Information Governance Best Practices

A compliant information governance program is necessary for organizations to proactively and progressively manage all data, media and information. As the number of regulations governing information governance continues to increase as well as the number of potential information sources it is mandatory that businesses create, implement and execute best practices in records and information management. The best practices must include the entire lifecycle of a document, regardless of media or format, and should address:

·       Creation/Receipt

o   Taxonomy

o   Standard classification

o   Application of a functional, enterprise-wide retention schedule – auto-classification based on business rules

·       Management

o   What is a record in the enterprise?

o   What are the vital records for the enterprise?

o   How are vital records protected?  How are they made available?

o   What is included in each record as data is gathered or created?

o   What is not included? 

o   What is the migration plan for records  as technology evolves?

o   Where are they expected to reside? 

·       Ultimate Disposition

o   When to apply the retention schedule?  Is it based on fiscal year or an event?

o   What happens to each record as is no longer useful?  Is it archived for historical purposes or destroyed? 

o   Are the permanent/historical records saved in a manner in which they are protected and preserved for retrieval 10, 20, 50, 100 years from now?

 

 

Best practices must be consistent and be applied regardless if there is only one employee or an international business.  A solid information governance program will include:

·       Establishment of an Information Governance Program

·       Establishment of a Records Program

·       Records Liaisons for functional business units

·       Publication of easy to use procedures for the creation, indexing, access, retention, storage, holds, destruction and possible migration

·       Frequent and regular communication with end users about records and information creation and protection

·       Software to track the lifecycle and ultimate disposition of records and information

·       A retention schedule and program to guide how to identify a record, what is kept and how long the retention is

o   All media and formats

o   Legal and operational research to backup the periods and why they were selected

o   Legal and audit hold requirements

·       Establish audit and audit reporting to ensure compliance

·       Yearly purging and archiving

·       Scheduled reviews of and revisions to ensure compliance with new laws, regulations and precedent