Why Information Governance….instead of Records & Information Management?Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM

817.352.4929 or Angela.Fares@bnsf.com

May 12, 2015

Why Information Governance?

Explosive growth of information outside of traditional records and information management venues.

Challenges to maintenance of data integrity, availability, and data control in the face of massive volumes of data.

Technology advances that have culturally changed how we create, capture, use, retrieve, and manage records.

Regulatory requirements that require new measures of security and protection of information.

Regulatory requirements that require production of data rather than just records (information that is not a distinct physical document.

What is Information Governance?

“Security, control, and optimization of information”

Robert Smallwood

“Information governance is the activities and technologies that organizations employ to maximize the value of their information while minimizing associated risks and costs.”

Information Governance Initiative

“Comprehensive, holistic approach to information management that manages information throughout its lifecycle.”

Penny Quirk

Benefits

Retention of information in compliance with regulations, operating needs, and legal hold requirements.

Systematic disposition of information when it has no further legal or business value

Improved access to and preservation of needed information for both business and legal purposes.

Protection of private and sensitive information requiring heightened security controls and oversight.

Overall contribution to the mission and vision of an organization.

Key Components: Information Governance Steering Committee

Executive Leadership

Inclusive Representation

Working Teams

Information Stewards/Coordinators

Key Components: Information Governance Policy

Scope

Purpose

Objectives

Responsibilities

Standards

Key Components: Information Mapping

Retention Schedule

Discovery Data Maps

Application Profiles

Information Security and Data Classification Inventories

Privacy Data Flows

Historical Records Preservation

Vital Records Protection

Definitions

Key Components: Information Governance Strategy

Creating a common language of definitions

Process for management of physical records

Process for management of structured databases

Process for management of unstructured content: Email, collaborative environments, information shares, etc.

Process for risk-based assessments that are aligned with corporate goals and strategies

Key Components:Privacy and Security

Privacy Policy and Program

Data Loss Prevention

Data Minimization

Information Storage Program

Breach Response Program

Key ComponentsEmployee Training & Compliance

New employees

Existing employees

Contractors

Third Parties

Key Components:Discovery Readiness Program

Ensure that the discovery process is managed, executed, and documented in a repeatable and defensible manner.

Establish and communicate roles and responsibilities of each member of the discovery readiness team.

Comply with applicable state and federal laws as well as “best practice” guidelines and recommendations pertaining to discovery.

Reasonably respond to regulatory inquiries, discovery requests, and subpoenas in an efficient, effective, and fiscally responsible way.

Key Components:Measure and Adjust

Risk Assessments

Follow-Up

Monitoring

Controlled Self Assessments

Change Control

Project Team Participation

Key Components:Success Metrics! Number of employees that complete training on privacy and

information management.

Identification and elimination of duplicate, unstructured content on file shares using file analysis software.

Elimination of orphaned content from decommissioned systems, terminated employees, and abandoned projects.

Successful completion of intrusion detection, data leakage, or vulnerability testing.

Employees trained on information privacy, management, and security.

Successful defense against cyber attacks.

Reduced costs for discovery.

Reduction of storage space consumed.

Information Governance: A New Program

Future Challenges

Culture

Poor data quality

Cost

Risk

Privacy

Future Roles

Data Stewards

Information Governance Professionals

Project Managers

Business Analysts

Business Process Engineers

Information Analysts

Information Security Officers and Privacy Officers

Information Technology Auditors

Compliance or Information Officers