Today, I wanted to dive into a topic that I don’t see many people writing about; Information Governance Plans (IGP) and how to initiate one. In this three-part blog I will discuss what the vital steps are to create an IGP and how to keep you on track for successful implementation.
We’ll address the following questions:
- What is Information Governance?
- Why is it important?
- Who is responsible for an Information Governance Plan?
- What do you need to know in order to create an IGP?
- What must you keep in mind throughout the IGP process?
- What are the five stages to initiating an IGP?
- What are the pain points of implementing an IGP; what are the pitfalls?
- What are the sections and topics that can go into an IGP?
- What do I need to know in order to be successful in implementing an IGP?
- What is the key to getting compliance in an IGP?
- Why is Project Management important for a successful implementation of an IGP?
In order to embark on the IGP path you must understand these two critical components:
- What Information Governance is and why you need it
- The intricate details of all the information requirements and layout of your own agency
For number one above, there are many good books and blogs on the topic. One of my favorites is “Information Nation: Seven Keys to Information Management Compliance” by Barclay Blair and Randolph Kahn.
Also, you need to gather all of your agency’s issues and risks that surround information governance in your agency. This can require some digging, but chances are you already know something of the risks and issues on your plate, that is why you are reading this blog. Most of what you might run into is being caused by not enough control, metrics, policies, or training in place around the agency’s information assets.
Things that are very helpful to know are:
- Why do you need an IGP?
- What are the different facets of Information Governance?
- What goes into the plan documentation?
- What are the pitfalls and risks?
- What are the benefits?
- What it is actually like to implement an IGP, and not just “on paper,” but in real life scenarios.
- What must you keep in mind? How can you set correct expectations?
For number two above, if you have spent a good amount of time at your organization then chances are you already know a lot of the “ins and outs” of the day-to-day activities and how information is captured, managed, accessed and disposed of.
But if you are a new member to the team, then you need to really dive in and learn a lot about these aspects. What is in place today? What IGP initiatives have been started in the past, if any? What are the policies and how are things being run?
You need to know the staff layout, departments and structures, the projects, the internal and external governing policies, etc. If you are a Records Manager, this is most likely in line with your job description already. Ask questions like:
- What is our mission?
- What are we producing?
- Why are we producing it?
- Who produces what?
- What information assets are the result of all this production?
- What are the vital records and do they have a back-up plan?
Start with the basics, of course. Soon you will be putting together a plan that could potentially change the way things are managed today, so you need to know your agency very well in order to make such changes smoothly.
Also, a word of advice, if you are new to the agency: You need to make yourself known. Let everyone know who you are and what you are there to do. You don’t need to be “popular” but you need to be “known” far and wide, since your goals will include everyone in the agency. If they don’t know who you are, and why you are there, they will not give you vital information you need in order to do your job or they may not accept/comply with your requests.
What is Information Governance and Why do You Need it?
Information Governance is the set of policies and procedures around the capture, control, and access of all your agency’s information assets.
The amount of electronic information assets today is astounding. Implementing a way to govern the safety, proper use and access to these assets falls under the topic of Information Governance.
This can be a whole network of requirements, plans and policies to govern your informational assets, including: documents, records, metadata, databases, hard copy records, statistics, and vital records. It encompasses things like security, continuity, access rights, metadata and structures, retention schedules, audit requirements, content repositories, and disaster recovery plans.
The National Archives and Records Administration (NARA) has identified the following for Universal Electronic Records Management (ERM) Requirements Categories:
- Maintenance and Use
These six sections can help you identify the stages most all content and information go through in order to compile a complete IGP.
Let’s Jump In
You need to make a decision. Decide WHAT you are doing this for and WHY must it be done. This must be a solid decision — you need to justify your project and actions even if you already have executive level approval. You will need to keep it in your mind and everyone else’s mind all along the way.
You are embarking on a big journey. Start with your own decision and then get more and more people on board with that vision. In the beginning, you may need to ask yourself some questions first:
- What are your intentions with this program?
- What are management/leadership intentions with this program?
- What is the “Ideal Scene”? (What would be the ideal state for your agency with regards to Information Governance?) You may need to ask a lot of people to find out.
- What is the current scene? What is the gap between the current scene and the ideal scene?
- What has been done thus far on the topic of Information Governance?
- What was successful? Why was it successful?
- What was unsuccessful? Why was it unsuccessful?
- How will you gauge your actions so that you know if the project is meeting its marks? Success criteria? What will the signs of success be?
- What will the milestones be?
Keep an idea of reports and statistics that can help you monitor things along the way so that later you can look over the project and be sure you’re making progress and meeting your milestones.
Next, where do you start?! That is not extremely important but there is usually a “logical” sequence of actions. So, after you have your own purpose SOLID in your mind, AND you have mapped out the “existing scene” vs. the “ideal scene”:
- Where are all your information assets? Physical locations?
- What state are they in?
- Who is managing them?
- Why are they managed that way?
- Who all are the heavy hitters on the Information Governance lines? Who are your “Cheer-leaders”?
- Who do you need to meet with to get these questions answered?
You need to know the details of what you plan to manage in the IGP and who you will need help from to manage it correctly.
It is a Journey, Not Just a Policy
I was told once to “just put together an IGP fast.” This is, most of the time, not very realistic. The IGP is the result, the paper record, of what you need to research, what you need to do, what you have already done. It can be (typically), a living document and sometimes ongoing year after year, especially when you first start out.
It’s more like a standard way of life than a ‘policy.’ Not to make it sound like a mysterious thing, but it is something that takes a lot of research and decision-making and after the decisions are made it takes a lot of actions, steps, and carry-through to actually stick.
Sometimes a lot of what SHOULD go in an IGP has not even been dreamt up yet, let alone decided upon or known. And making such a document is not on one person’s shoulders. You need a whole Information Governance Committee to
- Get all the information needed to support it, and
- To make solid decisions on what you are going to do.
This is potentially a huge journey that you and your whole agency will be engaged in. From the employees doing data entry to the top executives, this IGP may have something to do with them.
Put Together Your IGP Avengers Team
If you do not already have an IGP team, you will need one. One thing we all know we need is Executive Sponsorship. Yes, as always, the more executive/leadership cheerleaders you have on your side, the better! BUT you also need a team of key stakeholders that can “pull the weight” with you – it is not a one man show (unless you are a very small organization). These team members typically have a vital status and a direct need for managing Information Governance. These IGP members can be:
- Leadership Sponsor or Representative — You will need one or more sponsors, stakeholders, cheerleaders or supporters from management/ leadership that is fully on board with the initiative. The more the merrier, but you must have at least one.
- Records Management Representative — Typically the Records Manager, this is a must and typically this person is the one spearheading the whole operation.
- Information Technology Group –In addition to the IT Manager, you may need System Admins, DBAs, etc. I personally think the more the better. IT staff can carry a wealth of information and a lot of IGP’s are framed around some very technical concepts, so it is vital they have input to this IGP project.
- HR Representative — There are lots of implementation and training actions that they need to be aware of. HR typically needs to be involved due to the high level of ‘end user’ involvement and security aspects, etc.
- Project and Department Leads –They are very highly suggested however they have been harder to include at times due to their workload. Again, the more, the merrier. It is important that they know what is going on, because the IGP may heavily impact their daily routines and their staff. They also carry a wealth of information and give vital inputs to the project.
- Legal Representative (General Counsel) –They are typically very busy but there are points where their participation might be vital. However, you can scale down their actions items so that they review and participate in the areas they are needed most, if they are unable to attend all of the meetings, etc.
- Other –If you have/or can afford a Project Manager, Subject Matter Experts, and Business Analysts on this project then you are setting yourself up for even more success. Not everyone can afford them, but these roles may make or break an IGP in large corporations. You may also have other stakeholders with a lot of knowledge to add to the group, like training staff, audit staff, or financial executives that can help with audits and governance to federal, state, and local laws. Choose who you need at what time, and this may vary depending on the topic under discussion on the IGP.
For some helpful tips, see the whitepaper on “Creating an ECM Advisory Board and Program Charter” by Ronda Ringo on the Armedia, LLC website:
1) Leadership level supporters
2) Records Management team
3) Information Technology staff
In Part 1 of this 3 part blog we discussed:
- What is Information Governance, what is an Information Governance Plan (IGP) and why do you need them?
- Knowing your agency really well.
- Making decisions and solidifying your purpose for an IGP.
- Making an IGP Team.
Please be sure to read the second part of this blog, “Vital Steps to Develop an Information Governance Plan – Part 2”. The second part of this three-part blog includes:
- Be aware of the five phases of the IGP:
- Drawing up the plan
- How to implement; start your draft IGP
- Implementation and Change Control
- Audit and monitoring
- Know what needs go into your IGP document
- Introduction, purpose, goals, mission, etc.
- High level requirements and scope
- Project plan and team
- Project compliance
- Policy and procedures
- Audit and monitoring
- Disaster recovery and business continuity
Good luck! Let me know if this was helpful or if you have any feedback.
Thank you for reading!
P. S. For your convenience, here are the links to the blog series:
VITAL STEPS TO DEVELOP AN INFORMATION GOVERNANCE PLAN – PART 1
VITAL STEPS TO DEVELOP AN INFORMATION GOVERNANCE PLAN – PART 2
VITAL STEPS OF AN INFORMATION GOVERNANCE PLAN – PART 3