Information Governance is the setting of Objectives to achieve measurable Outcomes by People using information Assets in a life cycle Process that considers the impact of both Risk and Time.
That’s the one line definition that needs some expansion. We have to start at at the beginning and decide why we need Information Governance (IG) in the first place. That is the Objectives of IG.
Quarkside says that the primary objective of Information Governance is to use information, not to prevent its proper use. Information, from any data source, represents the added value of some data processing activity. Locking data away, without the ability to use it, only costs money; and may lose the opportunity for delivering additional benefits.
Having said that, information assets need to be held securely and lawfully with access provided to authorised people. In a public library, librarians acquire books, catalogue them and provide access as custodians of the collection. The librarians have added value when citizens search the catalogue and make use of the service. Citizens have their own Objectives about why they need to select a book. They obtain access to information Assets within the library governance structure.
Objectives are one of the primary dimensions of the 7 Dimensional Information Governance Framework (7DIG). The seven primary dimensions (Objectives, Outcomes, People, Assets, Process, Risk and Time) are intended to be MECE (Mutually Exclusive and Collectively Exhaustive). A typical list of secondary dimensions may not be MECE, being dependent on the context and priorities of any specific IG framework. For example, seven candidate secondary dimensions of Objectives could be:
- Policy: direction from political leaders in a business area, providing the vision for maximising the value of information held;
- Strategy: medium term initiatives and programmes leading to information sharing;
- Law: over-riding principles, regulations and statutes that must be obeyed; the Data Protection Act, the Freedom of Information Act and lots more;
- Constraints: local conditions, culture and practice that control Information Assurance (IA) and information sharing protocols;
- Scope: range of business area and organisational functions impacted by the IG Process;
- Context: external organisations and conditions interacting with the local IG regime;
- Specifications: definition of things that need to be done, capable of measurement and quality assurance.
Secondary dimensions are just things to think about when establishing an IG Policy, Strategy and Framework. They should not become part of a tick box culture. Corporate management needs to buy into them at the highest level.
The 7DIG Framework should focus on Outcomes and the value of using information, not purely the protection of information by an IA process. The next blog in the series will illustrate the importance of early consideration of the Outcomes desired by an organisation or partnership.