The Cross-Discipline Nature of Information Governance

Thinking about the scope of information governance, it’s all too easy to assume that not only vendors, but also some end users are just jumping on the latest band-wagon, rebranding other disciplines and calling them “IG”. It behooves the end user to step back a bit and take IG on its own terms. As defined by Robert Smallwood (and modified slightly – but importantly – by Doculabs’ own Richard Medina), IG is the control of information to meet your legal, regulatory, and business risk objectives.

The Electronic Discovery Reference Model (EDRM) has done a good job of illustrating the cross-discipline nature of IG in its Information Governance Reference Model (IGRM), showing that IG spans Legal, Business, Privacy and Security, IT, and RIM (see the figure below, and the EDRM web site for a good definition and discussion of IG.) But it’s precisely because IG crosses so many disciplines within the organization that it makes sense to bring in an independent “broker” to take a look at how information is being managed now, your requirements from the legal, regulatory, and risk standpoints, and recommend what needs to be done to meet those requirements, moving forward.
EDRM IG Diagram

Why You Need an Information Governance Consultancy

Information governance is essentially a strategic function and needs to be evaluated from the executive level. The decisions that are required to drive action across the areas of practice outlined above need to be coordinated and sponsored at a level that can work across the individual business, risk, legal, and IT functions.

The problem is that most organizations approach IG in a haphazard manner. The way one department manages its information assets varies drastically from how the next one does. If IG is going to be successful at your organization, you need a partner who can provide a strategy for transitioning from how you currently manage information assets, to an approach that can identify key essential practices across the enterprise. The strategy should also provide insight into the way these practices will impact business processes at the functional unit level and should provide a plan for necessary projects to complete the transition. Lastly, the strategy should include a communication plan designed to engage end users and involve them throughout the transition to the new ways of working.

What to Look for in an Information Governance Consultancy

Now that I’ve convinced you that you can use some help in establishing an IG program and IG practices at your organization, what should you be looking for in consultant services in this area? I’d recommend you put the following four items on the top of your list of what to look for in an IG consultancy:

Multi-Disciplinary Services: Depending on the history of the consulting firm you are talking to, they will emphasize different aspects of the information governance world – i.e. the legal side, the records management side, the compliance side. To create a truly comprehensive information governance program, you want a firm that can provide expertise in legal, RIM, and privacy and compliance – as well as knowledge of the supporting technologies and of the business and/or industry.

Objectivity: You should never use the advisory services of one of your vendors. When all you have is a hammer, every problem looks like a nail, and when you sell implementation or integration services, every information governance problem looks like an implementation or integration that – surprise, surprise – only the tools in that vendor’s kit-bag can possibly fulfill. Find a firm that can offer you a frank, independent perspective on what you need, without being swayed by other opportunities in your organization.

Expertise: Your IG consultancy should comprise industry experts. As you build your program, you’ll need the kind of insight that’s only gathered over decades. Beware of organizations that bring in their IG expert as part of the sales process, but won't be including that resource in the project. You don't want the fate of this crucial enterprise program in the hands of a group of fresh-faced MBAs.

Ability to Gain Leadership Endorsement: IG is a high-level discipline with other governance functions under it. If an IG program is to be successful, it needs to be endorsed by the executives in your organization – who can then communicate the program’s requirements to mid-level management, then further down the organizational chart to the rank-and-file of the ultimate end users. Your consulting partner should provide resources that can help you gain that executive buy-in for this program. In fact, this might be the most important element on this list. If you create a world-class program, but it’s not endorsed by leadership, then the project is a failure. Every step of your IG program should take into account how you will gain leadership support to drive adoption through the enterprise.

One More Thing

As you build out your information governance program, it’s important to network with industry peers. As a part of your vetting process, make sure you ask your IG consultancy for references. This is useful to confirm the checkbox items on the list above. But, ultimately, it’s more important for your own success. By talking to peers, you stand to learn more about how others are succeeding at the establishment of IG programs in their own organizations and how they overcame adversity. This real-world perspective will be invaluable as you build your program.

Rich Medina
Lane Severson
I’m a Practice Leader, managing relationships with Doculabs’ West Coast clients to improve information management and security.