EMBRACE INFORMATION GOVERNANCE - THE TIME IS
NOW!Jim Merrifield, IGP, CIP
FileTrail, Inc.@Jimerrifield
Learning Objectives
Manage information risk and ensure compliance with business requirements
Develop an IG strategic plan and framework that works
Gain control of information and optimize its value
Reduce cost by disposing of information when it’s no longer needed
Embrace
TO TAKE OR RECEIVE GLADLY OR EAGERLY; ACCEPT WILLINGLY: To embrace an idea
TO AVAIL ONESELF OF: To embrace an opportunity
Embrace What?
Information Governance is…
The specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient us of information in enabling an organization to achieve its goals.
Information Governance is…
A strategic framework composed of standards, processes, roles, and metrics that hold organizations and individuals accountable to create, organize, secure, maintain, use, and dispose of information in ways that align with and contribute to the organization’s goals.
Information Governance is…
Information Governance is…
Why Now?
Over 60% of respondents indicated that eligible ESI is not regularly deleted
Only 5% of respondents reported automated disposition processes for all their collaboration tools (e.g. project sites, SharePoint), while 62% had no automation or did not know
Less than 10% of respondents considered management of “new media and locations” (e.g. cloud services, mobility, social channels) at their organization mature
Only 8% of respondents report that records management metrics at their organization are mature
Only 12% indicated that records management planning is integrated with application decommissioning
Why Now?
In December, 40M Credit Cards were hacked
Invested $100M into chip-enabled card technology, implemented in 2015
Has $100M insurance coverage but potential loss may exceed $1B
Investors need to keep close eye on data breach investigation before investing
Why Now?
71% have no idea of the content in their stored data
58% are keeping information indefinitely
79% spend too much time and effort manually searching and disposing of information
58% still rely on employees to decide how to apply corporate policy
ADEM Model
Assessment of Information Risk &
Compliance
Information Risk & Compliance
Information Risk & Compliance
What information is needed to support business processes?
What steps must be taken to be in compliance with governing laws and regulations?
What information should be destroyed and when?
Information Risk & Compliance
Conduct Legal Research
Identify Internal IG Requirements
Create a Risk Profile
Perform Risk Assessment
Develop Mitigation Plan
Develop Metrics to Measure Results
Execute & Audit Progress
Conduct Legal Research
Software Citation Subscription
Online
Library
In-house Counsel
Identify Internal IG Requirements
Highly Regulated or Not?
Knowledge Management
Corporate Culture
Other Business Factors
Create Risk Profile
Simple is Best
Short and Sweet
Annual or Semi Annual
Create Top-10 Greatest Risks
Perform Risk Assessment
Develop Mitigation Plan
Develop Metrics & Measure Results
Reduce e-discovery costs by 25% over the previous fiscal year
Provide information risk training to 100% of Senior Management
Reduce the number of hack intrusion events by 75% over the previous fiscal year
Execute & Audit Progress
Regular Team Meetings
Key Status Reports
Review of Metrics and Process
Communication using collaboration software tools
Develop Your IG Program
Develop an IG Program
Identify Key Stakeholders
Adopt a Vision
Analyze Internal/External Drivers
SWOT Analysis
Identify Key Stakeholders
IT, RIM, Legal, Compliance, Audit, Privacy, HR, etc.
Obtain Executive Sponsorship
Development Roles/Responsibilities for your Key Stakeholders
Adopt a Vision
What is your goal for the next 3-5 years?
Define steps to take to meet your business goals
And Don’t Give Up!
Analyze Internal Drivers
Corporate Culture
Current Business Plans
Financial constraints
Analyze External Drivers
Technology Trends
Industry Best Practices
How you “Stack Up” with your competition
SWOT Analysis
Establish Your IG Program
Policy & Procedure
Clearly define the scope of your policies and procedures to ensure all information is managed throughout the enterprise
Communicate Your IG Program
Consider who will be impacted by the new policies and procedures
Knowing all parties that will be affected helps determine the means by which you communicate
Customize your message for IT, Legal, Business, etc.
Outline Goals of the Program
Training
Classroom Instruction
Online Learning
Series of Training Videos
Be Consistent
Add to New Hire Program
Monitor & Audit Your IG Program
MetricsAmount of information created v. amount disposed
Amount of information initially captured for holds v. amount actually produced to courts
Records disposition metrics may include % of content disposed in any given month
Compliance with end user training
Change Management
What Were Trying To Achieve?
Reduce Risk
Ensure Compliance
Maintain Security
Retain Properly
Dispose Consistently
Soft Skills
Analytical
Leadership
Planning/Forecasting
Communication
Get Social
What Was Your Dream Job?
Look, if you had one shot, one opportunityTo seize everything you ever wanted, one
momentWould you capture it or just let it slip?
- Eminem - One Shot
Jim Merrifield, IGP, CIP
Phone: (646) 584-7687Email: [email protected]: @jimerrifield @FileTrailWeb: www.FileTrail.comBlog: www.infogovmode.com
Top Related