In previous blogs we have talked about the confusion between Information Management and Information Governance, and suggested there are two ways in which organizations can approach the task of implementing Information Governance.
We have already explored the traditional top-down approach, and in this blog we will now look at the alternative approach.
Information Governance as a roll-up
The overall objective of an Information Governance initiative is to apply rules and structure to the management of data as information. The bottom‑up approach meets this objective by implementing a series of individual projects or initiatives that can range from simple retention programs to the identification and management of data that can be defensibly deleted.
The bottom-up approach recognizes the complexity and risk associated with planning and delivering a single all-encompassing data management project to accomplish all the goals of an information management initiative. Any project that changes how data is managed has the potential to cause major disruption and significantly impact a company’s day-to-day business operations, so all data management projects need to be well‑planned and closely managed.
By breaking down the Information Governance initiative into a number of smaller projects, each of which addresses a specific aspect of the company’s overall strategy, it becomes more manageable and achievable. The net impact of these smaller projects when they are rolled together will still be the eventual achievement of the company’s Governance objectives.
Stakeholders work with IT to build the framework
Each data management project will be transactional by nature in that it will identify a set of data and then does some specific operations with that data. The high level objectives behind Information Governance provide an ongoing consistent methodology for managing data by its business value, and will guide each of the specific data management projects.
This is where stakeholders from outside the IT organization have a key role in each project. For instance, the objective of a project may be to eliminate PST files. In this case the legal department may have mandated the elimination of this data following an unexpected litigation expense, so now the IT organization and the legal team need to work together to determine the rules by which such data can be identified and eliminated.
The project will then codify these rules into policies that are part of whatever software or processes that are used to eliminate PST files. Whilst this is not at this stage a complete Information Governance framework, it is the start of one.
When the next project is tackled, for instance looking at compliance capture and management, the organization can revisit the rules it developed for the first project. Some rules can be reused, and enhanced or extended to cover specific compliance issues. Other policies and procedures will be new, specific to the compliance requirements. This project will not result in a complete Information Governance framework either, but the combination of what has been learned and codified for these two projects is starting to build a core of information governance.
Subsequent data management projects will continue to revisit what has already been developed. By re-using policies and procedures, organizations will be implementing what we term “grass roots governance” from the bottom-up. Eventually they will have put in place a good basic Information Governance framework, so subsequent projects can focus on outliers and unique conditions because the data management basics have already been addressed.
A key benefit of building Information Governance from the bottom up is that it is not intimidating and can be implemented on an as-needed basis by the stakeholders themselves. Existing business processes are not disrupted by a “new” governance initiative being handed down from above, and no lengthy committees are required to develop the framework. It can also be a simpler task to get rules codified by the legal team when they are assessing a real business problem with tangible real-world impact.
Stakeholders do not need to be convinced of the need, as each project solves a real business problem, with governance emerging as a secondary benefit from that project. It is easier to get stakeholder involvement for individual projects that they have a business interest in, rather than involving them in a high-level project to draw-up an overarching data retention strategy.
The biggest challenge with the bottom-up approach is that no single group can implement a project that manages unstructured data. The IT organization can implement software and processes, but they will rely on business stakeholders to define the rules and outline the policies. The legal team can’t implement a defensible deletion program without support from the IT organization and advice from the compliance team. Bringing together and managing such cross‑functional groups can be difficult.
The second challenge is that teams working on the various data management projects to “build” the Information Governance strategy have to continuously revisit what was developed for earlier projects. They need to build on those policies and procedures, rather than starting from scratch each time. It might be easier for them to ignore what’s already been done for previous projects and simply start anew, but this will do nothing for the organization’s Information Governance strategy and its ability to manage data by its value.
Managing data by its business value
Nowhere during this process has the actual “value” of data been defined, but procedures will have been developed that do place a value on data. The challenge with putting a value on data is that unstructured data such as email has a value which is both transient and has a half-life. Something that is highly valuable when first received may be relatively worthless 12 months later.
The top-down approach follows data as it moves through the business, to get an understanding of how its value changes and to determine the lifetime value of that data. In contrast, the bottom-up approach manages data as it is found today, and simply considers whether that data still has value at this point or whether it is worthless.
For either approach to work, the key is to have consistency in the rules and procedures that are put in place. With one, the rules are defined and applied broadly; with the other, the rules are identified as specific issues are tackled. But with both approaches, success will depend on how similar, how consistent, how logical, and how systematic these policies and procedures are. This will determine whether the organization has a good basis for sound Information Governance, and whether they can achieve the objective of managing data by its value at any stage of its life.