Information Governance – Information Made Easy – Well, Made Easier
This is the second part of the blog Information Governance – Must Have or Nice to Have?
Information governance was a boon for consultants, except for when they often priced themselves out of the market. Hopefully, greed never wins. The underlying premise of information governance is sound and can significantly lighten the load for IT teams and reduce costs. The question remains, “How do we get from here to there?” Good question.
To step back a bit, I mentioned in the first part of this blog our content optimization and file analytics solution. We also have a data discovery and classification solution, used primarily for cloud security, to identify and protect privacy or sensitive information and optionally apply remediation. I am going to keep this short, as this really isn’t a sales pitch, it’s just informational and specific to the topic.
The key component in our software is the ability of our insight engine to generate metadata consisting of multiple words that have meaning, such as concepts, topics, and subjects. This multi-term metadata is classified to one or more taxonomies, where it can be managed, tested, and changed as needed. Administrators can also add terms. The technology is still unique in the market – OK, that part was a sales pitch. For organizations that are very concerned about security breaches, it’s good to know that our conceptClassifier platform runs in real time.
The content optimization solution identifies redundant, obsolete, or trivial (ROT) content, along with duplicates and versions of documents, but it goes far beyond the basic cleanup of content. The process will identify any data privacy or organizationally-defined sensitive information, undeclared or erroneously tagged records, and compliance exceptions. These additional capabilities enable organizations to identify sources of risk, some of which were unknown, and significantly reduce the amount of content to be migrated, as well as decrease the required server footprint.
Back to our blog. How do we start? There are several different approaches, ranging from addressing only one issue or looking at the big picture. I think you get more bang for your buck if you take an enterprise approach. Focusing on only one issue is unlikely to have an impact on the rest of your content. One approach is to focus on three components:
- Letting information govern itself
- Automating the process
Alan Pelz-Sharpe, founder of the research and consulting firm Deep Analysis, suggests creating a heat map of the highest priority information governance issues. Although I would recommend first generating an inventory of information assets, to gain an understanding of what data you actually have and where the risk is. If nothing else, it is confirmation that you are focusing on the right area.
Creating a heat map identifies the information that is most at risk, the size of the problem, and impact priorities. For example, an organization would be likely to address privacy exposures, and either perform remediation or move them to a secure repository and prevent download. On the other hand, content such as marketing data may be a lower priority so would not need strict governance.
The second component is to let information govern itself, which simply means that every piece of information is not equal, and it is difficult to manage everything well. Information such as contracts are important but email requests for vacation days are not. That is why it is useful to identify the most important types of information, define simple and defensible rules around the information assets, and apply automated rules to those assets, including retention, disposition, compliance, access, and discovery. The final part of this step is to monitor, audit, and adjust the rules as needed, to support the enterprise mission and meet compliance requirements.
The third key element is automation through process. Because information does not live in a void and business processes interact with information, a significant amount of effective governance can be achieved by applying simple, automated, and defensible rules. We recommend our conceptTaxonomyWorkflow component be used after an inventory of content has been generated. This is an easy-to-use, interactive, rule building capability, designed for those business professionals or IT teams with no application knowledge. Enterprises should include workflow governance controls in the process design to allow the system to drive implementation rules, keeping in mind the many benefits of automation, including reduced risk, greater consistency, and decreased operational overhead.
There will come a time when you have to implement some form of information governance. All entities suffer from a glut of information, and this isn’t going to get any better. How you approach information governance should be aligned with your business strategies and any moves towards digital transformation.