So I have done a few presentations at the Portland SharePoint User Group, SharePoint Saturdays, and recently the SharePoint Intelligence conference here in Portland. The topic I kept being requested to talk about is “IG” Information Governance. This is topic that has been around for a long time in different formats and parts, but has emerged as a MUST HAVE in business today.
Wikipedia has a nice definition:
“Information governance, or IG, is an emerging term used to encompass the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization’s immediate and future regulatory, legal, risk, environmental and operational requirements.”
The challenge is there is no standards or best practices defined by any one credible organizations. So I have come up with a shot at that, ready:
It is a framework for handling information in an efficient manner to appropriate ethical, and quality standards. This framework makes sure that information is:
- Held securely and confidentially
- Obtained fairly and lawfully
- Recorded accurately and reliably
- Used effectively, efficiently and ethically
- Shared appropriately and legally
In short “Records Management and Enterprise Content Management”, this is the challenge the folks who really get Information Governance is E-Discovery and Legal folks who have had history with compliance and audit. SharePoint has been been used by many organizations as a way to start wrapping there minds and money around the problem. This has led to a situation where IT becomes the key stakeholder of IG and Compliance standards, but really it is Legal and other business units that understand the business that need to drive the bus. IT should be the implementation wing, not the policy wing for the organization.
The standards which all business is held accountable too, Sarbanes-Oxley, HIPPA, ISA, SEC, EU Data Protection Directive, etc……. grow and change. This is also the key challenge with IG it never stops evolving due to regulations changing and laws altering to support our technologies and new businesses.
In the context of SharePoint we have a few ways to tackle this Records Management, Metadata Management, Information Management Policies, Retention Policies, and Information Security Models. In short a slew of tools and technology that can be used to SUPPORT you needs. There is not ONE TOOL TO RULE THEM ALL, and I do get a little upset when a vendor or tool manufacture is preaching some 25K solution that magically does everything, or a company that says they can build the ultimate solution.
Some of the big players/vendors include Microsoft, Open Text Corporation, RSD, HP’s Autonomy, EMC Corporation, and IBM. These are just tools, that support the framework, policies and people in the organization. You still need to make sure the people do what they are suppose to to make the tools work.
I am going to continue this subject discussing ways to implement IG in SharePoint, but if you want to truly implement a compliant approach you are going to have to be willing to commit time and resources. This is true with any technology or business, this is an eternal business process, and must be managed just as you do your contracts, agreements, and sales receipts.
Ready to take a ride that will make you second guess you policies, and make you laugh every time you here a colleague say “We did that, we bought a tool and wrote up a policy!”.