6 information governance best practices
An information governance plan ensures that an organization's content lifecycle meets compliance and business needs. Best practices can help organizations craft an effective plan.
Information governance can streamline an organization's data management, cut storage costs and ensure compliance, which are all critical for content management.
To ensure appropriate content management, organizations need to have controls, permissions and acceptable use policies for data assets. However, as organizations rely more on cloud storage to streamline remote access to content amid the pandemic, content management professionals should reexamine their information governance policies. Best practices, such as forming a committee, accounting for collaboration tools and creating reports, can guide the way.
What is information governance?
Information governance is the strategy organizations use to manage access and control their digital assets. An organization may store its information in a file server, intranet site, cloud storage service or enterprise content management platform. Information governance policies outline the processes, people and technology that organizations need to meet their compliance requirements.
What role does information governance play in content management?
Information governance provides the essential requirements to ensure that organizations implement appropriate permissions and content policies. These guidelines are critical to how organizations manage content and meet compliance goals.
6 information governance best practices
Successful information governance starts with a plan. The following best practices can help organizations implement an effective information governance strategy for hybrid workforces.
1. Form a committee of key stakeholders
Implementing an information governance plan requires collaboration between business and IT employees. Given its impact on who can access what information and how data is managed, individuals in HR, legal, compliance and IT and other key stakeholders should form a committee. This committee can outline the plan's objectives.
2. Define the business and compliance requirements
Organizations must adhere to industry-specific regulations. Therefore, not all organizations require the same sets of data access rules and retention policies. In the early planning stages, information governance committees must identify their organization's specific criteria. In healthcare, criteria may include classifying data based on its content and whether it includes protected health information. For other industries, such as the legal sector, content classification revolves around client information. Each organization is different and has its own unique business and compliance requirements that organizations must identify.
3. Update policies for remote work
Before the COVID-19 pandemic, organizations generally stored data in servers and enterprise content management systems. Amid the pandemic, however, an increase in remote work has forced organizations to generate data in different places. For example, more enterprises turned to cloud storage with wider content distribution across different environments. Remote workers generate new kinds of content, such as recorded meetings, instant messages from collaboration tools and documents stored in cloud systems, such as Microsoft OneDrive, Dropbox and Box. Organizations should adjust their information governance plans to account for this content.
4. Outline key governance plans in policies and standard operating procedures
Effective information governance requires content management professionals to do more than implement software-based rules that limit access to content. They must also define processes and procedures for business users to follow. HR or compliance teams need to help enforce the rules. Their involvement can help support key information governance policies because they can hold users who fail to follow procedure accountable.
5. Define reports and alerts to monitor compliance
Once an organization has its content policies in place, it must outline specific alerts and reports to maintain visibility of end-user policy compliance. These reports and alerts may contain lists of policy violations by user, content deletion, sensitive content creation or external sharing of confidential data. The information governance plan should also include instructions on how to handle these incidents.
6. Continuously monitor and review the plan
As an organization evolves, it should update its information governance plan accordingly. For instance, if an organization adopts a new digital asset management system or enters a new line of business, the information governance team should review its policies and make any necessary changes.
Organizations of all sizes rely on information governance policies. Implementing these policies to set user boundaries around data access and controls supports an organization's needs and protects its data. Leadership buy-in is key because this type of initiative is not just an IT project but a company-wide initiative to implement guidelines for an organization's benefit.