Information Governance as a New Area of Investment - Essay Example

Briefing Paper: Information Governance Affiliation The content in this briefing paper is aimed at the Executive Board of this company with intentions of providing a feedback on a research carried out about Information Governance. As the board had previously considered Information Governance to be an area of potential investment, this paper will provide critically analyzed findings, possible pitfalls as well as the opportunities associated with it. In addition, it will give an insight as to what Information governance is as well as a solid reason for picking the specific field. With the information presented, the board will be in a better position to discuss and make a sound decision in regard to Information Governance as a new area of investment. Why Information Governance? Information management deals with the formation, preservation as well as the outlook of information. A company’s records can either be in form of a substantial, tangible item or digital data such as application data, e-mail and database. Historically, the lifecycle of a piece of information was considered to be from the point it was created up until the time of its disposal. However, in the past few decades, formation of data has escalated as much as the issues associated with its regulations and acquiescence, rendering the traditional method of records keeping unable to keep up with the pace. Consequently, the need for a more inclusive platform for organizing data and records became apparent so as to tackle every stage involved the information lifecycle (Hovenga & Grain, 2013). Therefore, the emergence of Information Governance was as a result of a failed traditional method of record management and the need for a better way of keeping information. Many forms of information governance have been introduced and embraced by many organizations, internationally, as they have proven to be more efficient and effective than traditional methods. For example, in 2003, England’s Department of Health launched the model of wide based information governance into the National Health Service (NHS). In addition, it distributed version 1 of an online performance evaluation tool alongside a supporting guidance. Currently, the National Health Service Information Governance Toolkit is used by over 30 000 NHS and associated organizations, backed-up by an e-learning platform that has over 650 000 users. Another example is the Generally Accepted Recordkeeping Principles (The Principles), introduced in 2008 by ARMA International. The Principles is meant to recognize the vital features of information governance, and therefore, apply to any size of organizations, all types of industries as well as both public and private enterprises. In addition, The Principles can also be used by international corporations in order to build a permanent practice across various business units regardless of their geographical position (Hovenga & Grain, 2013). Information Governance offers a wide range of solutions to organizations that use it as a tool for data management. There are various issues all enterprises encounter on daily basis in relation to information including lack of enough protection especially for crucial information. Information Governance provides an organization with an increased protection to its sensitive records, thereby, offering security and eliminating fear of data leakage to unintended persons. Many organizations also face difficulties in terms of accessing crucial enterprise intelligence in a timely way. The inconvenience can be linked with the disorganized traditional methods that result in time wastage before one gets hold of the information they are looking for. However, Information Governance attempts to address the situation by offering a well organized system that saves both time and energy when searching for any form of data, provided the details already exist in the system (Franks, 2013). In other cases, companies face difficulties especially when the need to share information with others or make decisions arises. It proves difficult trying to share information with others if the company still employs the traditional methods of records keeping or systems that are yet to be updated in ways that better serve the company. Information governance, however, tries to address such problems by making it easier for information to be shared, either within the same company or other organizations distributed internationally. In addition, considering the fact that data lifecycle, in the traditional set-up, is shorter and with lesser value as it ages, Information governance addresses that through increasing its worth throughout its lifespan. It does so through formation of links between current information and the older one. Lastly, another issue that companies face when managing their data is expenses and risks. Traditional methods tend to be costly as the use of non-digitalized methods requires more space for keeping tangible records and more materials for inputting them. However, the Information Governance system helps in cutting down such costs through offering platforms that require less space and material, through virtual space. Also, in terms of risk, it reduces risks associated with data management by only offering access to specific category of information to authorized persons only (Franks, 2013). In the contemporary information age, many businesses need protection for their most important resources such as company as well as client data. It is estimated that businesses lose billions of dollars annually due to data leakage, in addition to millions of fines that the government often imposes in case of compromising information. The losses do not consist of the irreversible harm caused to an organization’s reputation. Therefore, since it is inevitable for any business to suffer from such losses, the implementation of an efficiently working Information Governance system is always the best option. Not only does it assist companies CEO in deciding on ways of protecting their enterprise’s in the use of data assets but also aids legislators in designing legislations meant to hold companies responsible (Ibm, 2014). Also, it enables information management specialists in crafting inclusive and efficient records governance systems. Information governance surpass beyond the company data disposition and maintenance to include access controls, and privacy among other compliance issues. For example, in electronic discovery, pertinent records in form of electronically stored information enable attorneys to easily identify them and place them on legal hold. The information governance system determines how the data is stored and managed for electronic discovery in addition to providing a platform for justifiable disposition and conformity. Hence, information governance plays an important role in a given organization and if managed properly, the benefits can be numerous (Ibm, 2014). What is Information Governance? Information governance is a holistic method of managing business information through implementation of processes, controls, functions and metrics that view and take information as an important enterprise asset. It can also be defined as the design of decision rights and a liable framework that promote wanted behavior in the assessment, conception, use, storage, deletion and archival of information. It includes development, roles, principles and metrics that ascertain the efficient and effective use of information in allowing a business to attain its objectives. In addition, it enables organizations in obtaining insight and builds poise in company decisions and functions. It is also an approach that enables organizations in improving their data quality, formulate master views of essential entities, manage varied information throughout its lifecycle, guard sensitive records, and protect all enterprise records. Other definitions view it as an approach that determine how an enterprise’ information assets are governed so as to aid its achievements (Ibm, 2014). It ensures that compliance and risk problems are recognized and dealt with provided the information is needed. It is also a quality management framework for governing and guarding important information assets across a firm with an objective of ensuring that information is administered in accordance with an organization’s beliefs and values. Moreover, it superimposes the procedures involved in data management with a set of balances and checks directed to advancing the quality, consistency, security and integrity of a business’s information assets (Ibm, 2014). The scope of information governance is data governance in which companies are more protective and require more protection over their data assets as compared to other assets owned. The reason behind that is mainly because it is difficult to recover lost data and most information is rarely insured unlike other company assets that can easily be replaced. In addition, depending on the level of sensitivity of the information lost, companies face a much bigger consequence on any lost data as unfavorable information can result to their utter destruction. Hence, the most universally data assets that are officially governed are customer followed by product. Nonetheless, some other general data assets that are regularly under the scope of the data governance include the vendors, employees, sites, warehouses, locations or plants and the general ledger. They make up the most important assets within an enterprise. The main focus of information governance is controlling the costs as well as the risks associated with an organization’s information (Keyser & Daintey, 2005). There are several principles and values necessary for an effective and efficient information governance program including accountability, transparency, integrity, protection, compliance, availability, disposition as well as retention. ARMA and AHIMA already introduced these principles which can be largely used by other organizations internationally. In accountability, it means that a liable member of a company’s senior management team is expected to supervise the information governance program. Moreover, he/she is responsible for overseeing the delegation of information management plan duties to all members. The senior leader is basically held liable for the entire program creation as well as its implementation (Keyser & Daintey, 2005). The leader is also expected to ensure that the business’s information governance matches with as well as supports the objectives and plans of the company. In addition, he/she accounts for making sure that correct resources are distributed in order to back up the program. Transparency is another principle that requires organizations to be clear when defining their management functions so as to ensure that the consumers are well aware of the correct information uses of their products (Ibm, 2014). A company’s information and record contains the most clearest and long-lasting proof of its functions, performance activities as well as its decisions. Normally, an information governance system comprises of its information control and information management processes and policies. Therefore, in order to ensure that the privacy of all interested parties is upheld, records indicating the information governance program must comply with the given essentials of information management. The documentation, hence, should encompass principles of program governance, procedures and functions carried out when implementing the system data, while at the same time remain available to the interested parties. Integrity is also an information governance principle which states that a firm’s ability to provide evidence indicating the authenticity of its information, its being timely, complete and accurate is very crucial. Hence, the company should adhere to its processes and policies provide effective employee training on information governance and management, provide a reliable piece of information. In addition, its records should be acceptable for litigation uses, admissible audit tracks and have information control systems that are reliable. Another principle is protection, whereby, organizations are expected to use a variety of means to ensure their information remains safe at all times. They can, therefore, achieve that by the use of key card access restrictions or user authentication among other forms of security measurements with every system having the ability to allow protection access control management (Keyser & Daintey, 2005). Moreover, there is the data loss protection issue in which firm’s encounters numerous unauthorized viewing of downloaded, uploaded, e-mailed or otherwise proliferated information. As a prevention measure from such unauthorized disclosures, companies are advised to put into place reasonable protective measures. Also, they are advised to undergo training on disposal procedures and rules, not to leave or dispose material containing private information at places that are accessible by unauthorized individuals or the public. Lastly, members are advised on providing authorization of disposal system, date, time and the liable person. Another principle is compliance that requires an information governance program to be built in a way that comply with the necessary laws, standards, regulations and a firm’s policies. Organizations are, hence, mandated to comply and adhere to the given laws and rules. Availability principle requires an enterprise to retain its information in a way that ensures accuracy, retrieval, timeliness and efficiency and comprises of backups, migration, conversion and metadata. The retention principle expects a firm to formulate an information retention plan while at the same time be aware of the regulatory, legal, risk, operational, historical s well s the fiscal necessities. Finally, the disposition principle states that the term is not confined to only mean destruction but also includes the permanent alteration of information rights such as transfer resulting from organization merge with other branches or organizations (Franks, 2013). One of the information governance models is the Information Governance Reference Model (IGRM). It offers a general, practical and flexible framework that assist corporations in developing as well as implementing successful and functional information management systems. The IGRM project main focus is providing helping matters relating to record management, line of business leaders, legal, IT and other corporate stakeholders within a company. The project aims at ensuring communication among the company’s stakeholders by offering a general language and reference for dialogue and decision making based on the requirements of the firm. An example of information governance framework is the DGI Data Governance Framework. It is a coherent structure for categorizing, arranging, and communicating intricate functions involved in making decisions about as well as taking action on enterprise’s data. ISO/IEC 38500 is another example of information governance framework in information technology field (Franks, 2013). It offers a framework for successful governance of information technology to help individuals at the top positions of companies. The assistance usually comprise of the comprehension as well as implementation of their regulatory, legal and also their ethical responsibilities in respect to their enterprise’s application of information technology. The project is formulated in a way that any size of organization can use it including government bodies, not-for-profit corporations as well as private and public firms. Therefore, it offers instructive principles to enterprise’s leaders on the successful, proficient and suitable use of information technology within their companies. Finally, there is the Maturity Model for information governance that enables the users to see clearly how effective information governance should look like. The model relates with the GARP information governance principles and also best qualities, a foundation of standards as well as the regulatory or legal necessities. The model not only focuses on the set principles but also define the elements of different levels of recordkeeping systems. In addition, in respect to every principle, the maturity model links different features that are distinctive for each of the five levels involved in the model such as sub-standard, in development, essential, proactive and transformational (Franks, 2013). Studies have been conducted by various organizations with attempts of identifying how organizations incorporate the use of information governance in their systems. However, a study recently done by American Health Information Management Association (AHIMA) revealed that institutions in particular, healthcare facilities need to advance their information governance. The body specialists indicated that most healthcare institutions have not yet come up with a comprehensive plan to govern  their records, which leaves it and them susceptible to numerous forms of risks (Smallwood, 2014). How an IG Program can be Designed, Implemented and Evaluated Information life cycle management (ILM) is an inclusive tactic of managing the flow of an information systems data and related metadata from the time of creation and initial storage to when it becomes unimportant and is deleted. The life cycle involves five phases including creation and receipt, whereby, the phase deals with data from their origin which can be from a company’s member. The distribution phase involves management of data once it has been received. The third phase is use, which occurs one distribution has taken place and now the information can be used in an organization for specific purposes. Maintenance is the fourth phase that involves the management of data such as filing, transfers and retrieval. The final stage is disposition that involves handling of data that rarely get accessed by the company members. The less frequently accessed data usually get transferred to a dormant account until any further action is necessary such as retrieval or discarding (Smallwood, 2014). Procedural practices that organizations should use in order to have effective information governance include having a balanced governance of information, whereby, the organization do not under-apply or over-apply information governance. An organization should also ensure that the quality of its information is great so as to avoid negative implications such as inaccuracy or timeliness when making decisions. Another practice is information access, whereby, an enterprise should increase data accessibility to all its members depending on their relevance with the information, though at the same time protecting it from harmful disclosures. It is also important for the people the information is intended to understand its meaning, hence data literacy (Smallwood, 2014). Effective management within an organization is essential for creating and nurturing a culture favorable to information governance. Developing the right culture is vital as it will mean, for example, that data is received and recorded at the right first time and at the right time. Therefore, coming up with a correct strategic plan that will enable the formulation of an effective information governance is crucial. In most companies, they opt for professionals specialized in creating such programs in order to omit any possibility of committing a mistake due to being involved with other activities within the firm. Information governance can also be used for helping individuals within various fields to learn as well as develop their knowledge in respect to their areas of specialization. The program is diverse and can be used in any business regardless of its size or geographical location. Therefore, its implementation in these organizations will provide an avenue for people to learn more about its significance among other benefits. A possible area that information governance can be implemented is in the politics sector, as most of the areas the system has been adopted is healthcare facilities and learning institutions. However, if the system was to be fully implemented in the political sector, citizens would be in a much better position of understanding the ongoing and actions taken by our leaders through the information accessible by every citizen. The enabling factor would be because the government has enough funds to proceed with such a project and the constraining factor would be because the government would feel threatened by such a project, hence, voting for it would be practically impossible. Implications for Organizations and Individuals Once an individual or an organization has implemented an information governance program, the expected outcome would be training everyone, within the organization, such that they are in a better position of understanding what is or is not expected of them. Afterwards, the senior managers responsible for overseeing the program should uphold the maintenance standard, for the better good of the entire company. Eventually, if all persons directly or indirectly using the program do it correctly, success is then guaranteed (Keyser & Daintey, 2005). If a company fails to implement information governance program, it faces many risks related to its information such as risks, costs, timely, in that, the probability of losing crucial data is higher. Also, the risk of having its data leaked to unauthorized person increases as well as costs for maintenance. In addition, lack of information governance means that time will be wasted when looking for needed information during decision making and it is also hard getting accurate information due to disorganized information format (Keyser & Daintey, 2005). References Franks, P. C. (2013). Records & information management). Hovenga, E. J. S., & In Grain, H. (2013). Health information governance in a digital environment. Ibm, R. (2014). Ibm information governance solutions. S.l.: Vervante. Ibm, R. (2014). Information governance principles and practices for a big data landscape. S.l.: Vervante. Keyser, T., & Dainty, C. (2005). The information governance toolkit: Data protection, Caldicott, confidentiality. Oxford: Radcliffe Pub Smallwood, R. F. (2014). Information governance: Concepts, strategies and best practices. Read More