| | November 20159CIOReviewand acquisitions, multi-jurisdictional laws, management control, security and profitability all drive governance ­ but risk mitigation is the ultimate equalizer.Sarbanes Oxley (SOX), HIPAA, FERPA and other litigation control measures have been passed to rightfully protect the consumer. Organizations have had to invest in technology that is compliant with these measures to reduce the risk of breaching them. The same sort of measures will soon be applied to mitigate the risk of loss or exposure of our informational assets. A sound Information Governance platform and strategy will need to be implemented to provide organizations with the controls to measure the risk of­and defend against­lawsuit. This strategy will also work to audit and measure the value of informational assets as an organization's "worth" will soon stretch beyond financial, human and intellectual capital.FOUR STEPS ON THE ROAD TO INFORMATION GOVERNANCE1. Create a steering committee that includes representatives from every departmentThe first step is to create an Information Governance steering committee that will explore "informational silos" within a company and report on the policies that surround each. This committee must include representatives from departments across the enterprise to ensure that the rules, regulations and policies that cover the various areas are both represented and understood. This group will work together to build the Information Governance framework in which the managerial policies necessary to enforce IG compliance will be created. This steering committee must work closely with legal counsel to record and document all policies that affect the respective departments within an organization. Continuous reporting of the current content of those policies should also be regularly maintained for ready dissemination to all members of the committee. 2. Ensure that all information intended to be captured aligns with company agendaThe second step is to ensure that all information reported upon is aligned with the agenda of the organization. Here, an estimated timeline to implementation (including documentation) and a corporate communication plan can be created. Remember, this is the framework that will support a larger Information Governance system of record. Policy is now paramount, and the governance and execution of this policy should now be essential to the steering committee.3. Make certain that IG policies govern the information important to each department (destruction, retention, etc.) without sacrificing said content's securityThe third step is to make sure that the required components remain repository independent. Policies ought to cover the way information is stored, not the system in which it is being stored in. Just as ECM monitors content that makes up a transaction, Information Governance covers all data that makes up an organization. Technology must be in place to report on the condition of the content, and more importantly, it must be able to regulate the storage and destruction of said information.4. Explore software programs that offer interfaces into your business's various applicationsECM platforms have matured since the '90s. Today, they provide an open database schema that allows for insight into the transactional content it maintains. The fourth step is to explore IG software that offers Application Programming Interfaces (APIs) into your data infrastructure to allow for control, reporting and enforcement. It is important that the ECM database schema you select is open, that there are APIs available, and that the files within it are kept in their native format.ECM is here to stay, helping businesses in a variety of industries to improve their processes and workflow. The way you work is changing, and a reassessment of your ECM strategy is imminent. As the expense of information migration will only increase as the demand increases, it's better to modify an ECM strategy now than later. Choose the right ECM system, and your future is bright. Drew McCollum
< Page 8 | Page 10 >