Tech topics

What is information governance?

Illustration of IT items with focus on a question mark

Overview

Information governance brings order to your information chaos. It's all about setting policies and best practices and automating how data is created, used, stored, and deleted. Encompassing smart practices like data lifecycle management, data governance, and AI governance, information governance ensures your information is used efficiently to meet your goals. Think of it as the roadmap that keeps your data on track, helping your organization stay compliant, secure, and ahead of the game.

Information Governance

Information governance is not just about recognizing information as a strategic asset, but about empowering the organization to subject it to high-level coordination and oversight. This empowerment ensures accountability, integrity, preservation, and protection of information enterprise wide. As a disciplined approach, it aims to treat the task holistically, removing silos and fragmentation, and improving the appropriate, efficient, and secure use of technology and resources needed to manage information.

What are the benefits of an information governance program?

Information governance programs bring many important benefits to the organization. In many cases, information governance is prescribed by law, regulations, and industry best practices. Even in the absence of a strong regulatory imperative, information governance is still essential to the orderly operation of information management systems.

  • Consistency and integrity: With documented, consistent policies and procedures for managing information, organizations can ensure their data is more accurate, complete, and up to date. 
  • Enhanced security and risk management: Sensitive, proprietary and private information must be protected from unauthorized access using the latest cybersecurity standards and best practices.
  • Regulatory compliance: Most organizations have legal and industry-specific requirements for information retention, security, privacy protection, accessibility and auditing.
  • Increased efficiency: With well-organized information that is easier to find and use, it saves time and resources, making the work process more streamlined and convenient.
  • Decision support: With more reliable and accessible data, leaders can make more informed strategic decisions.
  • Cost reduction: Organizations can reduce storage and management costs by eliminating redundant or obsolete data and streamlining processes.
  • Improved collaboration: Clear policies on information sharing can facilitate better cooperation between departments and external partners.
  • Enhanced reputation: Demonstrating responsible information management can boost stakeholder trust and organizational credibility.
  • Preserving valuable information: Proper governance ensures that important historical and operational data is retained and accessible over time.
  • Facilitation of digital transformation: A solid information governance framework provides a foundation for adopting new technologies and data-driven initiatives.

Information governance relies on automation

In the modern era, even modest-sized organizations have terabytes and even petabytes of information. It is impractical to achieve information governance without a high level of automation and a strong relationship between the information management system and its governance capabilities. Information management systems of all types invariably include some governance features.

Some examples of information governance automation include:

  • Content and records management systems often include highly advanced information governance controls and automation, and ancillary systems are often integrated into or enhance an information governance program.
  • Intelligent document processing automates the capture, labeling, processing and storage of large volumes of information, eliminating the tedious labor of transcribing millions of pages of hard copy, forms, faxes, medical forms and more, into a safe and accessible information management system.
  • Content analytics and risk mitigation software can scan large volumes of existing and incoming information for sensitive information, personally identifiable information, health information and other risk markers to identify content that needs to be reviewed, secured, properly labeled and protected in a content management system.
  • Archiving and storage management software can lower costs on long-term retention of data and content by moving it to a simpler and more economical storage platform while preserving it effectively and keeping it accessible if necessary.
  • eDiscovery and early case assessment systems help investigative and legal teams sequester and review large volumes of content for legal cases, FOIA requests, and risk assessment. Using AI, search, and workflow, these systems provide invaluable help in complying with discovery requests, legal holds, and other critical processes requiring document review.

What is an information governance framework?

The purpose of an information technology governance framework is to establish the organization’s approach toward information management within a business, legal, and regulatory context. An effective framework covers the following areas.

Scope and charter

Establish the scope of the information governance program. Set out the procedures that govern creating, sharing, storing, and disposing of information. Define the management of all information and associated systems that affect the enterprise’s legal and regulatory obligations.

Roles and responsibilities

Define the key roles and responsibilities in information governance. That includes the information governance committee, information governance team, information risk management team, information asset management team, records management team, business line managers, and employees.

Information policies and procedures

Information governance includes multiple distinct policies and procedures. The framework should explicitly enumerate the policies that affect information governance, including information security policy, retention policy, disposal policy, archiving policy, privacy policy, ICT policy, remote working policy, and information sharing policy. Information procedures then determine and define how the organization and employees interact with information according to each policy stipulated.

Third parties

Some enterprise information will be created and stored by third parties. The framework establishes how the organization manages information with partners, suppliers, and stakeholders. Define how information governance affects contractual obligations and supplier relationships. Establish metrics that third parties are evaluated against to confirm conformity with information governance goals.

Business, continuity, disaster recovery and contingency

The framework should set out the process for reporting information losses, reporting information breaches, incident management, incident escalation, disaster recovery, and business continuity.

Audit and review

Continuous monitoring of information access, information use, regulatory compliance, information security, infrastructure performance, and storage performance. Conduct regular risk assessments, audits, and reviews.


A strong generative AI strategy starts with information governance

Information management is rapidly evolving with the introduction of generative AI (GenAI) tools to accelerate information discovery and information-based productivity. To ensure successful GenAI use cases and advances within an organization, consider these six best practices in project planning and governance policy making to improve the trustworthiness and usefulness of AI:

  • Curate trusted content. GenAI is only as good as the information it has available. Curated content that is purposefully selected can give quick wins. Launch AI pilot projects with explicitly approved content in high demand. Examples are completed contracts, RFPs, FAQs, patent libraries, SOPs, and regulatory content.
  • Control content sprawl. Content sprawl refers to stray convenience copies and abandoned edited versions of documents in email, chat messages, and OneDrive. This type of content can be useful in the short run, but because it is noisy, it can tend to lead AI responses further astray. A well-managed information management process will naturally improve the accuracy and relevancy of responses generative AI produces.
  • Label data. The AI grounding process will be more effective when more precise grounding data is available. Provide labeled data or rich, accurate metadata gathered through well-managed content services and automated processes so that grounding is more accurate and AI advances can better infer source material.
  • Institute better security controls. Commercial large language models do not automatically understand processes and what must be secured. They can reveal anything they have access to. Diligently securing content repositories and avoiding shadow IT are essential.
  • Provide context. Context is critical. Ideally, we want to infer AI grounding context from the user’s present work context. The context window is most valuable if grounding is focused on a single business transaction such as a new client, project file, HR file, or insurance claim.
  • Incorporate AI governance. AI governance is a rapidly evolving topic of public and organizational policy, legislation, and risk mitigation. Some of the principles of AI governance—a subcategory of information governance—include transparency and explainability, fairness and non-discrimination, privacy and data protection, accountability and oversight, and safety and robustness.

GenAI is a huge leap in usability and productivity, especially with vast information repositories. By following these six essential governance practices, generative AI systems are far more likely to be safe, secure, and productive.


Start your information governance journey

Information governance is an essential practice for becoming an information-empowered organization. However, it must be administered according to sound practices, at scale, securely, and in collaboration with the other processes and information systems at play.

Just about every large organization today claims to be data-driven. Enterprises that implement a sound information governance strategy bolster information availability, mitigate risks, contain costs, and comply with regulations.

OpenText information governance solutions offer intelligent, policy-driven automation and integration that helps organizations mitigate risks and protect information to stay compliant, secure, and productive while powering modern work.

Our solutions include:

Footnotes