Creating a Governance Framework for Effective Records and Information Management
The information management landscape is in a seemingly endless transformational stage. End-user expectations continue to be driven by the promise of improved workflows with each new technology that is talked up in the latest news cycle. This state of flux provides new opportunities for professionals working in the records and information management space to increase the success for their programs if they are comfortable speaking up.
New opportunities arise most noticeably from the arena of an organization’s governance framework for records and information management. While organizations continue to create new departments and hire specialists in areas such as data security, data management, privacy, and compliance, efforts to develop governance frameworks continue to lag. This gap presents an opportunity for the records and information manager to propose a way to leverage these separate yet related areas of specialization through the development of a records and information governance framework.
Understanding Areas of Responsibility
Some core areas of responsibility are important to creating a successful and effective records and information governance framework. Addressing these areas provide a groundwork for future development.
- Records Management
All organizations receive, create, disseminate, and use records to one extent or another. Records are traditionally considered to be information that has content, context, and structure. Records are the information assets that are considered most trustworthy and “fixed” so that an organization can rely upon them to be an accurate reflection of business transactions and decisions. For this reason, a program for managing an organization’s records should be a foundational component of any records and information governance framework.
- Compliance and Risk Management
Every organization will have requirements for complying with industry, regulations, or laws. How an organization establishes procedures for meeting compliance requirements, and how they provide of those compliance requirements, is a key responsibility for a records and information governance framework. Along with meeting compliance requirements, planning for the management of risks either inherent in the core business functions of an organization or in the management of its records and information assets is essential.
- Storage and Security
Information assets are only useful if one can readily access them when they are needed. Whether assets are in analog or digital formats, how these assets are inventoried, organized, stored, and made available to the right people at the right time should be an ongoing focus of a records and information governance framework. Security considerations include keeping access permissions up-to-date and ensuring sensitive data be well-protected and only retained for as long as needed.
- Litigation (e-Discovery)
The effective management of an organization’s information assets, including records, is no small task. And yet, the more fully these assets have been identified and maintained in systems that provide for reliable retrieval, the easier one’s work will be when the possibility of litigation is on the horizon. For this reason, having a plan for addressing e-Discovery requests in advance of any pending litigation can be a helpful component of a records and information governance framework.
With these core areas developed, the next part of establishing a strong framework comes from taking a focused and intentional approach to moving forward in the early phases of the framework.
Identify Roles and Responsibilities
Across the spectrum of the organization’s information landscape, identify the roles of individuals who have specific responsibilities such as providing users’ access to data repositories, or ensuring records are being retained for the right amount of time and appropriately destroyed, purged, or archived. For information assets that are specific to a functional area, identify the subject matter experts and clarify their roles in acquiring and/or distributing these assets.
Establish an Advisory Group
As individuals are identified as having a role as a subject matter expert for particular business functions (or as someone responsible for an area of concern such as legal, audits, data privacy, IT system privileging, etc.), consider adding them to an advisory group. This group can provide support for establishing and adhering to the records and information governance framework being developed.
Create or Update Policies
Working with subject matter experts and persons identified as having particular responsibilities for the management of records and other information assets, take the lead on creating or updating relevant policies. While it may seem tedious, it is very helpful to be clear about what formation the organization has, how and why it is valued, and who has responsibilities for managing it.
Define Processes and Procedures
With policies in place and working with subject matter experts, define as clearly as possible core business processes and develop documents that describe the procedures used to manage the information assets.
Setting a goal to establish a records and information governance framework for an organization will take some time and a lot of buy-in from various stakeholders. But just working toward that goal can be rewarding and open doors to new opportunities that were previously unseen.
Joanne Kaczmarek is Director of Records and Information Management Services and Associate Professor, Library Administration at the University of Illinois.