Information Strength is a state of advantage achieved through, both strategic and tactical implementation of archiving best-practices, security protocols and governance policies that protect the value of your enterprise content and uphold the power and promise of information governance. But why is it important? It provides feedback to drive an understanding of your information governance performance. Assessing your Information Strength can help identify gaps in your current information governance practice, provide clear actions to address concerns and help you maintain your current strength level. Like all things worth achieving, Information Strength requires constant assessment, discipline, and improvement. So what are the evaluation points to consider?
- Quality Archive Storage – most organizations have addressed this – in fact over addressed it with many different storage options available to users which causes confusion about what should be stored where, redundant content across storage silos, and additional expense in maintaining various storage options. Key indication that your organization is doing a good job with archive storage is if end users know what to store where and naturally avoid duplicating content across systems, by use of linking or federation or other means to reference materials.
- Security – the most elegant security solutions are straight-forward and leverage common role structures like LDAP to authorize access, but many systems rely on file-level overrides to grant or deny access even when department-level security controls are in place. Your organization is doing security well if users are able to get to the information they need to do their job, but only have access to sensitive information on a need-to-know basis.
- Retrieval – stored information is useless if users can’t get to the information in a timely way. End users must know the information exists, might even need to know where the information is stored, how to get to the content, and actually have access to it. The retrieval process is key to making storage worthwhile and yet has many potential failure points. If the “information workers” within your organization are able to retrieve, repurpose and leverage existing content, then your organization is doing a better than average job of retrieval.
- Disaster Recovery & Continuity – as an increasing number of organizations have business impacted by weather events, natural disasters like wild fires, and even civil unrest, the importance of a sound DR and BC plan becomes evident. Business Continuity is no longer about have addressed a prioritized list of a handful of applications deemed business critical. Daily operations are ever more dependent on an interrelated and intricately connected set of systems across data center locations and cloud services. DR and BC are no longer a checkbox item where a policy is good enough – the reality must be proven. If your organization has a policy and regularly runs DR drills (at least once a year), then you’re ahead of many in this area.
- Legal Hold – a number of organizations continue to rely exclusively on custodian self-preservation, even as judges and opposing counsel have proven smarter about the ability to collect content scattered across enterprise silos. Corporate Legal Departments are seeing renewed urgency to adopt automation for placing legal holds, managing hold notifications, and culling data. Use of automation means embracing changes to roles, responsibilities and tools, but ultimately puts more power in the hands of the legal team and reduces the risk of having overlooked or completely missed germane content.
- Policy Review & Maintenance – one of the toughest investments to make is the ongoing up-keep information governance requires. It is not enough to define and ratify a robust and comprehensive policy today. That policy needs to be reviewed, questioned, and maintained regularly to confirm that as the organization changes, as resources change, as priorities shift, and as regulations are updated, the policy is kept current. If your organization has a policy as well as a recurring policy review in place you are in very good shape related to your ongoing information governance health.
- Classification – much like policy review, classification requires an ongoing commitment to maintaining the classification rules and engine used. It is not sufficient to “set it and forget it” – no matter how much intelligence your engine has. It is critical that your classification functions properly due to all of the down-stream processes that rely on that classification for improved retrieval, retention, security, legal relevance. Manual and machine-driven classification require love and care. Once you have established the roles and responsibilities for regular maintenance, review and confirmation of the classification process, then you are flexing your information strength muscles.
- Disposition – something that should be easy – tossing unneeded content away – is one of the most difficult evaluation criteria to achieve. Part of the issue is the end user expectation that content stored will always be there – that content will be kept forever. This immediately sets up disposition as an inconvenience and not the norm. The ability to enforce the disposition plan and trim the amount of content stored across all archive options is important enough that it is worth resetting user expectations, seeking as much automated management of the process as possible, and tackling any backlogs of stores that grew from historically poor information hygiene. Once you have a policy with clear authority, automated processes and a sound strategy for both the backlog (I know there is one) as well as day-forward content, then your organization is truly proving their strength.
- Compliance – why isn’t this much earlier on the list? How is this harder than the last 3 evaluation criteria? It’s harder because of the external element. Compliance with external regulations which change or have updated definitions or suddenly don’t accept what was previously allowed as common practice are disruptive to your internal policies and practices. Compliance may force untimely changes in your policies, require emergency meetings, or force reallocation of resources to change systems and procedures. The disruptive nature and constant change of compliance makes it an extreme challenge for organizations to accommodate gracefully. Organizations that are consistently able to address regulatory changes without drama are achieving information strength.
All IG successes deserve applause, but it must be noted even a perfect Information Strength score across all 9 criteria today doesn’t guarantee Information Strength tomorrow. Only ongoing discipline and commitment to information governance regardless of changes in organization politics and reogs, trendy projects, application upgrades, infrastructure refreshes, best-practices changes, regulation updates, and vendor chaos will deliver future information strength achievement. Just like athletes require coaches, training partners, and teams – achieving and maintaining Information Strength is best done with a trusted partner organization that has the necessary expertise and resources to keep the focus on information governance despite all the distractions.