Armedia Presenting at ARMA InfoCon 2019: Records Management & Information Governance

Armedia Presenting at ARMA InfoCon 2019: Records Management & Information Governance

Arma InfoCom Information in Action Conference

Join Armedia and Alfresco at ARMA International’s ARMA InfoCon 2019: Information In Action!

Recent ARMA conferences have energized and emboldened the attendees as Agents of Change: agents to their own careers, organizations, and communities.

These Agents of Change learned how to boost their own value and influence in their organizations and how to optimize the strength and efficiency of their programs.

This year, attendees of ARMA InfoCon 2019 will benefit from the latest insights and innovations in this next step in our carefully designed evolution of learning, helping them put “information in action” in the most optimal ways.

ARMA InfoCon 2019, the profession’s premiere event, is designed and vetted by a diverse blend of information experts who not only know the latest best practices for leveraging and protecting information assets – but who develop and shape those best practices.

Find out all the other details here.

Vital Steps of an Information Governance Plan – Part 3

Vital Steps of an Information Governance Plan – Part 3

In this next blog, Part 3, I want to go over some important supporting topics for implementation, how this can speed up your progress for compliance and how an IGP can help you in other ways.

Information Access Points – Pull it Together in a Diagram

One thing that can help you speed up the IGP process and give you more control over all these different aspects is to map things out.

What you can look for is any and all access points from a document or piece of information from a staff member or the public. Map out all of these routes and you can see a network of who ‘touches’ what and where. Note who is supposed to be accessing and who is not supposed to be accessing information but CAN access it anyway, etc.

You need to know what is authorized and what is not fully secure for risk assessment. This may include a lot of conversation with your IT department. You may get to know them really well through this process, if not already.

information governance points diagram

This is just an example, find a way to visualize a map of your target topics to help you form a plan.

Each point of access in your mapping can hold potential for:

  1. New or updated vital record definition and risk management plans.
  2. Lifecycle mapping, updating requirements, and researching governance controls.
  3. Implementation of solutions to cover those requirements if not already reasonable covered.
  4. Possible redefinition or updated security permissions, access, and sharing.
  5. New or updated policies and procedures around “use of” and “access to.”
  6. Training on these new updates or even old policies in a new unit of time.
  7. Audit and continuity plans that need to be made if not already there.
  8. And, last but not least, Records Management controls that may not have previously been considered. For instance, adding metadata to content so it can be tracked or labeled for future disposition actions.

Cover Your Assets and Help Yourself in Many Other Ways

If there is anything that is a huge CYA on information management, that would be the IGP. But that is only if the plan is thoroughly covered, fully implemented, and kept up with. But truth is, it does a lot more than merely CYA! In addition to your agencies governance compliance requirements and security standards, it can also greatly help you with electronic content management solutions and implementation projects:

  • It can help you comply with Federal mandates, like the 2019 and 2023 mandates.
  • It can guide you for implementing NARA’s FERMI requirements.
  • It can help you elicit and complete proposals or bidding requirements when searching for electronic management solutions and tools.
  • It will help you implement standard business practices so that users are creating and using the content within the compliance framework and much more.
  • It can help you create compliant processes for end-users to automate their business actions.

Think of it as one large, high-level requirements and compliance plan. You can forever use your research and this IGP to guide you through the most important aspects from a paper to electronic solutions all over your agency.

Expanding your Knowledge

How is your level of knowledge when it comes to your agency’s systems and networks? This is important too. You need to know how they are laid out, permissioned, and secured. Most records managers are familiar with how their data is being backed up, but do you know the access to these networks?

  • Do you have an Active Directory or an LDAP managing your users?
  • Does it manage permissions to content on the various points of information access?
  • All systems? Or just some systems?
  • How is it laid out?
  • Who manages this?
  • What are the processes?
  • Are there any policies in place?

What is in place in your agency for policies regarding Rerecords Management, training, the security of information, sharing of information, remote access, etc., if any? You need to familiarize yourself with every policy your company currently has that discusses information governance. This can even include HR policies and financial policies that protect information or give guidelines for how information and document sharing is to be used in the company. You need to know what parts of the policy need to stay the same and what parts need to be updated and why.

Enterprise Content Management

ECM and Information Governance

If not already considered, you may need to invest in an Enterprise Content Management system (ECM) like Alfresco to help you actually implement a lot of requirements on the IGP. Some of you already have one and that is why you need an IGP and some of you will need an ECM to help you achieve compliance on an IGP.

Either way, making the IGP beforehand can greatly help you know what you need for an ECM. However, you also may need to change some detailed procedures, based on the ECM you choose. But, this policy can provide high-level requirements for:

  • What is the structure of the security and permissions for the points of access to the ECM?
  • Important content lifecycle information that can be extracted from your IGP that can help shape your ECM requirements.
  • Important information about metadata that can help shape your content model for the new solution.
  • Governance standards and record management control that can help you shape your requirements for the new ECM system or upgrade.
  • Support for migration — some information can be extracted from the IGP to help plan for migration.
  • The research you do for the IGP can be used to help make decisions in your ECM.

Implementation and Change Compliance

When implementing such a policy as an IGP, it is important you think all the way down the line to the users who will be actually doing these actions. Each section of the IGP must be analyzed with a mind to:

  • How? Literally, how will they apply this in the physical universe? Steps/actions users will take to apply this?
  • You need to know the ramifications so you can fully understand the possible risks and how to manage expectations.
  • Is this actually doable, enforceable as written?
  • What effects will this create if these policies are laid out this way, in that sequence, etc.?
  • Did you give them deadlines? Are these deadlines feasible? Is there anything that the deadlines ‘did not take into account’? (like major transitions, projects ending, mergers, other major business events that can interfere with these timelines?)
  • Is it too high level? Is it too detailed?
  • What are the potential ways this will get implemented? Will it get misunderstood? What level of training and audit will be needed?
  • Do you have policies and procedures planned to cover each aspect smoothly?
  • What are users doing today; will this be a massive change and thus bring about user acceptance issues?
  • How can we campaign this so it is more palatable?

Truth is, there are always going to be issued with end-users and implementation. But if you do your homework and really plan out each section with:

  • Full knowledge of the activity of the department will affect
  • The potential ways this can get implemented and how much it will cost, what are the risks, etc.
  • Knowing the intentions and new direction of management
  • Keep in mind, “what is the greater good?” (meaning “what is best for the whole agency?”) Is it better to make everyone’s jobs easier? Maybe. Is it better to be compliant so the company and its information are safe? You just may be changing their processes, but it might be vital to do so. This is assuming that the change is important and necessary to the IGP and the company.

You may need to justify the changes or affects this will cause so that the majority of people can’t refuse the logic of the change. Lay out training to help with this and remember the more communication the better. Tell every one of your plans throughout the research and discovery phase of this IGP. Once it comes to their department for implementation, users will already know that it is coming. Just keep stating your case – management at this stage should understand and have your back. If not, that is another campaign but I hope by this time you already ran that one and got the support you need!

Managing Expectations – Communication is Key

One thing that has helped me along the way is managing expectations. This is always a large topic on any project. Everyone sees things differently. Getting everyone “on the same page” can be one of the biggest hurdles. Remember when I said to ‘communicate more and more’? It is true, the more you communicate your intentions, goals, plans, procedures, eventually, your communication will sink in and the “understanding” gets better and better.

People who do not understand, often make fun of or flat out refuse to do things. They can also say they ‘will do it’, but since they don’t fully understand, they will not actually do it. Thankfully, there are some who will tell you they don’t understand, and you can fix that much easier. However, no matter the mix, the more people who understand you, your goals, and why this is important, the more compliance you will get.

Expectation” is defined by the Google Dictionary as “a strong belief that something will happen or be the case in the future” Or “a belief that someone will or should achieve something.

It is basically a prediction! Users can predict that something is coming down the line, see better what the plans, purpose and future actions are, and include themselves in the mix and PLAN for this occurrence.

Stakeholders need to be able to:

  1. Understand the words coming out of your mouth/in writing
  2. Hear it over and over again, in order for their expectations to be closer to your own – if not the same
  3. Agree with the plan, at least somewhat, or decide they will comply regardless.

Communication is key, but you have to consider the following:

  • You must have their attention so that communication is willingly received (simple but sometimes missed!).
  • Communicate clearly so they can receive it easily (clear, short and simple terms).
  • Communicate a lot about it, you may need to repeat yourself several times.
  • Ask them to repeat what you just told them back to you (this is extremely helpful and if you can find a way to do this without making them feel like you are being condescended, then it can really show you who understands).
  • Communicate enough Don’t tell them a small fraction of information and then expect full understanding; don’t leave out important factors that could majorly affect them but also not too much as to overwhelm them with the information they don’t need to know.
  • Communicate to the right people, in the right sequence. You may need to go from the top down, or up through the chain of command and back down the other side, etc.
  • Answer people’s questions, acknowledge their concerns, keep notes.
  • Be ready with charts, diagrams and supporting documentation for those who learn in more visual ways.
  • Try to fix confusions and misunderstandings as fast as you can. You need to look for them and try to find the disconnect or disagreement. The disagreement may be legitimate — you may have something wrong on your end. You might need to compromise; keep an open mind for your own improvement as well.

communication is key for Information Governance

You may be speaking clearly but they may not be understanding you FULLY. Actual duplication of ‘what you are trying to say’ or ‘what is needed’ is what you are looking for.

Logistics of a Successful Project

Most Project Managers are aware of the need for pre-planning logistics. This is another vital part of doing an IGP. You will need to know the answers to the following:

  • How much of a gap is there from the current scene to the ideal scene?
  • How much work, hours, and resources will it take to go from the current scene to the ideal scene?
  • What is the desired timeline? Do you have any deadlines imposed by governing bodies, mandates, audits, laws, leadership or legal counsel?
  • What is the realistic timeline considering the available resources (funding and personnel, etc.)?
  • What resources do I need in order for this to be successful?
  • What resources do I have available to me and for how long?
  • What is the gap between the above two bullet points?
  • Possible risks involved in timelines, funding, and resources?

Putting together a project schedule, approach and risk assessment are going to be vital for an IGP to stay on track and eliminate risks as best you can before they happen so you can plan for them.

Knowing the basics of Project Management will help you implement a successful IGP. You don’t have to be a specialist to implement an IGP, however, I suggest that you do some research on the basic steps and key aspects of Project Management so your bases are covered:

  • Project Initiation & Planning
    • Scope
    • Budget
    • Timeline
    • Resources
    • Risks
    • Dependencies of successful implementation
    • GAP Analysis
    • Feasibility study
    • Project Plan
  • Project Execution
    • Implementation of the IGP to completion.
    • Deliverables for this IGP mapped and completed.
  • Project Monitoring and Control
    • Change Control as needed through the IGP project.
    • Reporting for the IGP project.
    • Quality Control for the IGP project.
  • Project Closure
    • Closure reporting and monitoring.

To recap what we’ve learned in this 3-part blog series:

  1. What is Information Governance is and why you need it
  2. Get to know your agency very well
  3. Make the decision and solidify your purpose for an IGP. Management should be on board at this point. Get the support from leadership that you need.
  4. Make an IGP Team
  5. Be aware of the 5 Phases of the IGP:
    1. Research
    2. Draw up the plan
    3. How to implement; start your draft IGP
    4. Implementation and Change Control
    5. Audit and Monitoring
  6. Know what needs to go into your IGP Document
    1. Introduction, purpose, goals, mission, etc.
    2. High-level requirements and scope
    3. Project plan and team
    4. Project compliance
    5. Policy and procedures
    6. Training
    7. Audit and monitoring
    8. Disaster recovery and business continuity
    9. Definitions
  7. Use diagrams that help you map out access/control points
  8. Think about how things will actually get implemented; make it possible and add realistic targets
  9. Use the IGP for overall access, control, security and other governance requirements on all sorts of projects and policies. Let it guide your organization to compliance in all areas.
  10. Use an ECM to help forward your IGP compliance and support.
  11. Manage expectations and remember that communication is the key.
  12. Managing the logistics to be sure you identify risks early to your project plan.

Good luck! Let me know if this was helpful or if you have any feedback.

Thank you for reading!

P. S. For your convenience, here are the links to the blog series:
VITAL STEPS TO DEVELOP AN INFORMATION GOVERNANCE PLAN – PART 1
VITAL STEPS TO DEVELOP AN INFORMATION GOVERNANCE PLAN – PART 2
VITAL STEPS OF AN INFORMATION GOVERNANCE PLAN – PART 3

Vital Steps to Develop an Information Governance Plan – Part 2

Vital Steps to Develop an Information Governance Plan – Part 2

In this next blog, Part 2, I want to go over the phases of the IGP and what goes into the IGP document. Please be sure to read the first part of this three-part blog “Vital Steps to Develop an Information Governance Plan – Part 1”.

Phases of an IGP

  • First Phase: Gather all the information needed. What is in place already, know your agency’s needs, inside and out. Get proper justification for an IGP and get the support from leadership if not obtained already. Come up with a high-level plan for the plan – what do you need to gather to go in your IGP? You have to start somewhere, and that is “what is ALREADY in place?” Whether good or bad, you need to know what is being done today with regards to information governance and all its policies, access points and personnel.
    • Start your IGP Project Plan: What is the scope of this IGP project? What are your resources? What are the timelines and risks?
    • Create an Information Governance Diagram: This can help you sort the data you have gathered thus far and put them into the main sections of your Information Governance Plan. Mapping this out can help you see the high-level areas that make up your IGP and you can use this in your plan, some examples can be:
      • Records Management
      • Information Rights
      • Information Security
      • Email Management
      • Audit

Information Governance plan phases

  • Second Phase: Start drawing up the plan document itself. Create the IGP Document draft (see sections below). Sometimes it helps to start the document even before you “know all you need to know” – it can help you find areas you didn’t think about and structure the rest of your work. So, don’t be afraid to just start a draft policy and add sections to it that you need to iron out later.
  • Third Phase: Work out how it will be implemented. Do you need a phased approach? Do you have all the info you need in order to complete the document? No? How can you get this information and what is your approach? In the Third phase you may or may not complete the document, but your key research points should be visible and the sections of the document that you need to finalize should be clear.
    • You may need to draw up the policies that are going to be implemented before the IGP is complete, so take that into consideration. Sometimes the low-level policies need to be implemented earlier than the IG, so that could also be a part of this phase.
    • You may also need to dig into every department and find out how implementation will affect that area and what the risks are. This is where a phased approach can help ease yourself into the implementation for each area.
  • Fourth Phase: Your document is complete, and you have a solid implementation plan in place. Start to roll out your implementation (if not already started in phase three above). This can be conducting training and continuation of the policies that need to be created or applied.
    • You may need to help each department get over the hurdles that this will entail. There may need to be meetings that support the cause and push understanding for smoother implementation.
    • Each department may need its own pilot or phased approached as discussed earlier. You may need to make a different plan for each area (with the help of the whole team and the department head).
    • You will need to have an agreement on how changes will occur and how to switch gears depending on feedback from the implementation. You may find that something is lacking or that design or policy is in need of re-vamping. Have the team decide on the changes and their risks. Updating the plan, sub-policies, training, etc., may be needed.
  • Fifth Phase: Audit, Monitoring: You will need to conduct audits for continued process improvement. You may find all sorts of errors or bottlenecks that need to be corrected in your IGP. This is a learning process and it takes time. You need to have a solid plan for monitoring and then follow up with it. This may even entail a completely different set of team members in each department unless you have the luxury to have Records Custodians/Coordinators in each area; they can be very useful for this type of monitoring.
    • Look into what your margins were, your ‘success criteria,’ and see if you are meeting the marks. Do you have good reports and statistics that help you determine if you are meeting your desired goals? Are they helping you audit your project? If so this should help you determine how things are going.
    • Analyze what was done or not done and come up with a plan to correct it. It might be a change to the policies or IGP or it might be training and employee correction.

What Goes IN the IGP?

what goes in the IGP

Now, let’s dive into the “meat” of the IGP document. This can greatly vary from agency to agency.

At a high level, your IGP might include the following:

1. Introduction, Purpose, Goals, Mission, etc. Spell out why this document is here and why it is needed. You can even add some details of the “current issues” that this policy is trying to solve or you can just add its purpose and milestones. Adding in metrics for success can also be very successful in keeping everyone’s “eyes on the mountain.”

Note: Depending on the scope, these may differ from your “Project Plan.” The IGP may be more a high-level guide for information assets agency-wide, whereas a Project Plan will go over specifically how to get the IGP completed and implemented. The Project Plan may only be directed at the IGP project team, whereas the IGP itself will be for everyone.

2. Requirements and Scope. This could help focus the attention of the reader as to what this IGP will be applied to or focused on. You may have an agency-wide IGP or maybe specific IGPs for certain entities. Including what regulatory and governance compliance you are aiming for is a must. It can help you focus the rest of the document as well.

Keep in mind the following ERM Requirement Categories from NARA, as discussed earlier:

  • Capture
  • Maintenance and Use
    • Disposal
  • Transfer
  • Metadata
  • Reporting

These sections can help guide you in the scope of each asset type that is being governed. For instance, in your IGP you may want to manage electronic documents. In order to successfully manage all electronic documents, you will need to govern these areas, to some degree, so you can capture this in your IGP.

3. High-Level Project Plan and Team. This can be everyone on the project team and what the activities and actions are going to be from the Project Management perspective on a high-level basis. You don’t have to get into major details about the IGP Project, like a communication plan or a schedule; that would be better suited for the Project Plan if you make one.

4. Project Compliance. This can include how things will be implemented. Will you need to do this departmentally or roll it out in phases? What are the expectations of the staff? What are the steps for Change Control? How will implementation be structured? Part of the compliance is adhering to the policies and procedures – this section may need to include “why all these policies?” and “how are you going to achieve the purposes and goals of Information Governance by applying these policies?” Keep in mind your audiences – what is better suited for the project plan vs. what should be for everyone’s knowledge in the IGP?

5. Policy and Procedures. This may include the in-place policies and procedures or new policies and procedures that will result from this IGP or are the basis of this IGP. Most of the time, the IGP itself is too high level so you may need to have detailed supporting policies and procedures. The IGP can give a direction and a guideline for these policies. Policies/Procedures/User Guides that may need to be included for this section are:

  • Email
  • TXT/IM’s and Social Media
  • Records Management:
    • Lifecycles
    • Retention Schedules and implementation
    • File Plans
    • Legal Hold Procedures
    • FOIA/Record Requests
    • Disposition (Destructions & Transfer procedures etc.)
  • Taxonomies
  • Naming conventions
  • Content models
  • Security models and role-based access controls
  • Network maps
  • Back up plans
  • Disaster recovery plans
  • System design documentation
  • Privacy & information sharing
  • Social Media, Instant Messaging, Mobil Device plans
  • Reports/reporting
  • Training & schedules
  • Audits
  • Capture, scanning or conversions, etc.
  • Hard copy records plan and retrievals
  • Storage facilities
  • System user guides

6. Training. How will the training be conducted? When? What’s the frequency and what are the topics? How will the policies and procedures be covered for everyone who needs to know them? Some people may say you don’t need this in the IGP. And that is OK – it can all be covered in a separate training policy/plan. Just think about “what is important for your agency?” If you need a more elaborate, separate policy/plan for a training approach then add it to the list of policies that you need to support this IGP.

7. Audit and Monitoring. Add how you will be auditing this plan, as well as the regulatory audits that your agency is subject to that affects the IGP and the users on the subjects of the IGP. You may also need to discuss the reporting needed here to assist in the monitoring and reporting so that those requirements are clear as well.

8. Disaster Recovery and Business Continuity. How will these different areas be covered in a disaster? What are your back-up plans? Make sure to do research on this, you may have 2-15 different types of disaster recovery plans based on the different types of content and their locations, etc. You may need separate policies/procedures for these, but they can be covered, in general, in the IGP.

9. Definitions. “Understanding” and “communication” are the most important things when conveying any policy. So, when trying to implement your IGP it is important that you have a place to explain any misunderstood terms by adding a small Glossary and Acronyms section. (You can’t have understanding without communication, and you can’t have communication without words, so if those words are not understood, then you do not have actual understanding of your policies and procedures).

To Recap

information governance plan

Please be sure to read part 1 of this three-3 part blog “Vital Steps to Develop an Information Governance Plan – Part 1”.

To recap, in part 2 of this three-part blog we discussed:

1. Be aware of the Five Phases of Information Governance Plan:

  • Research
  • Draw up the plan
  • How to implement; start your draft IGP
  • Implementation and Change Control
  • Audit and Monitoring

2. Know what needs go into your IGP Document

  • Introduction, purpose, goals, mission, etc.
  • High-level requirements and scope
  • Project plan and team
  • Project compliance
  • Policy and procedures
  • Training
  • Audit and monitoring
  • Disaster recovery and business continuity
  • Definitions

Also, please be sure to read the third part of this three-part blog, “Vital Steps to Develop an Information Governance Plan – Part 3”. The third part of this blog will go over:

  1. Using diagrams that help you map out access/control points.
  2. Determining how things will actually get implemented.
  3. Setting possible and realistic targets.
  4. Using the IGP for overall access, control, security, and other governance requirements.
  5. Managing expectations.
  6. Why communication is the key to success.
  7. Managing the logistics to be sure you identify risks early to your project plan.

Good luck! Let me know if this was helpful or if you have any feedback.

Thank you for reading!

P. S. For your convenience, here are the links to the blog series:
VITAL STEPS TO DEVELOP AN INFORMATION GOVERNANCE PLAN – PART 1
VITAL STEPS TO DEVELOP AN INFORMATION GOVERNANCE PLAN – PART 2
VITAL STEPS OF AN INFORMATION GOVERNANCE PLAN – PART 3

Vital Steps to Develop an Information Governance Plan – Part 1

Vital Steps to Develop an Information Governance Plan – Part 1

Today, I wanted to dive into a topic that I don’t see many people writing about; Information Governance Plans (IGP) and how to initiate one. In this three-part blog I will discuss what the vital steps are to create an IGP and how to keep you on track for successful implementation.

vital steps to develop IGP

 

We’ll address the following questions:

  • What is Information Governance?
  • Why is it important?
  • Who is responsible for an Information Governance Plan?
  • What do you need to know in order to create an IGP?
  • What must you keep in mind throughout the IGP process?
  • What are the five stages to initiating an IGP?
  • What are the pain points of implementing an IGP; what are the pitfalls?
  • What are the sections and topics that can go into an IGP?
  • What do I need to know in order to be successful in implementing an IGP?
  • What is the key to getting compliance in an IGP?
  • Why is Project Management important for a successful implementation of an IGP?

Critical Knowledge

In order to embark on the IGP path you must understand these two critical components:

  • What Information Governance is and why you need it
  • The intricate details of all the information requirements and layout of your own agency

Number One

For number one above, there are many good books and blogs on the topic. One of my favorites is “Information Nation: Seven Keys to Information Management Compliance” by Barclay Blair and Randolph Kahn.

Also, you need to gather all of your agency’s issues and risks that surround information governance in your agency. This can require some digging, but chances are you already know something of the risks and issues on your plate, that is why you are reading this blog. Most of what you might run into is being caused by not enough control, metrics, policies, or training in place around the agency’s information assets.

Things that are very helpful to know are:

  1. Why do you need an IGP?
  2. What are the different facets of Information Governance?
  3. What goes into the plan documentation?
  4. What are the pitfalls and risks?
  5. What are the benefits?
  6. What it is actually like to implement an IGP, and not just “on paper,” but in real life scenarios.
  7. What must you keep in mind? How can you set correct expectations?

Number Two

For number two above, if you have spent a good amount of time at your organization then chances are you already know a lot of the “ins and outs” of the day-to-day activities and how information is captured, managed, accessed and disposed of.

But if you are a new member to the team, then you need to really dive in and learn a lot about these aspects. What is in place today? What IGP initiatives have been started in the past, if any? What are the policies and how are things being run?

You need to know the staff layout, departments and structures, the projects, the internal and external governing policies, etc. If you are a Records Manager, this is most likely in line with your job description already. Ask questions like:

  • What is our mission?
  • What are we producing?
  • Why are we producing it?
  • Who produces what?
  • What information assets are the result of all this production?
  • What are the vital records and do they have a back-up plan?

Start with the basics, of course. Soon you will be putting together a plan that could potentially change the way things are managed today, so you need to know your agency very well in order to make such changes smoothly.

Also, a word of advice, if you are new to the agency: You need to make yourself known. Let everyone know who you are and what you are there to do. You don’t need to be “popular” but you need to be “known” far and wide, since your goals will include everyone in the agency. If they don’t know who you are, and why you are there, they will not give you vital information you need in order to do your job or they may not accept/comply with your requests.

What is Information Governance and Why do You Need it?

what is information governance

Information Governance is the set of policies and procedures around the capture, control, and access of all your agency’s information assets.

The amount of electronic information assets today is astounding. Implementing a way to govern the safety, proper use and access to these assets falls under the topic of Information Governance.

This can be a whole network of requirements, plans and policies to govern your informational assets, including: documents, records, metadata, databases, hard copy records, statistics, and vital records.  It encompasses things like security, continuity, access rights, metadata and structures, retention schedules, audit requirements, content repositories, and disaster recovery plans.

The National Archives and Records Administration (NARA) has identified the following for Universal Electronic Records Management (ERM) Requirements Categories:

  1. Capture
  2. Maintenance and Use
  3. Disposal
  4. Transfer
  5. Metadata
  6. Reporting

These six sections can help you identify the stages most all content and information go through in order to compile a complete IGP.

Let’s Jump In

You need to make a decision. Decide WHAT you are doing this for and WHY must it be done. This must be a solid decision — you need to justify your project and actions even if you already have executive level approval. You will need to keep it in your mind and everyone else’s mind all along the way.

You are embarking on a big journey. Start with your own decision and then get more and more people on board with that vision. In the beginning, you may need to ask yourself some questions first:

  • What are your intentions with this program?
  • What are management/leadership intentions with this program?
  • What is the “Ideal Scene”? (What would be the ideal state for your agency with regards to Information Governance?) You may need to ask a lot of people to find out.
  • What is the current scene? What is the gap between the current scene and the ideal scene?
  • What has been done thus far on the topic of Information Governance?
  • What was successful? Why was it successful?
  • What was unsuccessful? Why was it unsuccessful?
  • How will you gauge your actions so that you know if the project is meeting its marks? Success criteria? What will the signs of success be?
  • What will the milestones be?

Keep an idea of reports and statistics that can help you monitor things along the way so that later you can look over the project and be sure you’re making progress and meeting your milestones.

Next, where do you start?! That is not extremely important but there is usually a “logical” sequence of actions. So, after you have your own purpose SOLID in your mind, AND you have mapped out the “existing scene” vs. the “ideal scene”:

  • Where are all your information assets? Physical locations?
  • What state are they in?
  • Who is managing them?
  • Why are they managed that way?
  • Who all are the heavy hitters on the Information Governance lines? Who are your “Cheer-leaders”?
  • Who do you need to meet with to get these questions answered?

You need to know the details of what you plan to manage in the IGP and who you will need help from to manage it correctly.

It is a Journey, Not Just a Policy

I was told once to “just put together an IGP fast.” This is, most of the time, not very realistic. The IGP is the result, the paper record, of what you need to research, what you need to do, what you have already done. It can be (typically), a living document and sometimes ongoing year after year, especially when you first start out.

It’s more like a standard way of life than a ‘policy.’ Not to make it sound like a mysterious thing, but it is something that takes a lot of research and decision-making and after the decisions are made it takes a lot of actions, steps, and carry-through to actually stick.

Sometimes a lot of what SHOULD go in an IGP has not even been dreamt up yet, let alone decided upon or known. And making such a document is not on one person’s shoulders. You need a whole Information Governance Committee to

  • Get all the information needed to support it, and
  • To make solid decisions on what you are going to do.

This is potentially a huge journey that you and your whole agency will be engaged in. From the employees doing data entry to the top executives, this IGP may have something to do with them.

Put Together Your IGP Avengers Team

information governance team

If you do not already have an IGP team, you will need one. One thing we all know we need is Executive Sponsorship. Yes, as always, the more executive/leadership cheerleaders you have on your side, the better! BUT you also need a team of key stakeholders that can “pull the weight” with you – it is not a one man show (unless you are a very small organization). These team members typically have a vital status  and a direct need for managing Information Governance. These IGP members can be:

  • Leadership Sponsor or Representative — You will need one or more sponsors, stakeholders, cheerleaders or supporters from management/ leadership that is fully on board with the initiative. The more the merrier, but you must have at least one.
  • Records Management Representative — Typically the Records Manager, this is a must and typically this person is the one spearheading the whole operation.
  • Information Technology Group –In addition to the IT Manager, you may need System Admins, DBAs, etc. I personally think the more the better. IT staff can carry a wealth of information and a lot of IGP’s are framed around some very technical concepts, so it is vital they have input to this IGP project.
  • HR Representative — There are lots of implementation and training actions that they need to be aware of. HR typically needs to be involved due to the high level of ‘end user’ involvement and security aspects, etc.
  • Project and Department Leads –They are very highly suggested however they have been harder to include at times due to their workload. Again, the more, the merrier. It is important that they know what is going on, because the IGP may heavily impact their daily routines and their staff. They also carry a wealth of information and give vital inputs to the project.
  • Legal Representative (General Counsel) –They are typically very busy but there are points where their participation might be vital. However, you can scale down their actions items so that they review and participate in the areas they are needed most, if they are unable to attend all of the meetings, etc.
  • Other –If you have/or can afford a Project Manager, Subject Matter Experts, and Business Analysts on this project then you are setting yourself up for even more success. Not everyone can afford them, but these roles may make or break an IGP in large corporations. You may also have other stakeholders with a lot of knowledge to add to the group, like training staff, audit staff, or financial executives that can help with audits and governance to federal, state, and local laws. Choose who you need at what time, and this may vary depending on the topic under discussion on the IGP.

For some helpful tips, see the whitepaper on “Creating an ECM Advisory Board and Program Charter” by Ronda Ringo on the Armedia, LLC website:

The top IGP team members that create a successful IGP project are:
1) Leadership level supporters
2) Records Management team
3) Information Technology staff

To Recap

In Part 1 of this 3 part blog we discussed:

  1. What is Information Governance, what is an Information Governance Plan (IGP) and why do you need them?
  2. Knowing your agency really well.
  3. Making decisions and solidifying your purpose for an IGP.
  4. Making an IGP Team.

Please be sure to read the second part of this blog, “Vital Steps to Develop an Information Governance Plan – Part 2”. The second part of this three-part blog includes:

  1. Be aware of the five phases of the IGP:
    1. Research
    2. Drawing up the plan
    3. How to implement; start your draft IGP
    4. Implementation and Change Control
    5. Audit and monitoring
  2. Know what needs go into your IGP document
    1. Introduction, purpose, goals, mission, etc.
    2. High level requirements and scope
    3. Project plan and team
    4. Project compliance
    5. Policy and procedures
    6. Training
    7. Audit and monitoring
    8. Disaster recovery and business continuity
    9. Definitions

Good luck! Let me know if this was helpful or if you have any feedback.

Thank you for reading!

P. S. For your convenience, here are the links to the blog series:
VITAL STEPS TO DEVELOP AN INFORMATION GOVERNANCE PLAN – PART 1
VITAL STEPS TO DEVELOP AN INFORMATION GOVERNANCE PLAN – PART 2
VITAL STEPS OF AN INFORMATION GOVERNANCE PLAN – PART 3

Opportunity Play in Records and Information Management

Opportunity Play in Records and Information Management

opportunity play in records and information management

Several years ago, while I served as an Adjunct Professor at Howard University School of Business, I developed a project-based learning course as requested by the Computer Based Information Systems Department Chair. Each semester, student project teams were given a real-world problem and asked to develop an IT solution based on new developments in industry or to address existing industry problems.

The projects varied from semester to semester. For example, one team took up the challenge of creating a prototype Electronic Medical Record Database. Another team worked on a software parking application and another team worked on an online ticket reservation system.

One team worked on something that is particularly relevant today. This particular team worked on building a prototype for the collection of Sales Tax from Internet Merchants, or more commonly known as Internet Taxation.

The project was born from the Mainstreet Fairness Act which later morphed into a Supreme Court ruling in 2018. Mind you, this student project was undertaken in 2006. Since that time, some states have acted upon Internet Taxation, most notably against Amazon and Wayfair, which drove the creation of new job development by the relocation or installation of new Data Centers. Why is this relevant now?

State Governments are leading the way in the adoption of Internet Sales Taxation. When you make a purchase now online, as I recently did with Wayfair, I see the Sales Tax calculated within the order. Some states and likely many others with a known Internet Commerce Entity operating (i.e., Amazon, Wayfair, Joss & Main, Hotwire, etc.) are making real-time decisions in their state assembly meetings as to whether to collect the sales tax for the seller or the receiver of the product or service.

At least 4 states have launched Internet Taxation plans as of January 1, 2019, including the state of Georgia, Iowa, Louisiana and Utah. In 2018, the United States Supreme Court rule in favor of the State of South Dakota against Wayfair, that a state may require a collection of sales tax by out of state internet retailers who sell product or services in the state.

A checklist was created to gauge the fairness of the application of the Sales Tax Collection called the “Wayfair Checklist” to ensure that the law was applied fairly to both out of state and in-state Internet product and service providers. At least 32 states are working to pass laws or regulations to require sales tax collection for online retailers that provide a type of internet-based commerce.

Impact on Records and Information Management

It represents a new phase in Electronic Record Keeping, this time focused at the dataset level for record inventory collection within the financial information systems that is responsible for calculating the tax, generating the component record associated with the invoice and finally the data warehouse to be used for revenue and tax recognition. A new search for records and information management opportunities could include “Internet Sales Tax Records”, “Digital Sales Records” or “financial information management for internet taxation”.

Most states will likely have to make some type of IT Adjustment to modernize their sales tax collection systems for the ability to collection Internet Sales Tax while others are likely being besieged by KPMG, Deloitte and other Big Six Consulting Firms. These guys come at a high price point and carry no more expertise than any other firm.

Perhaps years from now, the IRS may eventually be required to institute a federal level SSUTA (Streamlined Sales and Use Tax Agreement or some version of it) to support the financial health of the Federal Government and thus enter the game of internet sales tax collection.

The recent RFI released back in December by the IRS called for presenting awareness of essentially a case management tool that would support the Chief Counsel’s office at the IRS. It’s a given that many legal fights are pending and Legal and Financial Holds could be put on records’ components to respond to any contested Internet Sales Tax collections or resulting disputes.

Admittedly random thoughts, but given that the adoption of Blockchain is working its way through the states and some states are offering resident businesses the option of paying their tax via Blockchain transaction, it’s only a matter of time because the two (Blockchain and Internet Sales Tax Collection) are integrated into a single dataset and formally recognized as an official Federal, State or Local Jurisdictional business record.

The Records Management Professional team not only offers solutions in enterprise information management but we also provide thought leadership as well with current trends and potential impacts to electronic information management.