Atlas for Information Governance Rigorous Discovery. Value-Based Retention. Defensible Disposal. PSS Systems, an IBM Company

IMHO by Deidre Paknad

Introduction to IMRM and Preview of CGOC Information Governance Survey Results

Submitted by Deidre Paknad on Sat, May 8, 2010 - 4:28pm GMT
IMRM will be as important as EDRM as a catalyst for process improvement.
 
In many ways, it is more ambitious and constructive because it goes beyond the legal function to the enterprise.  Unlike traditional information lifecycle and case lifecycle models (including EDRM), IMRM illuminates the multiple stakeholders in information governance, their responsibilities and inter-dependencies, and the critical importance of linking legal duties and business value to information sources to enable defensible disposal.    I have been an active participant in the model’s development and lead the IMRM corporate sub-group which gathered corporate practitioner perspective on the model and the challenges of information governance. The perspective was gathered through the CGOC community (over 750 corporate members) and an information governance survey of corporate legal, IT and RIM professionals.   
 
Before I discuss the model, let me share some of the survey results which will be published in a full report in June:
  • 100% of survey respondents agreed that defensible disposal was the purpose of information governance practice.
  • 2/3s of IT and 1/2 of RIM respondents said their current responsibility model for information governance didn’t work
  • 80% of respondents had little or very weak linkage between legal obligations for information and records management and data management
  • Only 13% had a systematic process for linking holds to sources of data and records
  • 80% had retention schedules that applied to electronic information, but only 38% said IT followed these schedules
  • The single biggest pain point cited by RIM, IT and legal was lack of transparency and collaboration across stakeholders
What these results so clearly demonstrate is that companies are struggling to link legal obligations for information that arise in litigation and regulation and the business value of information to their actual information and data management practices.   They lack structural connections of holds and retention schedules to data and they lack collaborative and transparent processes between the stakeholder organizations. 
 
IMRM – A Catalyst for Transparency and A Responsibility Model
More than 90% of survey respondents felt the Information Management Reference Model (IMRM) could help them organize cross-functional efforts and serve as a management catalyst – exactly what we hoped in the drafting effort.    The “first generation” model is more of a responsibility model rather than a document or case lifecycle model. It helps to identify the stakeholders, define their respective “stake” in information and highlights the intersection and dependence across these stakeholders. IMRM can provide a framework for cross functional and executive dialogue and can serve as a catalyst for defining a unified governance approach to information that links value and duty to information assets. 
 
IMRM ModuleElements of IMRM
The information basics are distilled out and at the center of the model – with the notable inclusion of “dispose” as the end state of information.   Note the “information gates” in the middle, where information accumulates.    
 
The line of business has an interest in information proportional to its value – the degree to which it helps drive the profit or purpose of the enterprise itself.    Once that value expires, they quickly lose interest in managing it, cleaning it up, or paying for it to be stored.   One of the things that the IMRM does is distinguish value from regulatory obligation or IT efficiency.   The diagram defines the business group’s responsibility to define and declare the specific value of information; all data doesn’t have value and the value of data isn’t constant.
 
Legal and RIM on the left side are chartered typically to manage risk for the company. The diagram underscores that it is the legal department’s responsibility to define what to put on hold and what and when to collect data for discovery. Likewise, it is RIM’s responsibility to ensure that regulatory obligations for information are met including what to retain and archive for how long.   Together they both have an enormous role in how and when companies can dispose of data.   As with the business segment, it calls on legal and RIM to be specific about the duties for information – what they are and when those duties end.
 
IT stores and secures information under their management. Of course their focus is efficiency and they’re typically under huge pressure to increase efficiency and lower cost.   One of the most valuable aspects of the diagram is that it highlights that without collaboration and unified governance, IT doesn’t know and can’t speak to what information has value or what duties apply to specific information.   IMRM can help companies recognize that for IT to manage data efficiently, it is essential to link specific duties and business value to the information assets.
 
The inner ring of the diagram calls for that structural linkage of duty and value to information asset. This requires:
  1.  Policies that can be articulated in departmental procedure and are executable by IT in practice
  2. Specific rather than generic communication of legal holds and retention requirements that enables enterprise execution and disposal
The outer rings of diagram call for unified governance, which implies:
  1. Transparent cross-functional processes for legal holds, discovery, record retention, information value assessments, and information and data management
  2. The end of a silo approach to legal holds and record retention practices – these are enterprise rather than departmental processes
  3.  Unified vocabulary across stakeholders which recognizes and reconciles their different interests in information
 
Want More Information and A Toolkit for Your Company?
Listen in to the May 5th CGOC web meeting http://www.cgoc.com/introduction-to-imrm-webinar/ on IMRM for an overview of IMRM and to learn more about how it can galvanize dialogue and action across legal, RIM and IT stakeholders.   Using the PSS information governance process maturity model presented in this web meeting can help companies identify which practices impact disposal, which must and can be improved and what the specific risk and cost outcomes are for those improvements.  Harry Pugh, former executive vice president at Citigroup and long-time leader of their global information governance initiative, shares his experience organizing global responsibility models and catalyzing business involvement by demonstrating material cost savings.   

  

AttachmentSize
IMRM_V3.png82.2 KB

Interesting Model

Submitted by russ stalters on Wed, May 26, 2010 - 2:48pm GMT.

One thing that jumped out was the survey result:
100% of survey respondents agreed that defensible disposal was the purpose of information governance practice.

I think that the purpose of the information governance practice is broader than this. The other purpose is to support improving the quality of the information and the value it delivers to the organization.

I think the IMRM is an interesting step toward describing the interaction of the constituents for information governance. I need to listen to the webcast and hear what was presented to get a better feel for how this might apply to some of the work we are doing.