link to ARMA about us

General Information                     
Overview
What is RIM?
RIM FAQs
Leadership                       
Board of Directors  
Executive Officers  
Staff Contacts  
Governance                      
Mission, Vision, Values  
Governance Policies and Procedures  
Code of Professional Responsibility  
Strategic Issues*  
Operating Plan*  
Board Minutes/Reports*  
State of the Association*  
Election Information*  
Chapters & Regions                              
Chapter Leadership Directory
Region Leadership Directory
Leadership Resources**
Chapter Listing
Awards                                                    
Awards
Cobalt Award
Educational Foundation  
Media Relations  
Advertising Information  

join ARMA

Member Benefits  
Membership Applications                                 
New Application
Renewal Application*
Industry Member Application
LINC Application
Networking Opportunities                            
ARMA iConference
Social Media Sites
Chapter Leadership Directory
Volunteer Opportunities                            
Task Forces
Officer Candidate Application*
Code of Professional Responsibility  

ARMA publications

What is RIM?  
Regulatory Updates           
Washington Policy Brief
Canadian Policy Brief
Global Policy Brief
Standards           
Standards & Best Practices
Glossary of RIM Terms
Information Management magazine  
Buyers Guide  
InfoPro Online*  
RIMinder Newsletter  
Newswire  
Washington Policy Brief  
Canadian Policy Brief  
Global Policy Brief  
Hot Topic  
Advertising Opportunities  

ARMA Resources

Standards           
Standards & Best Practices
Glossary of RIM Terms
Professional Competencies  
Code of Professional Responsibility  
Generally Accepted Recordkeeping Principles ®  
Training Programs  
Podcasts  
RIM Promotion Materials  
RIM 101  
Media Releases  
Job Search  
Risk Assessments  
Facilitator Resources
Social Media
Young Professional Resources

ARMA bookstore

New Releases  
Product Search  
View Order Status  

goto customer service

FAQs
Update Profile
Change Password
View Recent Purchases
Bookstore Order Status
Contact Us
Privacy Policy

My ARMA

Member Logon
Update Profile
Change Password
Account Preferences
Member Directory
Board Minutes*
Strategic Plan*

ARMA site map

   
   
 

 

ARMA International Maturity Model for Information Governance

A Picture of Effective Information Governance

The Maturity Model for Information Governance begins to paint a more complete picture of what effective information governance looks like. It is based on the eight GARP ® principles as well as a foundation of standards, best practices, and legal/regulatory requirements.

GARP ®
Principle
Level 1
(Sub-Standard)

Level 2
(In Development)

Level 3
(Essential)

Level 4
(Proactive)

Level 5
(Transformational)

Compliance
The recordkeeping program shall be constructed to comply with applicable laws and other binding authorities, as well as the organization’s policies.

There is no clear definition of the records the organization is obligated to keep.

Records and other business documentation are not systematically managed according to records management principles. Various groups of the organization define this to the best of their ability based on their interpretation of rules and regulations.

There is no central oversight and no consistently defensible position.

There is no defined or understood process for imposing "holds."

 The organization has identified the rules and regulations that govern its business and introduced some compliance policies and recordkeeping practices around those policies. Policies are not complete and there is no apparent or well-defined accountability for compliance.

There is a hold process, but it is not well-integrated with the organization’s information management and discovery processes.

 The organization has identified all relevant compliance laws and regulations.

Record creation and capture are systematically carried out in accordance with records management principles.

The organization has a strong code of business conduct which is integrated into its overall information governance structure and recordkeeping policies.

Compliance and the records that demonstrate it are highly valued and measurable.

The hold process is integrated into the organization’s information management and discovery processes for the “most critical” systems.

The organization has defined specific goals related to compliance.

 The organization has implemented systems to capture and protect records.

Records are linked with the metadata used to demonstrate and measure compliance.

Employees are trained appropriately and audits are conducted regularly.

Records of the audits and training are available for review.

Lack of compliance is remedied through implementation of defined corrective actions.

The hold process is well-managed with defined roles and a repeatable process that is integrated into the organization’s information management and discovery processes.

 The importance of compliance and the role of records and information in it are clearly recognized at the senior management and board levels.

Auditing and continuous improvement processes are well-established and monitored by senior management.

The roles and processes for information management and discovery are integrated.

The organization’s stated goals related to compliance have been met.

The organization suffers few or no adverse consequences based on information governance and compliance failures.

For each principle, the maturity model associates various characteristics that are typical for each of the five levels in the model:

  • Level 1 (Sub-standard): This level describes an environment where recordkeeping concerns are either not addressed at all, or are addressed in a very ad hoc manner. Organizations that identify primarily with these descriptions should be concerned that their programs will not meet legal or regulatory scrutiny.
  • Level 2 (In Development): This level describes an environment where there is a developing recognition that recordkeeping has an impact on the organization, and that the organization may benefit from a more defined information governance program. However, in Level 2, the organization is still vulnerable to legal or regulatory scrutiny since practices are ill-defined and still largely ad hoc in nature.
  • Level 3 (Essential): This level describes the essential or minimum requirements that must be addressed in order to meet the organization's legal and regulatory requirements. Level 3 is characterized by defined policies and procedures, and more specific decisions taken to improve recordkeeping. However, organizations that identify primarily with Level 3 descriptions may still be missing significant opportunities for streamlining business and controlling costs.
  • Level 4 (Proactive): This level describes an organization that is initiating information governance program improvements throughout its business operations. Information governance issues and considerations are integrated into business decisions on a routine basis, and the organization easily meets its legal and regulatory requirements. Organizations that identify primarily with these descriptions should begin to consider the business benefits of information availability in transforming their organizations globally.
  • Level 5 (Transformational): This level describes an organization that has integrated information governance into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine. These organizations have recognized that effective information governance plays a critical role in cost containment, competitive advantage, and client service.

Download Full .PDF Version of the GARP ® Information Governance Maturity Model.

Information Governance Maturity Model © 2010, ARMA International


Special thanks to our GARP® outreach sponsors:

   

 
     
 
about arma     advertising     join arma     your membership     contact arma     help   privacy policy


© 2012, ARMA International