If anyone ever asked me for a good resource on information governance one of the first places that I would point them to is Q&A TechTarget did with attorney and technology law expert Jeffrey Ritter entitled “Building an Organizational Information Strategy”. What I like about this article is that it succinctly addresses the what, who and how of information governance.

What is Information Governance

I offer a definition of information governance that is fairly simple. It has two components: Information governance is, No. 1, managing information by the rules that have been established to do so, and No. 2, creating the documentation of the manner in which those rules have been executed.

To build information governance today is to author a set of rules that enable us to leverage technology around digital information and be able to govern it so that we make better decisions, make fewer mistakes in business, and so that we can access the information where and when we need to.

Who Needs To Be Involved In Information Governance

The case can be made that virtually every department needs to be involved. But the reality is [that] unless you have senior executive leadership of the kind of reforms and evolution that information governance requires, it’s going to fail. To set the rules in place for how information is to be governed requires management leadership and management direction…

Bottom line: Everybody at the corporate board table involved with the governance of the organization needs to be involved, because they all have a stake in data quality.

How is Information Governance Accomplished

In order to apply rules to digital information, we have to give it a label — we have to be able to characterize what this information is in order to apply the rules. This has become challenging because we used to be able to manage our records based on the fact that it was a piece of paper labeled on the top of the page — it was pretty easy to classify. Today the same information may be distributed around five or six different databases, so it’s important to figure out how to collect and tag that information so you can follow the rules.

Information governance requires access and security controls, systems management, replacement policies, interaction with cloud, interaction with mobile devices. All of those are part of the rules. So, you need the management to lead, a way of classifying and the rules that then govern the information once it has been classified.