News

Developing an information governance strategy: tips on getting started

Chris Maxcer, Contributor

Because information governance is a new and evolving discipline, getting started can seem particularly daunting – especially when information is in various states of cleanliness and consistency across an organization.

Requires Free Membership to View

Worse yet, new types of unstructured information aren’t waiting for a governance plan before bursting onto the scene.

With so many moving targets, information governance best practices may not all be applicable to an individual organization. But they can help a fledgling information governance team illuminate areas of opportunity and create both strategic and tactical plans, according to industry analysts.

“Picking the right place to start is difficult and also different for every organization,” said Barclay Blair, president and founder of consulting and professional services firm ViaLumina Group. But he added that an information governance strategy doesn’t have to begin with a mass remediation of existing content. “Many companies unfortunately do view that as the first step,” Blair said. “Given that it can feel like stepping off a ledge, it makes sense that their information governance projects are often paralyzed.”

Blair recommended that organizations focus at the outset on “building the environment they want to move toward.” The foundational elements of an information governance framework should come first, he said – for example, agreeing on governance policies, procedures and structures, plus a technology strategy to support them. Those elements then need to be put in place, both within the IT environment and the organization as a whole – a step that involves training and change management processes.

After that, content cleanup can be done “in an ordered and selective way” as the new policies and procedures are implemented, Blair said. That isn’t the end of it, though: Successful information governance is an ongoing process. “You’re never ‘finished,’” he noted.

Force-feeding an information governance strategy not a recipe for success
Blair and other analysts agree on one thing: that an information governance strategy needs to be customized to meet the unique needs of a company.

“The key recommendation I hear again and again from those who have been successful is, Don’t pick a governance program that has worked for someone else and try to force-feed it into your company,” said Rob Karel, a data management analyst at Forrester Research Inc. “If you’re a highly decentralized organization with lines of business that operate independently and have their own IT, building a mother-ship organization to tell all those decentralized lines of business what to do will never work.”

Instead, Karel suggested identifying governance advocates within each of the business units and getting them to work together on a cross-functional basis. Looking for similar initiatives that have worked in the past is also a good strategy, he said. For example, if your company has a successful data privacy program that cuts across all lines of business, model your information governance process on it. “Ride their coattails,” Karel advised.

Information governance plans that start off on the wrong foot often have something in common: a pitch that asks employees to change operating processes or give up something they use for the greater good. As a result, “information governance all too often starts from a position of conflict,” Karel said, adding that a better approach is to create a governance program “that solves for everyone’s priorities, not just one group’s.”

Getting everyone on the same page is where executive sponsors and steering committees come into the picture. “In the end, it’s not the front-line data governance team that figures out what’s a priority,” Karel said. “Their job is to build the business case and provide options based on business benefits and risk, and then let the executive steering committee make the hard decisions.”

Information governance strategy endgame: What are your business goals?
Another thing to keep in mind is the end goal of an information governance strategy. “When companies come to us and say they’re going to manage information better, there’s a question I always ask,” said Anne Lapkin, an analyst at Gartner Inc. Her question: “What material business outcome is going to be improved if you start managing information better?”

Clients often “look at me as if I’ve grown a second head,” Lapkin said. But, she added, information governance programs tend to fail if they’re too broadly scoped and don’t have clear goals or metrics for measuring performance. To get backing from senior executives and acceptance by business users, you must be able to show that a governance program will lead to specific business improvements – even, she joked, if the end result might simply be “that your CEO won’t go to jail.”

In a similar vein, Barry Murphy, an information governance consultant and CEO of the online publication eDiscovery Journal, recommended narrowing the field to get started on information governance. “Focus on a specific pain,” Murphy said, citing areas such as electronic discovery and compliance management where a well-designed information governance policy can provide clear business benefits while not bogging you down in an all-encompassing initiative.

Some companies hire consultants to do the job of developing an information governance strategy for them, a move that can backfire under the wrong assumptions.

“What you don’t want to do is have someone come in and set up your governance program for you,” Lapkin said. “They can help you set up the structure, but work on it with them as a blended team, shoulder to shoulder, so that when they leave you can keep going.”

There’s also the question of when and how information governance software enters the picture.

The answer depends on what kind of information management issues you’re looking to address, according to Lapkin. “If you have a master data management problem, there are tools for that,” she said. “If you have an access control or policy control problem or a records management problem, there are tools for that. [But] there is no one tool that does information governance – it’s too complex and multifaceted.”

Chris Maxcer is a freelance writer.