It's 833 Information Governance Chapter 7 Business Considera

Its 833 Information Governancechapter 7business Considerations For A

Understand the critical aspects of implementing a successful Information Governance (IG) program. Key topics include differentiating between structured and unstructured data, understanding the challenges posed by unstructured information such as email and social media, and applying full cost accounting (FCA) to assess information-related expenses. The discussion explores how an IG-enabled organization differs from one that is not, emphasizing the importance of the business case for IG, which highlights long-term benefits such as risk reduction, improved information quality, streamlined retention, and better cost management.

Address the challenges of managing unstructured data, which is growing at a rate faster than structured data, and how this growth complicates management due to its horizontal, informal, and ownership issues across the organization. The importance of calculating information costs—including storage, labor, overhead, e-discovery, and opportunity costs—is underscored to develop a comprehensive view of information-related expenses.

The concept of full cost accounting (FCA) is introduced, breaking down total cost of ownership (TCO) and return on investment (ROI) models, which incorporate direct, indirect, immediate, and future costs. The chapter emphasizes that FCA supports better decision-making by providing a holistic view of costs associated with information assets and management practices.

Additionally, the chapter reviews the development of an effective IG policy through adherence to the 8 Generally Accepted Recordkeeping Principles®: accountability, transparency, integrity, protection, compliance, availability, retention, and disposition. The IG Reference Model (IGRM), developed collaboratively by ARMA International and CGOC to facilitate communication among stakeholders, underscores the importance of understanding roles, workflows, and the lifecycle of information management.

Best practices in IG policy formation include tailoring policies to organizational needs, and the standards landscape involves de jure standards (legally established by authorities such as ISO, ANSI, NIST) and de facto standards (industry consensus or widely adopted practices like Windows OS). Standards support quality, interoperability, and cost reduction, but may introduce flexibility constraints and require ongoing maintenance and updates.

Key standards relevant to IG encompass risk management frameworks (ISO 31000), information security (ISO/IEC 27001, 27002, 38500), records and e-records management (ISO 15489 series, ISO 30300/30100), and regional and national standards such as U.S., Canadian, UK, and Australian directives. Long-term digital preservation standards, including PDF/A-2 and ISO 14721 ( OAIS model), are essential for maintaining historical and vital records over time.

Business continuity management, guided by standards like ISO 22301, ensures organizational resilience through prepared disaster recovery and threat assessment strategies. Effective IG policies incorporate organizational goals, clear authority lines, executive support, comprehensive communication and training, relevant metrics, testing, auditing, and mechanisms for feedback and enforcement. Consideration of organizational culture enhances the likelihood of successful implementation.

Paper For Above instruction

The importance of effective information governance (IG) in contemporary organizations cannot be overstated. As data volumes continue to grow exponentially, particularly unstructured data such as emails, social media, and documents, organizations face increasing challenges in managing, securing, and leveraging their information assets. An IG program aims to establish structured processes and policies that ensure information is managed consistently, securely, and in compliance with legal and regulatory requirements, all while supporting organizational objectives.

One of the fundamental distinctions in IG is between structured and unstructured data. Structured data, stored in databases with predefined schemas, is easier to manage and analyze. Conversely, unstructured data—comprising emails, Word documents, social media content—accounts for the majority of organizational information and is growing at a faster rate, approximately 50% faster than structured data. Managing this unstructured information presents unique challenges due to its horizontal dissemination across various departments, lack of formal classification, ownership ambiguities, and storage complexity. These challenges necessitate tailored management strategies and technological support systems that can handle its volume, variety, and velocity.

The challenge of unstructured data is compounded by its proliferation, which has significant cost implications. Storage costs are rising, yet organizations often focus on short-term expenditures ignoring future expenses. Labor costs, especially for knowledge workers involved in creating and managing information, form a substantial part of total costs. Overhead expenses, dark information (unused or hidden data), and the costs associated with electronic discovery and litigation further increase overall information management expenses. These costs underscore the need for comprehensive cost accounting models—full cost accounting (FCA)—which capture direct, indirect, immediate, and future costs to provide a clearer picture of the total ownership costs related to information assets.

FCA supports organizations in making informed decisions regarding their information management strategies. It involves evaluating the total cost of ownership (TCO), considering factors like storage, labor, legal costs, and potential risk exposure. ROI frameworks are used to measure the value derived from IG initiatives, emphasizing long-term gains such as risk mitigation, improved compliance, better data quality, and efficiency gains. Incorporating FCA into decision-making processes provides a holistic perspective that can justify investments in IG technologies and practices, especially given the long-term nature of data retention and compliance obligations.

Effective IG policies are built around principles like accountability, transparency, integrity, protection, compliance, availability, retention, and disposition, as outlined by the Generally Accepted Recordkeeping Principles®. The ARMA International and CGOC-developed IG Reference Model (IGRM) supports these principles by delineating cross-functional responsibilities, workflows, and the information lifecycle. The IGRM emphasizes that information management is critical across all organizational stages, encouraging proactive engagement and consistent application of standards and best practices across departments.

Standards are vital in ensuring quality, compatibility, and compliance within IG programs. De jure standards are formal regulations or guidelines published by recognized bodies, such as ISO, ANSI, and NIST. Conversely, de facto standards emerge through industry consensus and widespread adoption, like Windows OS. Both types of standards contribute to interoperability, cost efficiency, and risk reduction, although they may also introduce constraints related to flexibility and ongoing maintenance.

Key standards relevant to IG include frameworks for risk management (ISO 31000), information security (ISO/IEC 27001, 27002), and high-level governance (ISO 38500). Records management standards like ISO 15489 and ISO 30300/30100 establish principles for creating, maintaining, and disposing of records systematically, thereby ensuring the integrity and evidentiary value of organizational information. Regional standards, such as the U.S. DoD 5015.2, Canadian CAN/CGSB, and the UK’s MoReq, provide additional guidance tailored to legal environments and digital recordkeeping needs.

For long-term digital preservation, standards such as PDF/A-2 and ISO 14721 (OAIS model) facilitate data integrity over extended periods, safeguarding organizational memory. Business continuity management standards like ISO 22301 delineate requirements for establishing resilient operations that can withstand disruptions and recover swiftly, vital for maintaining organizational stability in the face of adverse events.

Implementing appropriate IG policies requires careful planning. Strategies should align with organizational goals, delineate clear authority lines, and secure executive sponsorship. Communication, training, and stakeholder engagement are essential to foster a culture of compliance and awareness. Metrics and audits help measure effectiveness, and feedback mechanisms reinforce continuous improvement. Enforcement policies and penalties ensure accountability, while cultural considerations foster organizational buy-in, altogether promoting a sustainable IG program.

In conclusion, establishing comprehensive information governance hinges on understanding the nature of organizational data, applying rigorous standards, and embracing a proactive management ethos supported by strong policies and leadership. As data continues to evolve in volume and complexity, organizations must adapt their strategies, leveraging standards, cost models, and best practices to secure and optimize their information assets for long-term value and compliance.

References

• ISO. (2001). ISO 15489-1: Information and Documentation – Records Management. International Organization for Standardization.
• ISO. (2011). ISO 30300:2011. Information and Documentation – Management Systems for Records – Fundamentals and Vocabulary. International Organization for Standardization.
• ISO. (2005). ISO 14721:2012. Space Data and Information Transfer Systems—Open Archival Information System (OAIS) Reference Model.
• ISO/IEC. (2005). ISO/IEC 27001:2005. Information Security Management Systems – Requirements.
• ISO/IEC. (2005). ISO/IEC 27002:2005. Code of Practice for Information Security Controls.
• ISO. (2008). ISO 38500:2008. Governance of IT for the Organization. International Organization for Standardization.
• ARMA International. (2012). Generally Accepted Recordkeeping Principles®. ARMA International.
• U.S. Department of Defense. (2002). DoDI 5015.2: Department of Defense Records Management Program.
• Canadian Government. (1993). CAN/CGSB-72.11-93: Electronic Records as Documentary Evidence.
• Australian Government. (2014). ISO 16175 series: Principles and functional requirements for records in electronic office environments.