6 Information Governance Best Practices
Information governance can streamline an organization’s data management, reduce storage costs, and ensure compliance, all of which are critical to content management.
To ensure proper content management, organizations must have acceptable use controls, permissions, and policies for data assets. However, as organizations rely more on cloud storage to streamline remote access to content amid the pandemic, content management professionals should re-examine their information governance policies. Best practices, such as forming a committee, accounting for collaboration tools, and creating reports, can guide the way.
What is Information Governance?
Information governance is the strategy organizations use to manage access and control their digital assets. An organization may store its information in a file server, intranet site, cloud storage service, or enterprise content management platform. Information governance policies describe the processes, people, and technology that organizations need to meet their compliance requirements.
What role does information governance play in content management?
Information governance provides the essential requirements to ensure that organizations implement appropriate permissions and content policies. These guidelines are critical to how organizations manage content and achieve compliance goals.
6 Information Governance Best Practices
Successful information governance starts with a plan. The following best practices can help organizations implement an effective information governance strategy for hybrid workforces.
1. Form a committee of key stakeholders
Implementing an information governance plan requires collaboration between business and IT employees. Given its impact on who can access what information and how data is managed, people from human resources, legal, compliance and IT and other key stakeholders should form a committee. This committee can define the objectives of the plan.
2. Define business and compliance requirements
Organizations must adhere to industry-specific regulations. Therefore, not all organizations need the same sets of data access rules and retention policies. In the early stages of planning, information governance committees should identify their organization’s specific requirements. In healthcare, criteria may include classifying data based on its content and whether it includes protected health information. For other industries, such as the legal sector, content classification revolves around customer information. Every organization is different and has its own unique business and compliance requirements that organizations should identify.
3. Update policies for remote work
Before the COVID-19 pandemic, organizations typically stored data in servers and enterprise content management systems. Amid the pandemic, however, an increase in remote working has required organizations to generate data in different locations. For example, more and more companies have turned to cloud storage with wider distribution of content across different environments. Remote workers are generating new types of content, such as recorded meetings, instant messages from collaboration tools, and documents stored in cloud systems, such as Microsoft OneDrive, Dropbox and Box. Organizations need to adjust their information governance plans to account for this content.
4. Describe key governance plans in policies and standard operating procedures
Effective information governance requires content management professionals to do more than implement software policies that limit access to content. They must also define the processes and procedures to be followed by business users. HR or compliance teams should help enforce the rules. Their involvement can help support key information governance policies as they can hold users who do not follow the procedure accountable.
5. Set reports and alerts to monitor compliance
Once an organization has its content policies in place, it should set specific alerts and reports to maintain visibility of end-user policy compliance. These reports and alerts may contain lists of per-user policy violations, content removal, creation of sensitive content, or external sharing of confidential data. The information governance plan should also include instructions on how to handle these incidents.
6. Continuously monitor and revise the plan
As an organization evolves, it should update its information governance plan accordingly. For example, if an organization adopts a new digital asset management system or enters a new line of business, the information governance team should review its policies and make any necessary changes.
Organizations of all sizes rely on information governance policies. Implementing these policies to define user boundaries around data access and controls supports an organization’s needs and protects its data. Management buy-in is essential, as this type of initiative is not just an IT project, but an enterprise-wide initiative to implement guidelines for the benefit of an organization.