Current Filter: Document>>>>>>2016-03-01

   

This has been a real game-changer for a number of organisations, and has meant that Information Governance (IG) is higher up the corporate agenda than ever before. Wider and more all-encompassing IG policies are now required to ensure that records are as secure in the digital era as they were previously, and organisations remain keen to protect themselves against compliance issues.

The sheer volume of data held by most organisations (along with the insight that can be gleaned from analysing it) and the way it is stored is a major asset, but without effective information governance, that data also carries a potentially huge risk. Despite most organisations having an IG plan, it can be hard to get the business to follow it. Why is this and what can be done to address?

EMBRACING IG…BUT NOT EFFECTIVELY
An AIIM report in December 2015, 'Information Governance - too important for humans', revealed that more than half of organisations surveyed (US and UK, private and public sector) have had data-related incidents in the past 12 months. 16% of these have suffered an actual data breach.

Furthermore, 45% of executives felt that a lack of information governance leaves their organisation wide open to litigation and data protection issues and 41% of respondents admitted that their email management is 'chaotic'.

Worryingly, there are huge volumes of content in most organisations that are not under any form of information governance, retention management or e-discovery. So for 28% of organisations, IG is very high on the senior management agenda and more than half (53%) have recently launched new IG initiatives.

But while it would appear from the AIIM research that there is a willingness to embrace information governance, many are yet to do so effectively. Cloud and mobile have been hugely impactful on the way that these organisations capture, store, manage and use information, but there are strong signs that many are yet to effectively factor cloud and mobile into their information governance policies.

There are also issues with enforcing information governance policies. This was mentioned as the biggest issue for 41% of respondents in the AIIM research.

SECURING EMPLOYEE BUY-IN
Getting employees to follow an IG plan is essentially a behaviour change management problem. If they are currently saving absolutely everything, often in a 'my documents' folder, the organisation ideally wants to change behaviours so that instead it has compliant record retention and much easier access to electronic information.

To achieve this, an organisation must look at changing user behaviour with a combination of policy, process and tools training. It must also be driven by senior management. The AIIM research identified challenges with getting senior management involved in enforcing IG polices -without this, almost any IG plan is doomed to fail, as it sends out a message to employees that IG is just not that serious. So the process should begin with a stakeholder steering committee, looking at why this needs to be addressed and identify the right approach, budget and timeframe. Senior management should then raise awareness of the program and begin communicating the message downward.

From there, mid-level management should continue with program awareness and address how the IG plan will help business and how it will impact on their employees. It's also important for mid-level management to identify any potential champions in their groups - this group will be pivotal in getting other employees to engage and commit to an IG plan.

The next stage is to work with all the departmental record coordinators across the business, getting them to understand your key messages around IG and to buy in to their role and time commitment within that. Finally, it moves to the employees to get their buy-in. They need to understand how it will ultimately make their lives easier.

ROLLING-OUT THE PLAN
So with the strategy outlined, the next phase lies in understanding the current behaviours within the organisation. Why do employees behave in a certain way, in terms of where they save and manage information, and how does this vary across business units, functions and roles? What do employees believe they need to do their jobs?

Page   1  2