principles of holistic information governance - presented to arma edmonton jan 15/14
DESCRIPTION
Principles of Holistic Information Governance (PHIGs) presentation for the January 15, 2014 ARMA Edmonton Chapter lunch event. PHIGs are a business centric way of looking at managing corporate information.TRANSCRIPT
Copyright © Christian Walker All rights reserved.
Principles of Holistic Information Governance
Chris WalkerJanuary 15, 2014
Information governance is about …
• Records• Security• Info architecture• Storage• Acceptable use• Etc.
GETTING STUFF DONE!!!
2Copyright © Christian Walker. All rights reserved.
Gartner defines information governance as the specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.
1. Information is an organizational asset2. Understand what you’re using information for3. Understand where it’s coming from and where it’s
going to4. Understand when you need it5. Understand who can and should be using it, and for
what6. Understand your social, regulatory, and compliance
obligations7. Understand your information related risks (too much,
not enough, disclosure, etc.)8. Understand how stakeholders are interacting with it9. With few exceptions, information has a finite useful
life10. Make someone accountable
Principles of Holistic Information Governance
(PHIGs)
3Copyright © Christian Walker. All rights reserved.
Information is an organizational asset
4
Belongs to the org – not the person Costs of acquisition, maintenance Value may depreciate over time
In aggregate, value may increase over time Information has REAL value
http://christianpwalker.wordpress.com/2013/10/07/i-cant-can-you-valuing-information/
http://christianpwalker.wordpress.com/2013/11/04/i-think-i-can-valuing-information-pt-2/
Copyright © Christian Walker. All rights reserved.
Understand what you’re using information for
Different orgs / depts can use the same info for different purposes
What does your info do?– Cause action– Help plan– Support decisions– Inform / educate / entertain
• Tie info to business process– Info not tied to biz proc, probably not needed
5Copyright © Christian Walker. All rights reserved.
Understand where it’s coming from & where it’s going to
Where are you getting your info & where are you sending it?– Internal or external– Social media– Cloud
Can you trust the sources? What will recipients do with it?
6Copyright © Christian Walker. All rights reserved.
Understand when you need it
• When do you really need it?• Is real-time really necessary?• What do you do when you don’t get it in time?• Stale information
7Copyright © Christian Walker. All rights reserved.
Understand who can & should be using it, & for what
• It’s about more than just security– Don’t give people info they don’t need– E.g.: don’t present travel / expense policies to
employees that don’t travel• Who can have or use it? What can they do
with it?• What’s the best way to get info to audience?
8Copyright © Christian Walker. All rights reserved.
Understand your social, regulatory, & compliance obligations
• What are your social, regulatory, compliance obligations
• Historical perspective• Multiple jurisdictions• Data sovereignty• Self-imposed / business vs. Statutory
– Most stringent wins?• Curator or Custodian?
9Copyright © Christian Walker. All rights reserved.
Understand your information related risks
• Too much or not enough?– Bad decisions or analysis paralysis?
• What if it leaks?• Legal, FOIP/FOIA/ATIP• Risk profile
– Probability of occurrence– Impact of occurrence– Litigation frequency
• Costs of mitigation vs. Impacts of occurrence• You can’t protect against everything
10Copyright © Christian Walker. All rights reserved.
Understand how stakeholders are interacting with it
• How are stakeholders interacting with it?– What kinds of devices?– Where are they accessing?
• Passive or active interactions?– Do your consumers become contributors?
11Copyright © Christian Walker. All rights reserved.
With few exceptions, information has a finite useful life
• Most information doesn’t last forever
• Get rid of it when you can– Legally defensible
destruction is only one aspect
– If it still has business value, keep it
• De-clutter, become info-efficient
12Copyright © Christian Walker. All rights reserved.
Make someone accountable
• C-level, single role accountability– Typical CIO focus is infrastructure
• ½-step below CEO, ½-step above rest of C-suite– Stakeholder input, 1 person
accountable• No room for bias
– Balance business objectives against compliance & risk
13Copyright © Christian Walker. All rights reserved.
Wrapping it up
• Time to switch– Risks -> Benefits– Cost -> Value
• Policies -> procedures -> education -> tools– Review & repeat as required
• It doesn’t have to be perfect, good enough is good enough
• Focus on business first• Balance business benefits against compliance, risk• Approach depends on org type & info type• Information governance is about getting business done
14Copyright © Christian Walker. All rights reserved.
Additional Resources
The Blog posts that started this– Principles of Holistic Information Governance– Policies First – Holism in Information Governance– Governance Sucks but Doesn’t Have To
15Copyright © Christian Walker. All rights reserved.
Get in touch …
christianpwalker1
Christian WalkerChris_p_walker
+1 780 270 5359
My Blog
Copyright © Christian Walker. All rights reserved.