How to Leverage Information Governance (IG)

Tuesday, June 11, 2019

In 2003, the UK’s Department of Health introduced the concept of broad-based information governance (“IG” for short) into the National Health Service (NHS), which was the first published version of an online performance assessment tool with supporting guidance. The NHS IG Toolkit, now known as the Data & Information Security Toolkit is used by over 30,000 NHS and partner organizations, supported by an e-learning platform with some 650,000 users. This was the first major IG initiative.

Fast forward to today and there has been a lot of buzz about information governance, particularly in state and local government, but what is IG really and what does this mean for you?

What Is Information Governance?

As originally defined by the NHS, Information Governance is to do with the way organizations “process” or handle information, covering personal information (relating to patients/service users and employees), and corporate information (financial and accounting records).

The central tenant of information governance is the management of content typically contained in records management software. This includes paper, electronic documents and multimedia in whatever structured or unstructured system maintains it – e.g. multiple records management, document management and enterprise content management (ECM) systems, shared drives, cloud files shares, departmental filing cabinets, etc.

Information governance also includes email management (both policy and archival), information / cyber security, information rights management (IRM), auditing (both security and information integrity), and compliance (both internal and external)

Information Governance Principles

Published by ARMA International in 2009 and updated in 2017, the Generally Accepted Recordkeeping Principles® is a high-level framework of good practices that is grounded in practical experience and based on extensive consideration and analysis of legal doctrine and information theory. Below is a high level summary of these principles:

Principle of Accountability: a senior executive (or a person of comparable authority) shall oversee the information governance program and delegate responsibility for information management to appropriate individuals
Principle of Transparency: an organization’s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate, interested parties
Principle of Integrity: an information governance program shall be constructed so the information assets generated by or managed for the organization have a reasonable guarantee of authenticity and reliability
Principle of Protection: an information governance program shall be constructed to ensure an appropriate level of protection to information assets that are private, confidential, privileged, secret, classified, essential to business continuity, or that otherwise require protection
Principle of Compliance: an information governance program shall be constructed to comply with applicable laws, other binding authorities, and the organization’s policies
Principle of Availability: an organization shall maintain its information assets in a manner that ensures their timely, efficient, and accurate retrieval
Principle of Retention: an organization shall maintain its information assets for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements
Principle of Disposition: an organization shall provide secure and appropriate disposition for information assets no longer required to be maintained, in compliance with applicable laws and the organization’s policies

ARMA’s IG principles have since evolved into the Information Governance Maturity Model.