Transcript LegalTech Asia 2014: B4 - Effective Information Governance

Effective Information
Governance
Legal Tech Asia Technology Summit
March 3, 2014
Marilyn Bier, CEO
ARMA International
Agenda
•Introduction to ARMA International
•Drivers creating need for Information
Governance
•Defining Information Governance?
•Generally Accepted Record Keeping
Principles
•Measuring Information Governance
•Tips on Where to Start
About ARMA International
ARMA International is the industry leading association for the Information Governance
Profession providing resources, education and leadership opportunities.
Our members by the numbers:
94%
play a role in their
organizations purchase
decisions of information
governance resources
27,000
Members
120
Local Chapters
130
Countries
98%
Faithfully read ARMA
International’s Information
Management magazine
monthly to keep up-todate on industry and best
practices
ARMA and IG
ARMA International is the standard bearer for information governance resources. We support
legal, IT and information management professionals by providing resources, education, support
and certification.
Key Driver –Data Explosion
• Contributors
• Social Networks, Blogs, Social Media-based Information,
Internet-based Text and Documents (Cloud), etc.
• Definitions of Big Data
• Laymen’s definition – Data bases so large they become
awkward to work with when using on-hand tools
• Gartner – High volume, high velocity and high variety
information assets that demand cost-effective innovative
forms of information processing for enhanced insights
and decision making.
• Forrester adds a fourth “v” – variability
Big Data
Link to Information Governance
•Potential of big data huge
•Smarter decisions at faster rate
•Gaining competitive advantage
•Improving efficiency and customer
targeting
•Importance of techniques and technologies
•Crucial decisions must be based on good data
•Business cost to retaining ROT (redundant,
obsolete, or trivial) information
Information Governance Defined
Information governance is a strategic
framework comprised of standards,
processes, roles, and metrics that hold
organizations and individuals accountable to
create, organize, secure, maintain, use, and
dispose of information in ways that align with
and contribute to the organization’s goals.
ARMA, 2012
Records and Information Management
RIM – The Foundation of IG
A RIM program defines the rules and
controls to manage corporate records and
information from creation/receipt until no
longer needed:
• Email management
• Retention policy/process
• Legal/regulatory compliance
• Risk assessment
• Litigation/e-Discovery
IG’s Collaborative Partnership
• Key Stakeholders
– Business units
– IT, Security
– Legal, Compliance
– Information Governance
• Shared Priorities
– ROI
– Risk management
– Match systems to ROI
– Effective litigation
– Documenting key systems
– Handling legacy data
EDRM’s Information Governance
Reference Model (IGRM)
Unifies perspectives:
• Business – profit
• Security/Privacy- risk
• IT – efficiency
• Legal – risk
• RIM - risk
www.edrm.net/projects/igrm
IGRM
Generally Accepted Recordkeeping
Principles
•Framework for information governance
•Introduced in 2009
•Carefully vetted “best practices”
International & national standards
•Industry independent
The Strategic Framework
The Principles provide effective
Information Governance.
•Objective
•Reasonable
•Reality-based
•Scalable
•Standards-based
Generally Accepted Recordkeeping Principles
GOOD
BUSINESS
PRACTICE
.
Standards/Best Practices Mapped to Principles*
• ISO 15489: Information & Documentation - Records
Management
• ISO 30300: Management Systems for Records
• ANSI/ARMA 18-2011: Implications of Web-based Technologies
• ARMA TR20-2012: Mobile Communications and
Records/Information
• Evaluating / Mitigating Records & Information Risks
• Outsourcing Records Storage to the Cloud
• ISO TR 17068: Trusted Third-Party Repository
• ARMA TR 21-2012: Using Social Media in Organizations
• ARMA: Website Records Management
• ANSI/ARMA 2010: Vital Records Programs
*not comprehensive
Information Governance Maturity Model
Information Governance Maturity Model
• Basis for
benchmarking
– Level 3 considered minimum
acceptable for any
organization
• Identify and rate
deficiencies
• Establish
improvement targets
and reassess
regularly
Information Governance Assessment
Information Governance Assessment
Practical Information Governance
Tips on Where to Begin
•Identify your stakeholders and champions
•Establish goals and targets at the beginning
of the process
•Be sure to address all information and
consider historical and future-generated
information
•Preform some type of assessment
•Do a gap analysis
Practical Information Governance - Tips
•Based on targets, which scores are lower?
•You don’t need to ‘fix’ everything at once!
•Which pose the greatest risks for your
organization?
•Prioritize and do a cost analysis based on
your industry
Practical Information Governance - Tips
• Deploy systematic and repeatable process to
discover, classify and enforce policy on all
organizational assets
• Develop executive dashboards that demonstrate
effectiveness of Information Governance program
• Provide training for end users
• Consider employing a certified IGP – Information
Governance Professional
Information Governance Professional
Contact Information
Marilyn Bier, CEO
ARMA International
11880 College Blvd. Suite 450
Overland Park, KS 66210 USA
888-301-3324
[email protected]