ARMA International Maturity Model for Information Governance

    ARMA International

    Information Governance

    Maturity Model 

    Information is one of the most vital, strategic assets organizations possess. They depend on information to develop products and services, make critical strategic decisions, protect property rights, propel marketing, manage projects, process transactions, service customers, and generate revenues. This critical information is contained in the organizations' business records.

    It has not always been easy to describe what "good information governance" looks like. Yet, this question gains in importance as regulators, shareholders, and customers are increasingly concerned about the business practices of organizations.

    ARMA International recognized that a clear statement of "Generally Accepted Recordkeeping Principles®" (The Principles) would guide:

    • CEOs in determining how to protect their organizations in the use of information assets;
    • Legislators in crafting legislation meant to hold organizations accountable; and
    • Records management professionals in designing comprehensive and effective records management programs.
    The Principles identify the critical hallmarks of information governance, which Gartner describes as an accountability framework that "includes the processes, roles, standards, and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals." As such, they apply to all sizes of organizations, in all types of industries, and in both the private and public sectors. Multi-national organizations can also use The Principles to establish consistent practices across a variety of business units.

    A Picture of Effective Information Governance

    The Maturity Model for Information Governance begins to paint a more complete picture of what effective information governance looks like. It is based on the eight Principles as well as a foundation of standards, best practices, and legal/regulatory requirements. The maturity model goes beyond a mere statement of the principles by beginning to define characteristics of various levels of recordkeeping programs. For each principle, the maturity model associates various characteristics that are typical for each of the five levels in the model:

    • Level 1 (Sub-standard): This level describes an environment where recordkeeping concerns are either not addressed at all, or are addressed in a very ad hoc manner. Organizations that identify primarily with these descriptions should be concerned that their programs will not meet legal or regulatory scrutiny.
    • Level 2 (In Development): This level describes an environment where there is a developing recognition that recordkeeping has an impact on the organization, and that the organization may benefit from a more defined information governance program. However, in Level 2, the organization is still vulnerable to legal or regulatory scrutiny since practices are ill-defined and still largely ad hoc in nature.
    • Level 3 (Essential): This level describes the essential or minimum requirements that must be addressed in order to meet the organization's legal and regulatory requirements. Level 3 is characterized by defined policies and procedures, and more specific decisions taken to improve recordkeeping. However, organizations that identify primarily with Level 3 descriptions may still be missing significant opportunities for streamlining business and controlling costs.
    • Level 4 (Proactive): This level describes an organization that is initiating information governance program improvements throughout its business operations. Information governance issues and considerations are integrated into business decisions on a routine basis, and the organization easily meets its legal and regulatory requirements. Organizations that identify primarily with these descriptions should begin to consider the business benefits of information availability in transforming their organizations globally.
    • Level 5 (Transformational): This level describes an organization that has integrated information governance into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine. These organizations have recognized that effective information governance plays a critical role in cost containment, competitive advantage, and client service.

    View the Maturity Model for each of the Principles:

    Accountability Compliance
    Transparency Availability
    Integrity Retention
    Protection Disposition


    Download the complete Information Governance Maturity Model

    How to Use the Maturity Model

    The Information Governance Maturity Model will assist an organization in conducting a preliminary evaluation of its recordkeeping programs and practices. Thoughtful consideration of the organization's practices should allow users to make an initial determination of the maturity of their organization’s information governance. Initially, it is not unusual for an organization to be at differing levels of maturity for the eight principles. It is also important to note that the maturity model represents an initial evaluation. In order to be most effective, a more in-depth analysis of organizational policies and practices may be necessary.

    The maturity model will be most useful to leaders who wish to achieve the maximum benefit from their information governance practices. Effective information governance requires a continuous focus. But in order to get started, organizations can look to the steps below:

    1. Identify the gaps between the organization's current practices and the desirable level of maturity for each principle.
    2. Assess the risk(s) to the organization, based on the biggest gaps.
    3. Determine whether additional information and analysis is necessary.
    4. Develop priorities and assign accountability for further development of the program.

    ARMA International has a variety of resources and assessment tools available that will help organizations take the next steps in improving their information governance practices. One example is our Information Governance Assessment. Learn more here!

    © 2016, ARMA International