In the business world, the term ‘governance’ typically includes both the rules and the management (e.g. board of directors) that control the operation of a company. The presence of these controls is vitally important to the ongoing success of the organization, since they help ensure accountability and transparency to the stakeholders of the company. Extending that same governance concept to the data that your business creates and consumes can help to place some context around the idea of information governance.
How important is it to control the information within your organization? In some cases (like the Target security breach that occurred over the holiday season), lax controls can impact scores of customers and contribute to a public relations nightmare. Although the Target example is admittedly an extreme case, it underscores the fact that the information a business collects should be treated as a valuable asset and managed accordingly.
Getting started with an information governance effort can be a daunting task, but here are a few steps that companies of any size can follow to begin the process.
- Begin by undertaking an information inventory. An essential part of managing information is to understand where it is located. The goal of the information inventory exercise is to identify all the ‘systems of record’ for your business. During the inventory focus on answering questions like; “Where does the information reside? What format is it stored in? Who owns it? How is it created?” – then, document your findings. This inventory can be vitally important if data is compromised or your company becomes the target of litigation.
- After identifying where your information resides, meet with the owners to begin establishing a life-cycle for each data source that they oversee. Concentrate on identifying how long the information from each system needs to be retained and how it will be disposed of at the end of its useful life.
- Institute a process for managing the information life cycle – this will ensure that the data is disposed of at the end of its useful life. Disposal can mean anything from contracting with a secure document shredding service to implementing software tools that offer retention management for electronically stored information.
Here at Sherpa Software we develop award-winning tools that help our customers manage their electronic information. From our on-premises products that offer excellent monitoring and control of corporate email, to our SaaS solution that extends policy control and enforcement to SharePoint and the Windows file system, we are excited to discuss your information governance initiatives and show you how a Sherpa solution can help with your enforcement efforts.