« So Why Don't Server Vendors Focus More On Storage? | Main | More On Thin Clients »

August 01, 2007

Information Governance

No, not IT governance.  Information governance.

OK, if you're a regular reader of this blog, you know my rant.

  • information is becoming the most important business asset in the world.
  • someone's going to have be the "CFO of information".
  • and you're going to need new tools -- information infrastructure -- to do this.

At most companies, there's pretty good governance around something else that's important -- financials. 

What about information governance?

The need is clear -- at least to me!

Let's start with a simple question -- who defines your information retention policy? 

Or, more importantly, how was it defined?

If you're like most organizations, at some point did some people got together, put their heads together, and made a recommendation?

The answer is probably "yes".

Were the right voices at the table?  Was there some sort of balanced scorecard evaluation that took into account risk avoidance, cost reduction and value generation?  Were the results measured and reported on?

And did the team reconvene periodically to review the situation, take light of recent developments, and suggest new recommendations?

The answer is probably "no".

Now, repeat the question for email archiving.  Or how you manage customer information.  Or employee information.  Or financial information.  Or, if you're Google, how you manage search records.  How long you keep backups.  Do we need audit trails?

Or ... well, you get the idea. 

If it's information, and it's being captured, at some point there will be really gnarly questions around how comapnies balance risk, cost and value.

The traditional answer is that the application owner (or business unit) owns that problem.  Well, we've learned not to do that with money, right?  Financial management and governance is a corporate issue, because the stakes are so high.

Bottom line: these questions of "how do we manage information at a corporate level?" are all over the place  if you look around, and more are coming every day.

And, rather than try and address them individually in an ad-hoc manner -- with limited participation, measurement and evolution, the idea is to create a role of information governance function within the organization.

Some people think this is a great place to use consultants.  I'd offer that consultants can help, but the problem needs to be owned by some part of the business -- hence the need for information governance.

Interest is growing -- from what I can see.

I've mentioned before that I get to spend a lot of time with customers.  This also is a very valuable resource for trying out new ideas and thoughts, and seeing how they resonate.

When I'm talking to my traditional audience of technology people who are hip-deep in issues around running IT, they tend to agree -- life would be easier if someone would just tell them how they'd like the information managed. 

But asking an operational IT person to figure all of this stuff out is asking a lot of someone.

Occasionally, I get to meet more senior people who've spent time on the business side of IT.  And, for them, this is a very powerful and meaty topic.  They really want to talk about it.

They have an appreciation that there's a new concern.  They know that there's a lot at stake.  And they know how good governance functions can help manage risk and create good outcomes for painful, cross-functional problems where there's no simple and obvious answer.

And they really like the idea.  Some have even started moving down the road.

Organizational and evolutionary models

The first step seems to be a "working group" at a relatively senior level.  Ideally, there are three roles that need be present. 

  • One role (person or people) can speak to the risk side of the equation.  Think legal, or finance, or a security officer if you have one.
  • One role can speak to the cost side of the equation.  Think IT, usually.
  • One role can speak to the value generation side of the business, e.g. we keep this information around because we think we can use it to make more money for the company.

If there are only one or two of these roles at the table, it's not a complete discussion.  As an example, in pursuit of risk reduction, costs escalate and value-generation opportunities are missed.  Or, if it's all about value generation, the company can be exposed to new forms of risk.  Lots of good examples here.

From what I've heard, the initial steps of the working group are to (a) validate that this is a problem, (b) make sure the right voices are at the table, and (c) gain the commitment from team participants to be involved for the long haul.

The next step seems to be contextual education. 

Put the existing situation on the table so everyone can see what's being done today -- warts and all.  Have people present on new regulations, best practices outside the company, etc.  Spend whatever weeks or months are needed to create a common context around the problem and what's going on around it.

The step after that seems to be hashing out some guiding principles. 

Yes, I know that's boring stuff, but you'd be amazed how often you come back to the guiding principles when you're wrestling with a specific issue.  Consider it up-front investment work.

After those first three activities, it seems to get into high gear. 

There's an agenda of problem areas, working teams are assigned, they go off, study the problem, and come back with recommendations, which are reviewed by the governance team.  Once the recommendations are implemented, there are periodic report-backs as to the results, or if something new is learned.

Maybe a workstream on email.  Or another on user file systems.  Maybe 7-12 workstreams.  And someone to help organize and schedule the team's activities.

The team is now equipped to conduct a regular cadence on these issues: identifying the challenge, assigning the team, getting recommendations, approving policy, measuring results and revisiting when necessary.

Yep, it sounds like a lot of work.  Hard things usually are ...

Impact and outcome

I have met some (but not many) organizations that have had information governance teams up and running for a number of months, and have started to see the effects.

First, everyone's a bit less anxious about information issues.  The IT guys know there's a policy function that they're represented on, and it makes their life easier.  The legal guys feel better.  The finance guys feel better.

The business unit guys may or not feel better, but they're not big fans of corporate governance to begin with.  Such is life.

Secondly, (from a selfish EMC perspective) important information management projects move ahead.  They get after email archiving, and information security, and file system mgmt, and ECM, and ... all those darn cross-functional projects that don't have clear ownership outside IT. 

They're now "owned" by the information governance team.

I think most importantly, there's a new appreciation outside of IT of just how important information is, and how businesses need to start looking at it the same way they've looked at money in the past.

Just about every business person I've met is pretty smart about managing money, budgets, finances, etc.  And I think that, over time, they'll be just as smart about managing information.

So, where are you on this?

Do you have some sort of information governance function at your company?  If so, what does it look like, and what have the experiences been?

If not, do you agree with the need for one?  And are the conditions right to bring up the topic?

Let me know ... thanks!

Posted at 01:25 PM in Being An Informationist, Big Ideas (hopefully ...), EMC Viewpoint, Information Infrastructure |

Digg This | Save to del.icio.us

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/1106103/20514186

Listed below are links to weblogs that reference Information Governance:

Comments

Chuck, why wouldn't this fall under the domain of the CIO? C-level roles are almost always cross-functional. It may be that some CIOs view their roles strictly as IT czars, but I suspect most of them see information governance as their primary job responsibility (even though they might have other words for it).

Posted by: Marc Farley | August 01, 2007 at 05:34 PM

Well, I've met more than a few in my travels, and how they view their job varies widely. If you go buy the book on Enterprise Architectures that I like so much, there's a cogent explanation as to why that might be.

But there's something else that's important here. Governance implies cross-functional representation outside of any one function.

Put differently, if the CIO thinks it's IT's job, that's what it will be, and it won't be viewed as a business problem.

The few companies that I've met that are doing this well have made sure that -- even though IT is fully engaged -- it's positioned as a corporate issue, and not an IT one ...

Thanks for reading!

Posted by: Chuck Hollis | August 01, 2007 at 06:35 PM

Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.

If you have a TypeKey or TypePad account, please Sign In

Chuck Hollis


  • Chuck Hollis has been with EMC for 12 years, and is Vice President of Technology Alliances at EMC. He frequently speaks to customer audiences about a variety of technology topics, and can usually be counted on for an interesting point of view. He lives in Holliston, MA with his wife, three kids and two dogs when he's not travelling. Chuck enjoys piano, mountain bking and skiing -- in that order.

Categories

Archives

More...

Subscribe to this blog's feed

General Housekeeping

  • Frequency of Updates
    I try and write something new 1-2 times per week; less if I'm travelling, more if I'm in the office. Hopefully you'll find the frequency about right!
  • Comments and Feedback
    I'm going to be approving comments before they get posted here. Any information you can share about who you are, how to contact you, what you do for a living, etc. would very much be appreciated.

Interesting books for the cognescenti

Regular Reads