Introduction to Information Governance (IG) and Certification
Business leaders may be aware of the importance of information governance. But are they taking a proactive approach to implementing it within your organization? Consider your company’s well-oiled supply chain for your financial management and reporting activities. Do you have a similar process in place for your information assets? If not, this is where you, the information governance professional, come into the picture.
What is Information Governance (IG)?
According to Gartner, information governance (IG) is “the specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles, and policies, standards, and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.” Essentially, the critical component of it is to ensure the proper management, protection, and retention of information assets so an organization can accomplish its primary objectives.
Why is Information Governance Important?
Information governance is more important than ever due to the myriad of risks associated with business assets including mishandling, attacks from cybercriminals, attacks from foreign governments, and simply losing information. With endless volumes of data to manage, organizations are confronted with the tireless challenge to stay compliant with federal and state regulations. With some of the most noteworthy data breaches occurring in 2018, risk heightens as data volume increases yearly. Needless to say, information governance is crucial to business nowadays.
Tackling Information Governance
So how do you ensure your IG program is running well? More importantly, how do you know you’re addressing the needs of your organization while protecting its assets? Here are some tips to keep in mind when implementing your organization’s IG strategy:
- Don’t get lost in the details – With so many terms for information governance out there, such as data governance, records management, information security, etc., it’s easy to get sidetracked. Stay focused and don’t obsess over the terminology.
- Speak up – Your organization may already have information governance incorporated in it’s IT department. However, your business needs individuals outside of IT, like you, to execute a comprehensive IG program.
- Find the right framework – All businesses have different needs, so find a methodology that works best for your company. Additionally, promoting the program’s benefits helps to create buy-in from all team members.
- Cover all the basics – Consider the “who, what, where, when, how, and why” in all your business processes, keeping in mind vendor accountability. Remember to map out how PHI and PII are accessed by application and who has access to it to determine gaps.
- Make IG part of your infrastructure – An all-hands-on-deck approach is essential to implement your IG program and get the needle moving. From onboarding, employment, evaluations, to exits, be sure to infiltrate information governance in your employee lifecycle and business processes.
- Keep testing – External testing of your network identifies opportunities for improvement and areas exposed to potential risk. With the ongoing measurement of your IG policy, your company will avoid noncompliance and costly legal fines in the long-run.
- Take the lead – When it comes time to implement your IG strategy, lead by example to show others your commitment to the successful rollout of the program. After all, you play an essential role in helping it reach its full potential.
By becoming a certified information governance professional, your business will benefit substantially. Not only will your company be assured your practitioners, vendors, and consultants are aware of IG best practices, but that the vital components are present to develop and maintain an effective RIM program. However, there are several certifications available, so it is essential to choose a certification that meets your organizational needs. Further, you may pursue multiple certifications to expand your knowledge of IG. Some of the most popular industry certifications include:
- Information Governance Professional (IGP) by ARMA International
- Certified Record Manager (CRM) and Certified Record Analyst by the Institute of Certified Record Managers (ICRM)
- Certified Information Professional (CIP) by AIIM
- Certified Information Privacy Professional (CIPP) and Certified Information Privacy Manager (CIPM) by the International Association of Privacy Professionals (IAPP)
- Certified Information Systems Auditor (CISA) by ISACA
- Certified Archivist (CA) by the Academy of Certified Archivists
- Certified E-Discovery Specialist (CEDS) by the Association of E-Discovery Specialists (ACEDS)
Lastly, it’s worth noting some associations offer certificate programs. Certificate programs are more accessible to complete and don’t require continuing education. For any professional looking to become a key player in your organization’s information governance, becoming certified is the ideal way-to-go.
Outsourcing Your Data Governance Needs
Implementing an information governance program in your organization can be an extensive task to take on. By partnering with a professional information management provider to outsource your records retention requirements, you’ll be enabled to stay on task with your company’s data governance objectives.
At Vital Records Control, we’re here to help you with all your governance and records retention needs. From document storage to document destruction, we design a customized solution to manage your information assets throughout their life cycle with your organization’s goals in mind.
About the author:
Andrew Ysasi, MS, CRM, FIP, CIPM, CIPP, CISM, PMP, IGP is the Vice President, Advocacy of Vital Records Control, and President of IG Guru®, an IG news organization to ensure relevant IG news is shared with the IG community.