An Information Governance Disaster?
Because information is in separate repositories, it tends to be managed differently; calls must be made to other departments to obtain information, and in many cases employees don't even know that the information exists. These facts further complicate managing information in accordance with information governance rules, because the information is likely to be managed differently in each system. In fact, it is these silos of information that tend to be the smoking gun for many organizations who failed to know the what, where, when, how and why about their information.
Driven by the need to "get a grip" on managing corporate information, reducing storage IT hardware costs and by increasingly demanding requirements for regulatory and legal compliance, many organizations have taken a narrow approach to integrate content by writing point-to-point interfaces for the pressing business needs at hand. A narrow approach, focused only on connecting "application A" to "content repository B," causes many problems. For example:
Increased cost.
- Additional people, hardware and software are required in order to support multiple redundant systems;
- Point-to-point interfaces between client applications and disparate repositories lead to increased complexity in activities for staff, customers and agents; and
- Organizations may need to redevelop point-to-point interfaces to support each new version or deployment.
Reduced ability to execute.
- Multiple integration points result in slower response times;
- Incomplete information yields poor decision-making and increases risk; and
- Limited content access across the enterprise creates siloed business units.
Difficulty meeting compliance mandates.
- Regulations such as Sarbanes-Oxley, HIPAA, etc., demand access to all information immediately. The absence of total content integration across the enterprise can lead to incomplete or untimely discovery;
- A narrowed approach can also result in producing inaccurate information or records that may have been inadvertently altered; and
- Stiff fines, share price declines—and even criminal charges—can result if you cannot produce the information requested in its original format or prove the content has not been altered.
So how do we cure the insanity, "get a grip" on enterprise information, and achieve information governance nirvana? That cannot be fully addressed here—every organization is different and each will have its own information governance framework. However, there are a few practical approaches to help us get a bit closer.
First: Organizations need to close the gap between IT, legal and business. All three cannot operate in their own silos while simultaneously successfully managing enterprise information.
Second: IT, legal and business need to develop a comprehensive information governance framework that will work for them, their organization, the environment in which they operate and the organization's cultural makeup. Don't adopt another organization's information governance framework wholesale.
Third: Invest in an enterprise content management system that can support your information governance framework—one that is compliance-oriented (manages enterprise content according corporate policies, industry regulations, laws) and provides a total content integration solution that shows you the what, where, when, how and why regarding your organization's information.
With regard to the third point, whether your organization has a single, enterprisewide content management system or uses a best-of-breed approach to managing corporate information, having true enterprisewide total content aggregation and integration as part of your overall information management solution is the best way to achieve effective information governance. Without this, you can't universally manage all related information and know what information is retained, where it is retained, how it is retained, why it is being retained and for how long. Instead, you might only know what information exists in each individual repository, but that information will most likely be managed differently. That in itself may cause your information governance framework to fail.
And this brings us to a final point—information governance has a variety of different meanings, depending on your point of view. It is up to IT, legal and business to determine how best to develop and implement an information governance framework specific to your organization. When you do, remember that the system of record to manage your enterprise information must work in conjunction with the information governance framework. The optimal method for achieving this is to have an enterprise content management system that provides a single view of all enterprise information regardless of type, size or location, with business processes in place to manage that information, and with employees trained and empowered to manage information in accordance with your information governance policies and procedures.