link to ARMA about us

General Information                     
Overview
What is RIM?
RIM FAQs
Leadership                       
Board of Directors  
Executive Officers  
Staff Contacts  
Governance                      
Mission, Vision, Values  
Governance Policies and Procedures  
Code of Professional Responsibility  
Strategic Issues*  
Operating Plan*  
Board Minutes/Reports*  
State of the Association*  
Election Information*  
Chapters & Regions                              
Chapter Leadership Directory
Region Leadership Directory
Leadership Resources**
Chapter Listing
Awards                                                    
Awards
Cobalt Award
Educational Foundation  
Media Relations  
Advertising Information  

join ARMA

Member Benefits  
Membership Applications                                 
New Application
Renewal Application*
Industry Member Application
LINC Application
Networking Opportunities                            
ARMA iConference
Social Media Sites
Chapter Leadership Directory
Volunteer Opportunities                            
Task Forces
Officer Candidate Application*
Code of Professional Responsibility  

ARMA publications

What is RIM?  
Regulatory Updates           
Washington Policy Brief
Canadian Policy Brief
Global Policy Brief
Standards           
Standards & Best Practices
Glossary of RIM Terms
Information Management magazine  
Buyers Guide  
InfoPro Online*  
RIMinder Newsletter  
Newswire  
Washington Policy Brief  
Canadian Policy Brief  
Global Policy Brief  
Hot Topic  
Advertising Opportunities  

ARMA Resources

Standards           
Standards & Best Practices
Glossary of RIM Terms
Professional Competencies  
Code of Professional Responsibility  
Generally Accepted Recordkeeping Principles ®  
Training Programs  
Podcasts  
RIM Promotion Materials  
RIM 101  
Media Releases  
Job Search  
Risk Assessments  
Facilitator Resources
Social Media
Young Professional Resources

ARMA bookstore

New Releases  
Product Search  
View Order Status  

goto customer service

FAQs
Update Profile
Change Password
View Recent Purchases
Bookstore Order Status
Contact Us
Privacy Policy

My ARMA

Member Logon
Update Profile
Change Password
Account Preferences
Member Directory
Board Minutes*
Strategic Plan*

ARMA site map

   
   
 

 

ARMA International Maturity Model for Information Governance

A Picture of Effective Information Governance

The Maturity Model for Information Governance begins to paint a more complete picture of what effective information governance looks like. It is based on the eight GARP ® principles as well as a foundation of standards, best practices, and legal/regulatory requirements.

GARP ®
Principle
Level 1
(Sub-Standard)

Level 2
(In Development)

Level 3
(Essential)

Level 4
(Proactive)

Level 5
(Transformational)

Protection
A recordkeeping program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, or essential to business continuity.

No consideration is given to record privacy.

Records are stored haphazardly, with protection taken by various groups and departments with no centralized access controls.

Access controls, if any, are assigned by the author.

 Some protection of records is exercised.

There is a written policy for records that require a level of protection (e.g., personnel records). However, the policy does not give clear and definitive guidelines for all records in all media types.

Guidance for employees is not universal or uniform. Employee training is not formalized.

The policy does not address how to exchange these records between employees.

Access controls are still implemented by individual record owners.

 The organization has a formal written policy for protecting records and centralized access controls.

Confidentiality and privacy are well defined.

The importance of chain of custody is defined, when appropriate.

Training for employees is available.

Records and information audits are only conducted in regulated areas of the business. Audits in other areas may be conducted, but are left to the discretion of each function area.

The organization has defined specific goals related to record protection.

 The organization has implemented systems that provide for the protection of the information.

Employee training is formalized and well documented.

Auditing of compliance and protection is conducted on a regular basis.

 Executives and/or senior management and the board place great value in the protection of information.

Audit information is regularly examined and continuous improvement is undertaken.

The organization’s stated goals related to record protection have been met.

Inappropriate or inadvertent information disclosure or loss incidents are rare.

For each principle, the maturity model associates various characteristics that are typical for each of the five levels in the model:

  • Level 1 (Sub-standard): This level describes an environment where recordkeeping concerns are either not addressed at all, or are addressed in a very ad hoc manner. Organizations that identify primarily with these descriptions should be concerned that their programs will not meet legal or regulatory scrutiny.
  • Level 2 (In Development): This level describes an environment where there is a developing recognition that recordkeeping has an impact on the organization, and that the organization may benefit from a more defined information governance program. However, in Level 2, the organization is still vulnerable to legal or regulatory scrutiny since practices are ill-defined and still largely ad hoc in nature.
  • Level 3 (Essential): This level describes the essential or minimum requirements that must be addressed in order to meet the organization's legal and regulatory requirements. Level 3 is characterized by defined policies and procedures, and more specific decisions taken to improve recordkeeping. However, organizations that identify primarily with Level 3 descriptions may still be missing significant opportunities for streamlining business and controlling costs.
  • Level 4 (Proactive): This level describes an organization that is initiating information governance program improvements throughout its business operations. Information governance issues and considerations are integrated into business decisions on a routine basis, and the organization easily meets its legal and regulatory requirements. Organizations that identify primarily with these descriptions should begin to consider the business benefits of information availability in transforming their organizations globally.
  • Level 5 (Transformational): This level describes an organization that has integrated information governance into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine. These organizations have recognized that effective information governance plays a critical role in cost containment, competitive advantage, and client service.

Download Full .PDF Version of the GARP ® Information Governance Maturity Model.

Information Governance Maturity Model © 2010, ARMA International


Special thanks to our GARP® outreach sponsors:

   

 
     
 
about arma     advertising     join arma     your membership     contact arma     help   privacy policy


© 2012, ARMA International