Using Information Governance to Solve Business Needs

Information governance (IG) practitioners (and I’m one of them) tend to think the world revolves around IG. We say organizations should support IG best practices and end users should willingly submit to whatever process and technology changes are required because, well, you have to have IG best practices.

The reality is, other than IG practitioners, no one cares about IG. At all. Non-IG folks only care about doing their jobs, regardless of whether doing so conforms to IG best practices or not (and usually it doesn’t).

While this could be cause for IG practitioners to despair, there’s a way forward: embed IG best practices in things non-IG folks care about, including other categories of compliance like privacy, InfoSec and litigation, or business goals like operational efficiency, sales effectiveness and cost reduction. Although embedding IG in this way will look different based on your industry, organizational makeup and idiosyncrasies, some general good practices can help you drive IG.

Making Information Governance Capabilities Relevant

The constellation of IG capabilities required for good IG is well known: establish information lifecycle management (ILM), reduce ROT, secure sensitive data, direct end users to appropriate systems (“what to use when”), define and enforce metadata, etc. But even if non-IG folks understood what these things were (spoiler alert: they don’t), the value these capabilities have for them is typically unclear. Best case scenario, they won’t care whether the organization supports these capabilities. Worst case, they’ll oppose them because enabling these capabilities will require changes to how they work. (And end users hate changing the way they work.)

If you want to have a prayer of getting IG capabilities rolled out at your organization, you need to align with what non-IG folks care about … which will never be IG in and of itself. Instead, what they care about are the things they have the funding for and the executive support to get done — many of which require (or at least can benefit from) improved IG.

For example, an operations executive at a utility company that owns power plants will be very concerned with the efficiency, effectiveness and safety of performing preventative and corrective maintenance. She likely has performance targets related to reducing the time and cost of performing maintenance activities as well as the number of incidents related to them. Good IG absolutely impacts her ability to succeed along all these dimensions, but she likely has no idea how IG can contribute to her success through delivering the latest and greatest as-builts, up-to-date SOPs, or required parts lists.

An IG practitioner’s first job is to understand the executive’s main concerns. Then we need to search our IG toolkit to identify the IG capabilities that can meaningfully impact her ability to address those concerns. Finally, we need to communicate the value of the relevant IG capabilities to her so she can evaluate whether she should support them in the service of getting her work done.

Every industry has relevant examples. Regardless of industry or domain, the key for IG practitioners is to focus on the business problem to be solved and then — and only then — to make connections to IG capabilities that could contribute meaningfully.

Piggyback Information Governance on Existing Initiatives

Once you understand what problems keep your key executives up at night and what IG capabilities could help address them, you need to find existing initiatives and piggyback the required IG work on them rather than trying to get new, standalone IG initiatives funded.

This isn’t to say the IG work you do in support of specific business initiatives won’t contribute to larger IG goals. It will, but it’s a different positioning.

For example, one goal of good IG is to manage information across its lifecycle from creation to disposition — but good luck getting the organization to fund the dollars and bodies required to enable ILM organization-wide. However, if your organization is subject to US or EU privacy regulations (CCPA, GDPR, etc.), meeting the requirements for managing consumer data to comply with these regulations happens to also support ILM for all data, consumer or otherwise. So supporting this more specific, tactical initiative can support larger IG goals at the same time — a win-win for you, your privacy stakeholders and the organization as a whole.

Conclusion

Making progress with information governance comes down to forgetting about IG for IG’s sake and instead delivering it to address business needs. Doing so requires you to speak the language of the business rather than the more narrow language of IG practitioners.

None of this is to say IG isn’t important — it absolutely is. It’s just that non-IG folks care about non-IG things, like what directly drives business success. So if you want IG to succeed, you need to speak their language and deploy your expertise to solve their problems first.

Rich Medina
Joe Shepley
I’m VP and Practice Lead, focusing on developing Doculabs’ InfoSec practice and its applications in a wide range of industries.