ARMA 2013: Unique business needs force information governance to adaptDate: Dec 20, 2013
Information governance has a role in virtually all business aspects: Processes such as customer service, IT security and adhering to compliance regulations all rely on proper data management. As a result, it's important for records managers to understand exactly how an organization uses information when incorporating data governance processes, said Diane Carlisle, executive director of content at ARMA International.
When incorporating information governance, records managers must ensure data-related processes provide maximum business benefit, Carlisle said. In this SearchCompliance video Q&A from the ARMA 2013 International Conference and Expo in Las Vegas, she discusses how information governance processes should adapt to an increasingly data-driven business world.
Are technologies only part of the answer to the problem of cohesive records management? How do business processes or other factors play in the equation?
Diane Carlisle: Technology is really just the thing that gets us there, when we figure out where "there" is. I think the other key parts are the business processes. There might be a few companies in business just to make records, but there are not a lot of them. Records are a by-product of a business process that's apart from serving customers. Having that really great understanding of what those business processes are, and how that business process needs to use information, is really a critical part of building an information governance program that works for the organization, instead of against it.
More from ARMA 2013
New, emerging tech bring big challenges for info governance strategy
Cloud computing, mobility complicate e-discovery processes
There's the saying "If you don't know where you're going, any road will get you there." Well, any road can get you to some really bad places. Know where you're going, understand what the business does, understand the legal and regulatory requirements that are a part of that. Understand the people and resources that you have and what needs to be done, what the real requirements are.
Then you can say, "Okay, what technologies do we need to use? How do we need to implement those? What kinds of safeguards do we need to put into place? How do we build the records management discipline into the software, the technology that we deploy?"
You then have not only defensible disposition, but you've got a foundation from which you can adequately respond to customer service requests and other needs of the business. That's how information governance can help organizations.
What new skills and perspectives will professionals need in this changing business environment?
Carlisle: I think there's a whole body of knowledge around information security that we in records management have not typically used to our benefit. It's more and more important to learn that knowledge and to bring those skills in. It's not that any of us are going to replace an information security specialist, but surely you need to understand what the requirements are so that you can ensure that security is built into any information governance program that you're putting into place.
There's a huge area of skill development needed for information security. Another big area is privacy, and those two are pretty closely aligned. Sometimes security and privacy work together pretty well. You have got to, in this complex world, take more of a risk management kind of approach to information governance. You need to balance the risks and rewards because you can't lock down a system so much that you can't use it for business purposes.
At the same time, you can't have something so wide open so anybody can do whatever they want to with it and not have security. I think that another set of skills is risk assessment and risk mitigation in terms of what we require and what we're asking employees to do. If you ask them to do a lot for risk management while they're already focused on their core job, then you're kind of asking for trouble. So make it easy -- understand the risks and put a regime in place that provides a good balance of risk and reward for the organization.