fundamentals of Information Governance: More than just records management Peter Kurilecz crm ca igp

2 “Hard as I try, I simply cannot make myself understand how Information Governance isn’t just a different name for Records Management.” “…some of the IG evangelists that have posted on this and other forums the IGer must have expertise in all of the disciplines, not just a few.  That is a tall order for someone in today's dynamic environment.  Is this individual a ringleader or conductor?  Does he or she own the process or just a facilitator? I've seen different answers depending on who posts. Call me dense … but I am somewhat confused the role an IGer plays in all of this.?” IG is strategic in nature, RM is tactical. Yes it has legs

3 Fundamentals of Information Governance
Part 1 What is Information Governance? Part 2 How is Information Governance different from Records Management? Part 3 What are the required components for Information Governance? Part 4 How to start an Information Governance Program? Part 5 Benefits of Information Governance Part 6 Future of Information Governance Part 7 Resources

4 What is information governance?

5 From John Isaza presentation
Thanks to John Isaza for this image From John Isaza presentation

6 What is information governance?
ARMA International – Information governance is a strategic framework comprised of standards, processes, roles, and metrics that holds organizations and individuals accountable to create, organize, secure, maintain, use, and dispose of information in ways that align with and contribute to the organization’s goals. Gartner - the specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals. Wikipedia – the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements.

7 What is information governance?
An accountability program that enforces behavior in the creation, use, archiving, and deletion of corporate information. Requires a cross-functional team involving (at a minimum) legal, records management compliance, business and IT. Enables central management of retention policy and metadata Supports enforcement of IG policies across business functions, locations and information silos. A superset of records management programs that feature similar methodologies and processes Tamir Sigal, VP RSD

8 What is information governance?
Involves Multiple Systems Computing environments Content Management Systems Cloud Applications Employee Devices Physical Warehouses Multiple Jurisdictions and Laws Over 14,000 laws and regulations related to information management

9 Principles of Holistic Information Governance (PHIGs)
Information is an asset Information has purpose Information has sources & targets Information has deadlines Information has consumers Information carries obligations Information carries risks Information has many forms Information isn’t immortal Information demands accountability None of these ten “principle” is much good on its own, they only work as a whole. At AIIM 2014 Chris did a presentation about an organization that started implementing IG using PHIGs Chris Walker - Presentation to ARMA Calgary Chapter - May 13,

10

11 What is information governance?
Cohasset Information Governance Survey IG Programs are more prevalent, better-designed and inclusive of ESI Effective IG is increasingly recognized as imperative for corporate compliance and risk mitigation Information governance must modernize or forever be losing in a game of catch-up Legal hold processes are more commonplace

12 What is information governance?
Key takeaways Information is an asset Volume continues to grow across structured and unstructured systems It is a framework to better manage all corporate Information Must include the wide variety of laws and regulations from across multiple jurisdictions

13 Information Governance
TBD = HR, Accounting, Finance, LOBS

14 Part 2 How is IG different from RM

15 Information Governance vs Records Management
Holistic Strategic View Long-term Broad view Records Management Tactical View Short-term Narrow focused view HOWEVER – RM is a key component of Information Governance

16 What role will records manager take in IG?
Two distinct roles 1. Strategic – Embraces and learns all facets of information governance Sits at the table with Legal, IT, Privacy and other IG members to develop the organizations strategic IG plan 2. Tactical – Implements decisions made by the IG committee Continues in a traditional records manager role.

17 IG oversees Content and Repositories
Iron Mountain- A Practical Guide to Information Governance for Financial Services

18 Part 3 What are the required components for Information Governance?

19 Part 3 What are the required components for Information Governance?
Steering Committee Legal Records Management IT Privacy Compliance Security Others as Needed Human Resources Finance LOBs

20 Part 3 What are the required components for Information Governance?
Mission Statement Policy Statement What information should be governed? Why does it have to be governed? Business reasons Legal reasons When should the information be disposed? How should the information be governed? Master Classification aka File Plan Policy Enforcement Audit

21 Part 3 What are the required components for Information Governance?
Key takeaways Comprehensive Global Policy Unifies Legal, RM, Regulatory, etc., under one policy Full Audit trail of actions taken Active Policy Enforcement Executives have enterprise-wide fiduciary responsibility

22 Part 4 How to start an IG Program

23 Part 4 How to start an IG Program
Steering Committee Boss (1 person) Doers (Responsible) RIM Information Security Legal Etc Consulted (Advisers) Informed (Dependents)

24 Part 4 How to start an IG Program
List and prioritize IG projects Focus on Critical Use Cases Policy Definition and Maintenance Defensible Disposal eDiscovery and Legal Holds Controlling Shared Drives Controlling SharePoint Physical Records Graphic :

25 How different business units see information
Iron Mountain- A Practical Guide to Information Governance for Financial Services

26 Part 4 How to start an IG Program
Deployment: On premise In the Cloud Hybrid Graphic :

27

28 What is IG built on?

29 Standards Standards (to name just a few)
ISO Information and documentation -- Records management (Parts 1 and 2) ISO/IEC :2012 Identification of privacy protection requirements as external constraints on business transactions ISO Principles and functional requirements for records in electronic office environments ISO/TR 17068:2012 Information and documentation - Trusted third party repository for digital records ISO/IEC 18043:2006 Information technology -- Security techniques -- Selection, deployment and operations of intrusion detection systems ISO/TR 18128:2014 Information and documentation -- Risk assessment for records processes and systems ISO :2006 Metadata for records - Part 1: Principles ISO :2009 Managing metadata for records - Part 2: Conceptual and implementation issues ISO :2011 Managing metadata for records - Part 3: Self assessment method ISO Management Systems for Records - Fundamentals and Vocabulary ISO Management Systems for Records - Requirements

30 Generally Accepted Recordkeeping Principles aka The Principles
Protection – reasonable level of protection for records and information Accountability – senior executive shall oversee the IG program Integrity – reasonable and suitable guarantee of information authenticity and reliability Disposition - provide secure and appropriate disposition Compliance – constructed to comply with applicable laws and other binding authorities Availability – ensures timely, efficient, and accurate retrieval of needed information Retention – maintain records and information for an appropriate amount of time Transparency – document business processes in an open and verifiable while making the documentation available to all personnel and appropriate interested parties.

31 Generally Accepted Recordkeeping Principles aka The Principles
PAID CART

32 Sedona Conference Principles on Information Governance Part 1
Implement an IG program to make coordinated decisions Maintain sufficient independence to ensure decisions are for the benefit of the organization All information stakeholders should participate Provide the program with the structure, direction, resources and accountability to provide reasonable assurance that objectives will be achieved Effective, timely and consistent disposal of physical and electronic information is a core component Act in good faith and give due respect to privacy, data protection, security, records and information management, risk management, and sound business practices when reconciling conflicting laws and obligations How many know who the Sedona Conference is? How many are aware that ARMA and Sedona are working together How many were aware of the recent Amelia Island IG conference jointly held by Sedona and ARMA? The Sedona Conference® Commentary on Information Governance Dec 2013

33 Sedona Conference Principles on Information Governance Part 2
If an organization acted in good faith a court or other authority should review under a standard of reasonableness Consider reasonable measures for maintaining long-term information assets integrity and availability Consider leveraging the power of new technologies Periodically review and update the program to ensure that it continues to meet the organization’s needs as they evolve How many know who the Sedona Conference is? How many are aware that ARMA and Sedona are working together How many were aware of the recent Amelia Island IG conference jointly held by Sedona and ARMA? The Sedona Conference® Commentary on Information Governance Dec 2013

34 Part 5 Benefits of Information Governance
Achievable - Powers corporate programs for physical and electronic records Simple – Automates enforcement behind the scenes Profitable – Preserves content valuable to the business Repeatable – Phased deployments Accountable – Defensible Disposition Flexible – Enables agility and responsiveness to the needs of the business Measurable – Provides visibility into the KPIs and KRIs KPI = Key Performance Indicators KRI = Key Risk Indicators

35 Information Governance is Good Business
About effectively using and managing an organization’s information assets to Derive maximum value Minimize information-related risks Governance leverages information to conduct business by asking these questions; Why is the information needed? Who can (and should) use the information? How can they use the information? When can they use the information? Where can they use the information? What can they do with the information?

36 Part 6 Resources

37 Part 6 Resources - Conferences

38 Part 6 Resources - Books

39 Part 6 Resources – Social Media
Blogs Twitter LinkedIn Groups Listservs Networking with Friends And more

40 ARMA International Information Governance Assessment
The Information Governance Assessment is a software platform organizations can use to identify information- related compliance across the enterprise, drive improvements, and develop metrics for measuring information governance (IG) program maturity. Based upon the Generally Accepted Recordkeeping Principles and The Information Governance Maturity Model The information governance assessment addresses: IG requirements included in FCPA, Sarbanes- Oxley, Dodd-Frank, and COSO IG roles and responsibilities Aligning IT with IG Auditing records and information integrity Information security Third-party IG risks Guarding against improper information disclosure Disaster recovery of electronic records IG compliance risk Litigation holds and e-discovery The sufficiency of IG training and documentation

41 Part 6 Resources – Maturity Models

42 Metagovernance

43 OFR (UK) Organizational Maturity Model
The OFR Maturity Model has the following attributes: risk awareness, risk oversight and governance, risk appetite and tolerances, risk analysis, reporting and outlook, regulatory controls, decision making, information governance, organisational performance

44 6 Phases of BPM Maturity

45 Inventory Maturity Model for IG

46 Questions?


Download ppt "Peter Kurilecz crm ca igp"

Similar presentations


Ads by Google