The second of the Public Administration Select Committee (PASC) 12 questions, asks:
2. How effective are its governance arrangements?
There does not appear to be an agreement on what constitutes “governance arrangements” for policy. Information governance is complex – just look at the complexity of the definitions. Each department, government agency and local authority has its own opinion on what is the policy and how to implement it. There’s no obligation to follow internal processes, let alone any Cabinet Office pronouncement.
There are some areas of security and privacy competence in following CESG policy. The codes of connection between networks is one good example. Policy should also include keeping an information asset register; most organisations do not have one. People cannot control what they don’t know exists, nor where it is located, nor who is responsible for governance.
Quarkside identifies seven dimension of information governance that attempts to cover the whole policy domain.
- Objectives
- Outcomes
- People
- Assets
- Process
- Risk
- Time
Each dimension needs separate consideration in departmental policy. Together with inter-relationships, all dimensions need a control process. At an operational level there is an opportunity to promote the virtues of Prince2 for projects and ITIL for continuous service management and control. The policy should be to use these standards.
Briefly, there is a need for cross government governance arrangements, but they aren’t obviously published. Without enforceable standards, it is difficult to see how to change the culture of indifference to information governance. Will Martha Lane Fox’s appeal for standards result in any action?