Michael Wuestefeld-Gray, the Managing Director at WuDo Solutions, explains the framework needed to generate effective Information Governance for organisations
An information governance framework helps organisations manage their data and information, and ensures they are used effectively to meet needs and add value.
A good information governance framework will help you manage your information throughout its lifecycle. The best will put information security, risk management, and assurance of good information governance at their core.
Planning and Seeking accurate data analysis
An important part of any information governance framework, and one that is frequently overlooked, is planning. Planning is important because there are a number of costs and risks associated with collecting and managing information.
For example, when you identify a business need that may require new information to fulfil it, there may be a price for the data required. There are likely to be some costs associated with having it in your systems (and some data requires special IT systems to process it). Carefully evaluating the data you may need will help you ultimately decide if you are happy to accept these costs to meet identified needs. Only then are you in a legitimate position to seek the data you need.
Outcome: We know what data we need, what it’s for, and how and when we will get it.
Review and assess your data appropriately
The next step in the process is deciding whether to accept the data when it is received. You must ensure that what you get meets your needs, in terms of quality and risk. It must be what you have paid for. You should not be afraid to reject data that is inadequate because simply accepting it would mean you put the delivery of your underlying business objectives at risk. You are benchmarking what you got against what you planned for.
You should now be in a position to perform the analyses and create the products you need to fulfil your objective.
Outcome: Information received is on time and of the expected quality and risk-profile.
Exploit and manage your information
This is where you put your information to work, analysing it and generating the products that will address the reasons you obtained the information in the first place. This part of the framework also covers any instances when you may need to share or publish the data, or the products of your data analysis. Examples include disclosure under Freedom of Information legislation, publication as Open Data, or working with partners such as customers or suppliers.
Outcome: The right people have ownership of and access to the right information at the right time.
Archive or dispose of your unnecessary information
At the end of its life, typically when the business needs you sought information for have been met, you should decide whether to archive that information or delete it.
Retaining information has costs but it may be useful to repurpose or reuse information for future needs. Your decision about keeping information, and for how long, will be based on factors like cost, risk, and commercial sensitivity. Quite often, for example, if you use information from a client to create a product for that client they will expect you to destroy any information they have given you once your work is done.
Outcome: We are disposing of or archiving information at the right time.
Assurance, security and risk management
One of the main advantages of breaking down an information governance framework into the key stages set out above is that they enable assurance. If, for example, the information you obtain is not of the expected quality you can review why not, learn from it, and improve your processes. Similarly, if you cannot achieve the outputs you wanted with the information you obtained something has gone wrong. Assurance will help you work out what, and why, so it doesn’t happen again.
Similarly, security and risk management are overarching activities that support information governance throughout the information lifecycle. If, for instance, your business need required you to obtain and process sensitive personal information about people you would need to do a Data Privacy Impact Assessment before you get it – at the planning stage – to help manage risk.
Outcome: We have ensured and maintained appropriate information security and information risk management. We have evidence information management is robust and effective.
Building your framework
Underpinning each of the key stages of the framework should be process documents supported by corporate policies and templates. These will spell out what good looks like, and the key roles and functions in delivering information governance. It is important to remember that good information governance is an enabler of effective information use and the delivery of organisational objectives. A good information governance framework should be a practical guide for how people should treat information and manage it effectively. Crucially it should hold people accountable for the decisions they make and the actions they take to deliver your information governance requirements. Overall, your Framework should be a useful resource for anyone who needs to get or use the information within your organisation, whomever they may be, so be sure to write it with your audience in mind.
If you need help:
Visit WuDo Solutions If you want more guidance like this, help to build your skills, or support improving your existing information governance systems. Our team of experts will work with you to get you where you need to be.
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
More About Stakeholder
WuDo Solutions – World class governance expertise
WuDo Solutions provides world-class training and consultancy services in areas such as risk management, information governance, and conflicts of interests.