Organizations Creating An Information Governance Program Are Often Entering Virgin Territory

Creating governance programs that separately address structured (data) or unstructured (content) can be a daunting task for any organization. Most organizations are just now addressing the governance issues that help ensure that their information, both data and content, is trustworthy and reliable. If creating separate governance programs is such a challenge, then why I am advocating the creation of a combined program for information governance? The challenges of governing structured data differ from the problems governing unstructured content, due to different goals, stakeholders, roles, and processes. The result is that governance of these areas involves completely separate endeavors.

But must they be wholly separate? Isn't there enough common ground? Creating an information governance framework that will address both their structured and unstructured information requires that the appropriate IT and business roles and responsibilities are clearly defined and that stakeholders from both IT and business are in agreement with the design and implementation efforts for an effective information governance strategy. Is this task too daunting for an organization to overcome? As more decisions are made using both data and content, it becomes increasingly important that all information used in the decision process is trustworthy and reliable. Agility in decision-making is dependent upon the right information at the right time. So my contention is that we should not wait for our data and content governance program to mature before implementing an overall information governance program. We should look at the similarities in the two governance programs to create a common framework that can be leveraged to create commonality and consistency in the information architecture.

Join Gene Leganza and me at Forrester’s upcoming Enterprise Architecture Forum 2012 in Las Vegas in May and in Paris in June, as we explore the best practices for creating an information governance program. We will be holding a 90-minute super session to take a deeper dive into some techniques that organizations have used for creating an integrated governance program. We will be addressing:

  • The commonalities and differences inherent in data and content governance.
  • How real-world shops are taking a combined approach to content and data governance.
  • How to craft an approach to information governance that will work for you.

This session will be highly interactive, giving all the attendees a chance to challenge our ideas and exchange real-life examples with their peers. It’s critical, when talking about an emerging area, that both successes and challenges can be openly discussed to give all session attendees a chance to walk away with grounded approaches to creating a successful information governance program.

Comments

compliance by design

Uncovering a risk or a compliance gap in the existing IT landscape is the result of a good analysis – and of bad planning. Many organizations relegate the task of risk and compliance analysis to an afterthought of an IT landscape’s evolution instead of making it an integral part of their IT planning efforts. This is rarely done through bad intention. Rather, it's a consequence of lacking concurrent information to fully anticipate the impact of changes at design-time. Having this information is a very powerful instrument for decision makers so they can be aware of gaps and avoid them in time.
Moving the IT GRC analysis upstream and including it at design and planning time ensures that organizations are aligned with risk appetite and compliance obligations. All of these efforts will help avoid security leaks, penalties and unnecessary mitigation loops downstream. This ultimately paves the way for an organization to achieve compliance by design, rather than by testing.