If your CEO asked you to assess the condition of your information governance (IG) program, how would you respond? You might begin at the core of any comprehensive IG program: your records and information management (RIM) practices. If your organization is among the 13% who recently reported they don’t have a RIM program, you’re already in trouble.
The good news is that most of the organizations that participated in the 2013/2014 Information Governance Benchmarking Survey conducted by Cohasset Associates, ARMA International, and AIIM International (87%), confirmed they have a RIM program. The fact that few organizations (12%) fully integrate RIM and the other key IG disciplines – compliance, security, IT, risk management, audit – is the not-so-good news. Some of the other findings of note are:
- At 78%, the greatest challenge RIM programs face is changing the keep-everything culture that pervades too many organizations.
- 42% said their programs are mature (according to the Information Governance Maturity Model) in protecting private, confidential, and sensitive information.
- 27% gave their programs a mature rating with regards to handling ESI as part of the legal hold process.
- 74% reported they have a legal holds process in place, and 72% think it is generally efficient and effective.
- The top three IG disciplines RIM is most integrated with are privacy (39%), information security (38%), and legal holds (36%).
- Only 35% train all employees on what information to manage and how to manage it at least every two years; more than 50% basically don’t provide any training to employees.
- 45% have either incorporated (18%) or are in the process of adding (27%) RIM compliance to service provider contracts.
ARMA International has many resources to help you determine your IG program’s strengths and weaknesses. The best place to start is with the new Information Governance Assessment – a software platform you can use to identify information-related compliance across the enterprise, drive improvements, and develop metrics for measuring your IG program’s maturity.
Based on the Generally Accepted Recordkeeping Principles® and the Information Governance Maturity Model, whose concepts are widely acknowledged as critical to assessing information risk across an organization, the assessment addresses:
- IG requirements included in the Foreign Corrupt Practices Act, the Sarbanes-Oxley Act, the Dodd-Frank Act, and COSO guidance
- IG roles and responsibilities
- Aligning IT with IG
- Auditing records and information integrity
- Information security
- Third-party IG concerns
- Guarding against improper information disclosure
- Disaster recovery of electronic records
- IG compliance issues
- Litigation holds and e-discovery
- The sufficiency of IG training and documentation
For more information, visit: http://www.arma.org/r2/generally-accepted-br-recordkeeping-principles/ig-assessment.