Information governance, or IG, is an emerging term used to encompass the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements.
Because information governance is a relatively new concept, there is no standard definition as of yet. Gartner Inc., an information technology research and advisory firm, defines information governance as the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.
As defined by information governance solutions provider RSD S.A., IG enforces desirable behavior for the creation, use, archiving, and deletion of corporate information.
To technology and consulting corporation IBM, information governance is a holistic approach to managing and leveraging information for business benefits and encompasses information quality, information protection and information life cycle management.
Regardless of the exact wording, definitions of IG tend to go quite a bit further than traditional Records management in order to address all phases of the information life cycle. It incorporates privacy attributes, electronic discovery requirements, storage optimization, and metadata management. In essence, information government is the superset encompassing each of these elements.
Records management deals with the retention and disposition of records. A record can either be a physical, tangible object, or digital information such as a database, application data, and e-mail. The lifecycle was historically viewed as the point of creation to the eventual disposal of a record. As data generation exploded in recent decades, and regulations and compliance issues increased, traditional records management failed to keep pace. A more comprehensive platform for managing records and information became necessary to address all phases of the lifecycle, which led to the advent of information governance.
In 2003 the Department of Health in England introduced the concept of broad based information governance into the National Health Service, publishing version 1 of an online performance assessment tool with supporting guidance. The NHS IG Toolkit is now used by over 30,000 NHS and partner organisations, supported by an e-learning platform with some 650,000 users.
In 2008, ARMA International introduced the Generally Accepted Recordkeeping Principles®, or GARP® and the subsequent GARP® Information Goverance Maturity Model. The GARP® principles identify the critical hallmarks of information governance. As such, they apply to all sizes of organizations, in all types of industries, and in both the private and public sectors. Multi-national organizations can also use GARP® to establish consistent practices across a variety of business units. ARMA International recognized that a clear statement of "Generally Accepted Recordkeeping Principles®" (GARP®) would guide:
CEOs in determining how to protect their organizations in the use of information assets;
Legislators in crafting legislation meant to hold organizations accountable; and
Records management professionals in designing comprehensive and effective records management programs.
Information governance goes beyond retention and disposition to include privacy, access controls, and other compliance issues. In electronic discovery, or e-discovery, electronically stored information is searched for relevant data by attorneys and placed on legal hold. IG includes consideration of how this data is held and controlled for e-discovery, and also provides a platform for defensible disposition and compliance. Additionally, metadata often accompanies electronically stored data and can be of great value to the enterprise if stored and managed correctly.
In 2011, the Electronic Discovery Reference Model (EDRM) — in collaboration with ARMA International — published a white paper that describes How the Information Governance Reference Model (IGRM) Complements ARMA International’s Generally Accepted Recordkeeping Principles (GARP®)
With all of these additional considerations that go beyond traditional records management, IG emerged as a platform for organizations to define policies at the enterprise level, across multiple jurisdictions. IG then also provides for the enforcement of these policies into the various repositories of information, data, and records.
