Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information governance: Blind men, meet your elephant

Published byCecilia Chapman Modified over 6 years ago

Similar presentations

Presentation on theme: "Information governance: Blind men, meet your elephant"— Presentation transcript:

1 Information governance: Blind men, meet your elephant
Patrick Cunningham, FAI Senior director, information governance Motorola solutions

2 Information Governance
It’s E-discovery It’s Data Management Information Governance It’s Records Management 2.0 It’s Information Security

3 Progress? Or buzzword bingo?
Records Management Records and Information Management Knowledge Management Strategic Information Management Content Management Information Governance

4 For every perspective, a different viewpoint
Constituencies Functions Records Managers Information Security Lawyers IT Staff Information Security Data Science Electronic Discovery Business Management Compliance Business Intelligence Analytics Records Management Finance Audit Privacy Risk Management IT and Infrastructure Mgmt

5 Business drivers Litigation Cost Compliance Risk Security

6 Gartner on information governance
Gartner defines information governance as the specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.

7 Edrm and igrm

8 2014 Annual Report Sneak Peek: Our Definition of Information Governance
What is information governance? We are asked this question all the time. After all, we are the “Information Governance” Initiative. We thought it was important to have a clear answer. Today, with the help of our community, we are providing that answer. But first, a word about definitions. Definitions certainly are important – we have to speak the same language to have a conversation. But the words used to define IG are less important than the concepts. And the definition you use is less important than having a common understanding among your IG team. We hope to provide a starting point for that common understanding in the form of a definition that has broad support from the information governance community. Also, keep in mind that you are really asking at least three separate questions when you ask, “What is information governance?” The Concept: What is IG? Impressions regarding the central ideas and organizing principles of IG. To date, most public discussion of IG has happened at this level, which is to be expected given the relative immaturity of IG as a distinguishable pursuit or discipline. The definition we are providing today hits this level. The Market: What do I buy? The conceptualization of IG as a market for products and services. We did not attempt a market sizing as we believe that is a domain well-covered by analyst firms, but we were curious about whether IG is perceived as a market, and if so, what are the dimensions of that market. Our upcoming 2014 Annual Report also hits this level. The Work: What do I do? The dimensions of IG as an activity that is undertaken by organizations. IG as an operational model. What are people doing, and how are they doing it? What are their plans? Our upcoming 2014 Annual Report also hits this level. In any case, we proposed a definition to our community as part of our upcoming Annual Report, and they overwhelmingly supported it. 93% said they agreed with the definition. Information governance is: The activities and technologies that organizations employ to maximize the value of their information while minimizing associated risks and costs. Remarkably, as the graphic shows, there was also incredibly strong agreement among those who provide IG products and services, those who consume them, and those who cover the space. This agreement shows that the IG market is starting to mature and bodes well for IG practitioners. We have already been testing out our definition in some of our advocacy work, which you can see here. If you find value in our definition, then use it. If not, find a way to define IG in your organization that will maximize the chance of IG being taken up as a central concept in the way you manage information. In either case, join us in mapping the way forward. We are excited to be able to release this infographic under a Creative Commons license that enables you to freely use it as you build support for information governance at your organization. In fact, since this graphic will likely end up in your PowerPoint presentations, we have done some of the homework for you and provided a PPT deck that includes the graphic and speaker notes. Stay tuned for more infographics and PPT decks in the coming weeks as we leak key data from our 2014 Annual Report ahead of its official publication in August 2014.

9 The Sedona conference says…
“Information Governance” as used in this Commentary means an organization’s coordinated, inter-disciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value. As such, Information Governance encompasses and reconciles the various legal and compliance requirements and risks addressed by different information-focused disciplines, such as records and information management (“RIM”), data privacy, information security, and e-discovery. Understanding the objectives of these disciplines allows functional overlap to be leveraged (if synergistic); coordinated (if operating in parallel); or reconciled (if in conflict). The position of The Sedona Conference® is that Information Governance should involve a top- down, overarching framework, informed by the information requirements of all information stakeholders that enable an organization to make decisions about information for the good of the overall organization and consistent with senior management’s strategic directions. The Sedona Conference® Commentary on Information Governance, December 2013

10 Vendor-centric model (sap)

11 Governance Activities
INFORMATION GOVERNANCE AND LEGAL SUPPORT Key Constituents Labor Law Contract Law Litigation OEC Privacy Committee HR Information Authorities Knowledge Champions Internal Audit Finance Law Department Support Compliance Activities Governance Activities Responsibilities IT Sox Audit PCI Audit Records Certification Discovery Investigations Defensive Monitoring Responsibilities iProtect Policy and Controls Records Policy / Retention IPSE & Contract Support Operational Readiness Exceptions MA&D Training Customer Risk Questionnaires Server Decommissioning Responsibilities Application Development Software Engineering Software Architecture Risk Mitigation Reports to: Sr. Director, Information Security Chief Information Officer SVP, IT and Marketing CEO

12 This model… Very tightly aligned with Legal, IT and Information Security Is control-based and auditable Drives a set of non-functional requirements into new IT systems and tools Understands risk (contractual and technology) Connects IT, InfoSec, Legal, Procurement, and Finance Has limited business connections Has limited records management activity

13 At the core… Records management principles Understanding the lifecycle
Understanding the implications of the “where” “If you don’t know where it is, you can’t protect it.”

14 Value, value… value? If your commercial records center loses a box, how much do they pay you? The story of the $10 million box of records Compliance, regulatory, litigation value Value in the real world Not reinventing the wheel Finding value in Big Data “Thar be dragans” “If you don’t know where it is, you can’t leverage it.”

15 Pat’s viewpoint Prevent loss of data that matters.
Support legal discovery process Define and manage defensible disposition Drive information to secure, common repositories Identify, locate, and secure sensitive and proprietary information Communicate and train secure behaviors Minimize disruption to the business. Balance controls to risk appetite Deliver simple, effective tools Reduce and mitigate threats Ensure appropriate behaviors Meet compliance requirements

16 Data that matters? Let’s not get hung up on the term
You can use “information” if you like But let’s stay away from “records” Why? Defining a “record” for us is akin to astronomers debating whether Pluto is a major planet or a minor planet (Yes, I know you’re mostly lawyers out there)

17 Netting it out – information governance is:
A system of policies, controls, procedures, and tools Governing the lifecycle of an organization’s data that matters Ensuring appropriate ease of access when needed and defensible disposition when no longer needed Limiting business disruption While maintaining appropriate security Within an auditable framework In line with the organization’s risk appetite and regulatory environment.

18 Make sense? Information Governance
A system of policies, controls, procedures, and tools governing the lifecycle of an organization’s data that matters. This system ensures appropriate ease of access to data when needed and defensible disposition of data when no longer needed. This system limits business disruption, while maintaining appropriate security, within an auditable framework in line with the organization’s risk appetite and regulatory environment.

19 Thank you!

Download ppt "Information governance: Blind men, meet your elephant"

Similar presentations

Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.

Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Fluff Matters! Information Governance in an Online Era Lisa Welchman.

Fluff Matters! Information Governance in an Online Era Lisa Welchman.
Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.

Presentation By: Chris Wade, P Eng. Finally … a best practice for selecting an engineering firm.
By Saurabh Sardesai www.starvaluemodel.com October 2014.

By Saurabh Sardesai October 2014.
Certified Business Process Professional (CBPP®)

Certified Business Process Professional (CBPP®)
Information Security for the Data Management Professional Micheline Casey Chief Data Officer Federal Reserve Board.

Information Security for the Data Management Professional Micheline Casey Chief Data Officer Federal Reserve Board.
Class 14: Information Governance Jason R. Baron UMD Seminar on Ediscovery LBSC 708X/INFM 708X May 3, 2012.

Class 14: Information Governance Jason R. Baron UMD Seminar on Ediscovery LBSC 708X/INFM 708X May 3, 2012.
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM 817.352.4929 or

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Electronic Records Management: What Management Needs to Know May 2009.

Electronic Records Management: What Management Needs to Know May 2009.
Information Assurance The Coordinated Approach To Improving Enterprise Data Quality.

Information Assurance The Coordinated Approach To Improving Enterprise Data Quality.
STORAGE MANAGEMENT/ EXECUTIVE: Managing a Compliant Infrastructure Processes and Procedures Mike Casey Principal Analyst Contoural Inc.

STORAGE MANAGEMENT/ EXECUTIVE: Managing a Compliant Infrastructure Processes and Procedures Mike Casey Principal Analyst Contoural Inc.
Roles and Responsibilities

Roles and Responsibilities
Records & Information Management (RIM) Risk: Is Your Company Exposed? March 19, 2013.

Records & Information Management (RIM) Risk: Is Your Company Exposed? March 19, 2013.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the Preface to the Standards on Internal.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Holistic Approach to Security

Holistic Approach to Security
Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.

Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.

Similar presentations

Ads by Google