Information Governance

As per ARMA International, information governance is the overarching and coordinating strategy for all organizational information. It establishes the authorities, supports, processes, capabilities, structures, and infrastructure to enable information to be a useful asset and reduced liability to an organization, based on that organization’s specific business requirements and risk tolerance.

The Principles®

The Principles® (Generally Accepted Recordkeeping Principles®) constitute a widely leveraged global standard that identifies the critical hallmarks and a high-level framework of good practices for records management, records and information management (RIM), and information management programs.

Published by ARMA International in 2009 and updated in 2017, the Principles are grounded in practical experience and based on extensive consideration and analysis of legal doctrine and information theory. They are meant to provide organizations with a standard of conduct for governing information and guidelines by which to judge that conduct.

The Principles® include:

1.      Accountability

A senior executive (or a person of comparable authority) shall oversee the information management to appropriate individuals.

2.      Transparency

An organization’s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate, interested parties.

3.      Integrity

An information governance program shall be constructed so the information assets generated by or managed for the organization have a reasonable guarantee of authenticity and reliability.

4.      Protection

An information governance program shall be constructed to ensure an appropriate level of protection to information assets that are private, confidential, privileged, secret, classified, essential to business continuity, or that otherwise require protection.

5.      Compliance

An information governance program shall be constructed to comply with applicable laws, other binding authorities, and the organization’s policies.

6.      Availability

An organization shall maintain its information assets in a manner that ensures their timely, efficient, and accurate retrieval.

7.      Retention

An organization shall maintain its information assets for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements.

8.      Disposition

An organization shall provide secure and appropriate disposition for information assets no longer required to be maintained, in compliance with applicable laws and the organization’s policies.

 

The Principles® Maturity Model

The Principles® Maturity Model – which is based on the Generally Accepted Recordkeeping Principles®, as well as the extant standards, best practices, and legal/regulatory requirements that surround records management – is meant to be deployed as a quality improvement tool.

The Maturity Model describes for each Principle the characteristics of effective records management at five distinct levels of development: substandard, in development, essential, proactive, transformational.

The Maturity Levels include:

Level 1 – Substandard

This level describes an environment where records concerns are not addressed at all, are addressed minimally, or are addressed in a sporadic manner. Organizations at this level usually have concerns that the records programs will not meet legal or regulatory requirements and may not effectively serve their business needs.

Level 2 – In Development

This level describes an environment where there is a developing recognition that proper records handling has an impact on the organization and that the organization may benefit from a more defined records program. The organization is vulnerable to redress of its legal, regulatory, and business requirements because its practices are ill-defined, incomplete, nascent, or marginally effective.

Level 3 – Essential

This level describes the essential or minimum requirements that must be addressed to meet the organization’s legal, regulatory, and business requirements. Level 3 is characterized by defined policies and procedures and the implementation of processes specifically intended to improve records management. Level 3 organizations may be missing significant opportunities for streamlining the business and controlling costs, but they demonstrate the key components of a sound program and may be minimally compliant with legal, operational, and other responsibilities.

Level 4 – Proactive

This level describes an organization-wide, proactive records management program with mechanisms for continuous improvement. Records issues and considerations are routinized and integrated into business decisions. For the most part, the organization is compliant with industry best practices and meets its legal and regulatory requirements. Level 4 organizations can pursue the additional business benefits they could attain by increasing records availability, as appropriate; mining assets for a better understanding of client and customer needs; and fostering their organizations’ optimal use of assets.

Level 5 – Transformational

This level describes an organization that has integrated records management into its infrastructure and business processes such that compliance with the organization’s policies and legal/regulatory responsibilities is routine. The organization recognizes that effective records management plays a critical role in cost containment, competitive advantage, and client service. It implements strategies and tools for ongoing success.