Maximizing the Value of Information Applying RIM Principles ...

Maximizing the Value of Information Applying RIM Principles ...

Maximizing the Value of Information Applying RIM Principles and Technology for Managing Records and Information Presenters: Margaret Hermesmeyer, MLIS, CRM Kevin Waldrup, MBA, CRM Chief, Records Management Division Records Management Administrator Office of the Attorney General of Texas City of Austin Health & Human Services Department Learning Objectives Upon completion of this seminar, participants will be able to: Identify how The Generally Accepted Recordkeeping Principles (the Principles) may be applied to electronic records and information

Identify appropriate information management practices that are compliant with the Principles Recognize how an organization may improve compliance, efficiency and effectiveness of information management by appropriately applying the Principles and technology Recognize how an organization may maximize the value of its information by appropriately applying the Principles and technology The Generally Accepted Recordkeeping Principles The Generally Accepted Recordkeeping Principles Citation and Copyright Information

About ARMA International and the Generally Accepted Recordkeeping Principles ARMA International (www.arma.org) is a not-for-profit professional association and the authority on information governance. Formed in 1955, ARMA International is the oldest and largest association for the information management profession with a current international membership of more than 10,000. It provides education, publications, and information on the efficient maintenance, retrieval, and preservation of vital information created in public and private organizations in all sectors of the economy. It also publishes Information Management magazine, and the Generally Accepted Recordkeeping Principles. More information about the Principles can be found at www.arma.org/principles. The Principles ARMA International The Generally Accepted Recordkeeping Principles The Principles provide characteristics of an effective information governance program

Information Governance (IG) is defined several ways: Gartner defines IG as: An accountability framework that includes the processes, roles, standards, and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals The Institute for Information Governance defines it as: IG is the policy-based control of information to maximize value and meet legal, regulatory, risk, and business demands The Principles ARMA International The Generally Accepted Recordkeeping Principles Records and Information Management (RIM) is a critical part of IG

Examples of other industry accepted principles ARMA defines RIM as: The management of recorded information, regardless of medium or characteristics, made or received and retained by an organization in pursuance of legal obligations or in the transaction of business Generally Accepted Accounting Principles (GAAP) Generally Accepted Privacy Principles (GAPP) The Generally Accepted Recordkeeping Principles align with ISO 15489 ISO 15489 is the International Standard for Information and Documentation -Records Management: Part 1 is General and Part 2

provides Guidelines The Principles ARMA International The Generally Accepted Recordkeeping Principles The Life Cycle of Information and Records Inactiv e Phase Infreque Infreque nt nt use use & & access access Need Need to to maintain maintain

until until records records retention retention period period has has been been met met Activ e Phas e Frequ Frequ ent ent Use Use & &

Acces Acces ss Crea te or Rece ive Dispo sition Destro Destro y y or or Transfe Transfe rr (For (For example, example, transfer

transfer to to an an archives) archives) The Principles ARMA International The Generally Accepted Recordkeeping Principles 8 Principles Accountability Integrity

Protection Compliance Availability Retention Disposition Transparency The Principles ARMA International The Generally Accepted Recordkeeping Principles 1) Principle of Accountability An organization shall assign a senior executive who will oversee a recordkeeping program and delegate program responsibility to appropriate individuals, adopt policies and procedures to guide personnel, and ensure program auditability. The Principles ARMA International The Generally Accepted Recordkeeping Principles 2) Principle of Integrity

An information governance program shall be constructed so the information generated by or managed for the organization has a reasonable and suitable guarantee of authenticity and reliability. The Principles ARMA International The Generally Accepted Recordkeeping Principles 3) Principle of Protection An information governance program shall be constructed to ensure a reasonable level of protection for records and information that are private, confidential, privileged, secret, classified, or essential to business continuity or that otherwise require protection. The Principles ARMA International The Generally Accepted Recordkeeping Principles 4) Principle of Compliance An information governance program shall be constructed to comply with applicable laws and other binding authorities, as well as with the organizations policies.

The Principles ARMA International The Generally Accepted Recordkeeping Principles 5) Principle of Availability An organization shall maintain records and information in a manner that ensures timely, efficient, and accurate retrieval of needed information. The Principles ARMA International The Generally Accepted Recordkeeping Principles 6) Principle of Retention An organization shall maintain its records and information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements. The Principles ARMA International The Generally Accepted Recordkeeping Principles

7) Principle of Disposition An organization shall provide secure and appropriate disposition for records and information that are no longer required to be maintained by applicable laws and the organizations policies. The Principles ARMA International The Generally Accepted Recordkeeping Principles 8) Principle of Transparency An organizations business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate interested parties. The Principles ARMA International The Generally Accepted Recordkeeping Principles Key Concept Information and information systems are linked with an organizations activities:

Include important elements for the function of the organization Support activities of the organization Facilitate activities through improved workflows and predictive capabilities Document and assist in compliance with applicable laws, regulations and standards The Principles ARMA International The Generally Accepted Recordkeeping Principles

Key Concept Information must be managed to effectively support the organization: Information life cycle management Information in all formats and on all media The Principles ARMA International The Generally Accepted Recordkeeping Principles Key Concept The Principles are comprehensive and general Provide the characteristics of an effective IG program

Allow flexibility in application Information Governance Maturity Model ARMA International Information Governance Maturity Model ARMA International Information Governance Maturity Model ARMA International What is the Information Governance Maturity Model? The IG Maturity Model defines the characteristics of the Principles at various levels of the IG program The IG Maturity Model consists of 5 levels

Level 1 (Sub-Standard) Level 2 (In Development) Level 3 (Essential) Level 4 (Proactive) Level 5 (Transformational) Information Governance Maturity Model ARMA International Level 1 (Sub-Standard) Recordkeeping concerns are either not addressed at all, or are addressed in a very ad hoc manner Organizations that identify primarily with these descriptions should

be concerned that their programs will not meet legal or regulatory scrutiny Information Governance Maturity Model ARMA International Level 2 (In Development) There is a developing recognition that recordkeeping has an impact on the organization, and that the organization may benefit from a more defined information governance program The organization is still vulnerable to legal or regulatory scrutiny since practices are ill-defined and still largely ad hoc in nature Information Governance Maturity Model ARMA International Level 3 (Essential)

The essential or minimum requirements are addressed meeting the organization's legal and regulatory requirements There are defined policies and procedures, and more specific decisions taken to improve recordkeeping May still be missing significant opportunities for streamlining business and controlling costs Information Governance Maturity Model ARMA International Level 4 (Proactive) This is an organization that is initiating information governance program improvements throughout its business operations

Information governance issues and considerations are integrated into business decisions on a routine basis, and the organization easily meets its legal and regulatory requirements Organizations that identify primarily at this level should begin to consider the business benefits of information availability in transforming their organizations globally Information Governance Maturity Model ARMA International Level 5 (Transformational) The organization has integrated information governance into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine

The organization has recognized that effective information governance plays a critical role in cost containment, competitive advantage, and client service Information Governance Maturity Model ARMA International Applying the Maturity Model Across the Principles Evaluate the organizations current information practices and the IG program Identify business needs to improve through improved information practices

Identify risks that can be reduced with improved information practices Design a realistic improvement strategy Information Governance Maturity Model ARMA International Review: The Principle and Maturity Model Levels Principle of Accountability - An organization shall assign a senior executive who will oversee a recordkeeping program and delegate program responsibility to appropriate individuals, adopt policies and procedures to guide personnel, and ensure program auditability Maturity Model Levels Level 1 (Sub-Standard) Recordkeeping concerns are not addressed systematically

Level 2 (In Development) Developing recognition for the benefits of recordkeeping Level 3 (Essential) Essential or minimum requirements are addressed Level 4 (Proactive) - Initiating IG program improvements across its business operations Level 5 (Transformational) - IG is integrated into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine Information Governance Maturity Model ARMA International Principle of Accountability - Level 1 (Sub-Standard) Emphasis is not placed on the importance of IG No senior executive is responsible for records or information The Records Manager role is largely non-existent The records manager role may be a clerical role shared across

employees, the chief information governance officer and the records manager Information assets may not be managed, or not managed consistently Information Governance Maturity Model ARMA International Principle of Accountability - Level 2 (In Development) No senior executive is responsible for records or information Records Manager role is recognized Role is responsible only for tactical management of records Role is not responsible for developing policies and procedures for all information assets Records Manager is not involved in discussions and planning for electronic systems

Existing program may only address paper records IT is the assumed lead for electronic records storage Information is not stored in a systematic manner Organization is aware of the need to govern its broader information assets Information Governance Maturity Model ARMA International Principle of Accountability - Level 3 (Essential)

Senior management is aware of the records management program Records Manager role is recognized within the organization Responsible for the tactical operation of the established records management program Responsible for the records management program on an organization-wide basis Actively engaged in strategic information and records management initiatives with other officers of the organization Organization includes electronic records as part of the records management program Organization envisions a broader-based information governance program to direct various information-driven processes throughout the enterprise Organization has defined specific goals related to accountability

Information Governance Maturity Model ARMA International Principle of Accountability - Level 4 (Proactive) Organization has appointed an IG professional The Records Management Program is an element of the IG Program This IG professional is responsible for the IG Program and oversees the Records Management Program The Records Manager is a senior officer responsible for all tactical and strategic aspects of the Records Management Program There is a stakeholder committee

Members of the committee represent all functional areas of the organization The committee meets periodically to review records management related issues Information Governance Maturity Model ARMA International Principle of Accountability - Level 5 (Transformational) Significant emphasis is placed on information governance Organization has appointed an IG professional The records manager directs the records management program

The records manager reports directly to the chief information governance officer The chief IG officer and the records manager are essential members of the organizations governing body The organizations initial goals related to accountability have been met Goals for accountability are routinely reviewed and revised Information Governance Maturity Model ARMA International Review: The Principle and Maturity Model Levels Principle of Integrity - An information governance program shall be

constructed so the information generated by or managed for the organization has a reasonable and suitable guarantee of authenticity and reliability Maturity Model Levels Level 1 (Sub-Standard) Recordkeeping concerns are not addressed systematically Level 2 (In Development) Developing recognition for the benefits of recordkeeping Level 3 (Essential) Essential or minimum requirements are addressed Level 4 (Proactive) - Initiating IG program improvements across its business operations Level 5 (Transformational) - IG is integrated into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine Information Governance Maturity Model ARMA International Principle of Integrity Level 1 (Sub-Standard) There are no systematic audits

There are no defined processes Various organizational functions use ad hoc methods to demonstrate authenticity and chain of custody Information Governance Maturity Model ARMA International Principle of Integrity Level 2 (In Development) Some organizational records and information are stored with their respective metadata that demonstrate authenticity Metadata storage and chain of custody methods are acknowledged to be important

However: No formal process is defined for metadata storage and chain of custody Different departments handle metadata storage and chain of custody as they determine is appropriate Information Governance Maturity Model ARMA International Principle of Integrity Level 3 (Essential) The organization has defined specific goals related to integrity There is a formal process to ensure that the required level of authenticity and chain of custody can be applied to information systems and processes

Appropriate data elements are captured to demonstrate compliance with the policy Information Governance Maturity Model ARMA International Principle of Integrity Level 4 (Proactive) The metadata definition process is an integral part of the records management practice in the organization Metadata requirements are defined for all systems, business applications, and records to ensure the authenticity of records and information Metadata requirements include:

Security and signature requirements and Chain of custody as needed to demonstrate authenticity Information Governance Maturity Model ARMA International Principle of Integrity Level 5 (Transformational) The organizations initial goals related to integrity have been met, and it has an established process to ensure its goals for integrity are routinely reviewed and revised There is a formal, defined process for introducing new recordgenerating systems, capturing their metadata, and meeting other authenticity requirements, including chain of custody

Integrity controls of records and information are reliably and systematically audited Information Governance Maturity Model ARMA International Review: The Principle and Maturity Model Levels Principle of Protection - An information governance program shall be constructed to ensure a reasonable level of protection for records and information that are private, confidential, privileged, secret, classified, or essential to business continuity or that otherwise require protection Maturity Model Levels Level 1 (Sub-Standard) Recordkeeping concerns are not addressed systematically Level 2 (In Development) Developing recognition for the benefits of recordkeeping Level 3 (Essential) Essential or minimum requirements are addressed Level 4 (Proactive) - Initiating IG program improvements across its business operations Level 5 (Transformational) - IG is integrated into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is

routine Information Governance Maturity Model ARMA International Principle of Protection Level 1 (Sub-Standard) No consideration is given to information protection Records and information are stored haphazardly Protection of records and information is provided by various groups and departments There are no centralized access controls

Information Governance Maturity Model ARMA International Principle of Protection Level 2 (In Development) Some protection of information assets is exercised There is a written policy for records and information that require a level of protection, however: Guidance for employees is not uniform or universal Does not give clear & definitive guidelines for all information in all media types

Does not address how to exchange records and information among internal/external stakeholders Employee training is not formalized Access controls are implemented by individual content owners Information Governance Maturity Model ARMA International Principle of Protection Level 3 (Essential) The organization has a formal written policy for protecting records and information Confidentiality and privacy considerations are well-defined within the organization The importance of chain of custody is defined The organization has defined specific goals related to records and information protection

The organization has a formal written policy for centralized access controls Training for employees is available Records and information audits are conducted only in regulated areas of the business Audits in other areas may be conducted, but they are left to the discretion of each functional area Information Governance Maturity Model ARMA International Principle of Protection Level 4 (Proactive) The organization has implemented systems that provide for the

protection of the information Employee training is formalized and well-documented Auditing of compliance and protection is conducted on a regular basis Information Governance Maturity Model ARMA International Principle of Protection Level 5 (Transformational) Great value is placed on the protection of information by the executives, senior management, and other governing bodies such as the board of directors

The organizations initial goals related to protection have been met There is an established process to ensure the goals for protection are routinely reviewed and revised Audit information is regularly examined Continuous improvement is undertaken Inappropriate or inadvertent information disclosure or loss incidents are rare Information Governance Maturity Model ARMA International Review: The Principle and Maturity Model Levels

Principle of Compliance - An information governance program shall be constructed to comply with applicable laws and other binding authorities, as well as with the organizations policies Maturity Model Levels Level 1 (Sub-Standard) Recordkeeping concerns are not addressed systematically Level 2 (In Development) Developing recognition for the benefits of recordkeeping Level 3 (Essential) Essential or minimum requirements are addressed Level 4 (Proactive) - Initiating IG program improvements across its business operations Level 5 (Transformational) - IG is integrated into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine Information Governance Maturity Model ARMA International Principle of Compliance Level 1 (Sub-Standard) There is no central oversight or guidance and no consistently

defensible position on information governance There is no clear understanding or definition of the information or records the organization is obligated to maintain Information is not systematically managed Poor compliance practices expose the organization to significant adverse consequences Information Governance Maturity Model ARMA International Principle of Compliance Level 2 (In Development) The organization has identified some of the rules and regulations that govern its business

The organization has introduced some compliance policies and good information management practices around those policies Policies are not complete There are no structured accountability processes or controls for compliance There is a disposition hold process, however The disposition hold process is not well-integrated with the organizations information management and discovery processes

The organization does not have full confidence in the disposition hold process Information Governance Maturity Model ARMA International Principle of Compliance Level 3 (Essential) Compliance is highly valued and measurable, and suitable records and information demonstrating the organizations compliance are maintained The organization has defined specific goals related to compliance The organization has identified key compliance laws and regulations The organization has a code of business conduct that is integrated into its overall information governance structure and policies

Information creation and capture are in most cases systematically carried out in accordance with information management principles The disposition hold process is integrated into the organizations information management and discovery processes for the critical systems, and it is generally effective The organizations exposure to adverse consequences from poor information management and governance practices is reduced Information Governance Maturity Model ARMA International Principle of Compliance Level 4 (Proactive) The organization has implemented systems to capture and protect information

The legal, audit, and information production processes are well-managed and effective Roles are defined Processes are repeatable Records are linked with the metadata used to demonstrate and measure compliance Employees are trained appropriately Audits are conducted regularly Records are available for appropriate review

Lack of compliance is consistently remedied The organization is at low risk of adverse consequences from poor information management and governance practices Information Governance Maturity Model ARMA International Principle of Compliance Level 5 (Transformational) Compliance is important Recognized by senior management Senior management recognizes records and information managements role in

compliance Compliance goals have been met Goals for compliance are routinely reviewed and revised The organization has an established process to ensure its goals for compliance are routinely reviewed and revised The organization suffers few or no adverse consequences based on failures in information governance or compliance Established auditing and continuous improvement processes are in place The roles and processes for information management and discovery are integrated Information Governance Maturity Model

ARMA International Review: The Principle and Maturity Model Levels Principle of Availability - An organization shall maintain records and information in a manner that ensures timely, efficient, and accurate retrieval of needed information Maturity Model Levels Level 1 (Sub-Standard) Recordkeeping concerns are not addressed systematically Level 2 (In Development) Developing recognition for the benefits of recordkeeping Level 3 (Essential) Essential or minimum requirements are addressed Level 4 (Proactive) - Initiating IG program improvements across its business operations Level 5 (Transformational) - IG is integrated into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine Information Governance Maturity Model ARMA International

Principle of Availability Level 1 (Sub-Standard) Records and information are not readily available Difficulty in locating appropriate version There is a lack of finding aids Information Governance Maturity Model ARMA International Principle of Availability Level 2 (In Development) Records and information retrieval mechanisms have been implemented in parts of the organization

There are some policies for where and how to store official records and information A standard for managing and storing records is not imposed across the organization Inconsistent treatment of information results in increased costs and difficulty responding to legal discovery and information requests Information Governance Maturity Model ARMA International Principle of Availability Level 3 (Essential) The organization has defined specific goals related to availability of records and information

There are clearly defined policies regarding the management of records and information There is a standard for where and how records and information are: Stored Protected Made available Systems and infrastructure contribute to the availability of records and information Information Governance

Maturity Model ARMA International Principle of Availability Level 4 (Proactive) Information governance policies have been clearly communicated There are clear guidelines and an inventory that identify and define the systems and their information assets Records and information are consistently and readily available Appropriate systems and controls are in place for legal discovery and information requests

Automation is adopted to facilitate the consistent implementation of the hold and information request processes Information Governance Maturity Model ARMA International Principle of Availability Level 5 (Transformational) The organizations goals related to availability have been met There is an organized training and continuous improvement program across the organization There is a measurable return on investment to the organization as a result of records and information availability Information Governance

Maturity Model ARMA International Review: The Principle and Maturity Model Levels Principle of Retention - An organization shall maintain its records and information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements Maturity Model Levels Level 1 (Sub-Standard) Recordkeeping concerns are not addressed systematically Level 2 (In Development) Developing recognition for the benefits of recordkeeping Level 3 (Essential) Essential or minimum requirements are addressed Level 4 (Proactive) - Initiating IG program improvements across its business operations Level 5 (Transformational) - IG is integrated into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine Information Governance Maturity Model ARMA International

Principle of Retention Level 1 (Sub-Standard) There is no current, documented records retention schedule or policy Rules and regulations that should define retention are not identified or centralized Retention guidelines are haphazard Employees either keep everything or dispose of records and information based on their own business needs, rather than organizational needs Information Governance Maturity Model ARMA International

Principle of Retention Level 2 (In Development) A retention schedule and policies are available But do not encompass all records and information Did not go through an official review Are not implemented or well known throughout the organization The retention schedule and policies are not regularly updated or maintained Education and training about the retention policies are not available Information Governance

Maturity Model ARMA International Principle of Retention Level 3 (Essential) The organization has defined & specific goals related to retention The organization has instituted a policy for records and information retention A formal retention schedule that is compliant with rules and regulations is consistently applied throughout the organization The organizations employees are knowledgeable about the retention policy The organizations employees understand their personal responsibilities for

records and information retention Information Governance Maturity Model ARMA International Principle of Retention Level 4 (Proactive) Records and information retention is a major organizational objective Retention schedules are reviewed on a regular basis, and there is a process to adjust retention schedules, as needed Retention training is in place Employees understand how to classify records and information

appropriately Information Governance Maturity Model ARMA International Principle of Retention Level 5 (Transformational) Retention is an important item at the senior management and governing body level The organizations initial goals related to retention have been met The organization has an established process to ensure its goals for retention are routinely reviewed and revised Retention is looked at holistically and is applied to all information in an

organization Information is consistently retained for appropriate periods of time Information Governance Maturity Model ARMA International Review: The Principle and Maturity Model Levels Principle of Disposition - An organization shall provide secure and appropriate disposition for records and information that are no longer required to be maintained by applicable laws and the organizations policies Maturity Model Levels Level 1 (Sub-Standard) Recordkeeping concerns are not addressed systematically Level 2 (In Development) Developing recognition for the benefits of recordkeeping Level 3 (Essential) Essential or minimum requirements are addressed

Level 4 (Proactive) - Initiating IG program improvements across its business operations Level 5 (Transformational) - IG is integrated into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine Information Governance Maturity Model ARMA International Principle of Disposition Level 1 (Sub-Standard) There is no documentation of the processes used to guide the: Transfer of records and information Disposition of records and information No disposition hold process for suspending disposition in the event of investigation or litigation is non-existent or is inconsistent across the organization

Information Governance Maturity Model ARMA International Principle of Disposition Level 2 (In Development) Preliminary guidelines for disposition are established There is a realization of the importance of suspending disposition in a consistent manner, when required There may not be enforcement and auditing of disposition Information Governance Maturity Model ARMA International Principle of Disposition Level 3 (Essential)

Official procedures for records and information disposition and transfer have been developed Official policy and procedures for suspending disposition have been developed Although policies and procedures exist, they may not be standardized across the organization The organization has defined specific goals related to disposition Information Governance Maturity Model ARMA International Principle of Disposition Level 4 (Proactive)

Disposition procedures are understood by all and are consistently applied across the enterprise The process for suspending disposition is defined, understood, and used consistently across the organization Records and information in all media are disposed of in a manner appropriate to the information content and retention policies Information Governance Maturity Model ARMA International Principle of Disposition Level 5 (Transformational) The disposition process covers all records and information in all media

Disposition is assisted by technology and is integrated into all applications, data warehouses, and repositories Disposition processes are consistently applied and effective Processes for disposition are regularly evaluated and improved The organizations initial goals related to disposition have been met, and it has an established process to ensure its goals for disposition are routinely reviewed and revised Information Governance Maturity Model ARMA International

Review: The Principle and Maturity Model Levels Principle of Transparency - An organizations business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate interested parties Maturity Model Levels Level 1 (Sub-Standard) Recordkeeping concerns are not addressed systematically Level 2 (In Development) Developing recognition for the benefits of recordkeeping Level 3 (Essential) Essential or minimum requirements are addressed Level 4 (Proactive) - Initiating IG program improvements across its business operations Level 5 (Transformational) - IG is integrated into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine Information Governance Maturity Model ARMA International Principle of Transparency Level 1 (Sub-Standard)

It is difficult to obtain timely information about the organization, its business, or its records management program Business and records and information management processes are not well-defined, and no clear documentation regarding these processes is readily available There is no emphasis on transparency The organization cannot readily accommodate requests for information, discovery for litigation, regulatory responses, freedom of information, or other requests The organization has not established controls to ensure the

consistency of information disclosure Information Governance Maturity Model ARMA International Principle of Transparency Level 2 (In Development) The organization realizes that some degree of transparency is important in its business processes and records and information management program for business or regulatory needs Although a limited amount of transparency exists in areas where regulations demand it, there is no systematic or organization-wide drive to transparency The organization has begun to document its business and records and information management processes

Information Governance Maturity Model ARMA International Principle of Transparency Level 3 (Essential) Transparency in business and records and information management is taken seriously, and information is readily and systematically available when needed There is a written policy regarding transparency in business and records and information management Employees are educated on the importance of transparency and the specifics of the organizations commitment to transparency The organization has defined specific goals related to information governance transparency

Business and records and information management processes are documented The organization can accommodate most requests for information, discovery for litigation, regulatory responses, freedom of information, or other requests Information Governance Maturity Model ARMA International Principle of Transparency Level 4 (Proactive) Transparency is an essential part of the corporate culture and is emphasized in training The organization monitors compliance on a regular basis

Business and records and information management process documentation is monitored and updated consistently Requests for information, discovery for litigation, regulatory responses, freedom of information, or other requests (e.g., from potential business partners, investors, or buyers) are managed through routine business processes Information Governance Maturity Model ARMA International Principle of Transparency Level 5 (Transformational) The organizations senior management considers transparency as a key component of information governance

The software tools that are in place assist in transparency Requestors, courts, and other legitimately interested parties are consistently satisfied with the transparency of the processes and the organizations responses The organizations initial goals related to transparency have been met, and it has an established process to ensure its goals for transparency are routinely reviewed and revised Applying Technology With The Principles Using Technology to Maximize Information Value Applying Technology With The Principles Technology Defined The collection of techniques, methods or processes used in the production of goods or

services or in the accomplishment of objectives, such as scientific investigation. Technology can be the knowledge of techniques, processes, etc. or it can be embedded in machines, computers, devices and factories, which can be operated by individuals without detailed knowledge of the workings of such things. Wikipedia The use of science in industry, engineering, etc., to invent useful things or to solve problems. OR A machine, piece of equipment, method, etc., that is created by technology. www.merriam-webster.com/dictionary Applying Technology With The Principles Principle of Accountability - An organization shall assign a senior executive who will oversee a recordkeeping program and delegate program responsibility to appropriate individuals, adopt policies and procedures to guide personnel, and ensure program auditability Ideally there is a senior management position, such as an IG Officer, responsible for ensuring technology decisions are aligned with the organizations goals

Technology resource decisions are aligned with the organizations goals Technology resource allocations are reviewed regularly with appropriate approvals for revision Technology resources align with compliance requirements and demonstrate compliance Applying Technology With The Principles Principle of Accountability (Continued)

Clearly define responsibilities for Technology Team Determine how and where to apply technology Consider the needs of the end users Develop scope and business case for technology Document requirements and purpose Applying Technology With The Principles Principle of Accountability (Continued)

Building strategic partnerships Writing Effective Policies and Procedures Collaborative effort Obtain approvals Communication Train Staff Revise, Retrain, etc. as needed Evaluate for increased organizational Efficiencies Applying Technology With The Principles

Principle of Integrity - An information governance program shall be constructed so the information generated by or managed for the organization has a reasonable and suitable guarantee of authenticity and reliability Assess the system mechanisms involved in information capture These information capture systems should capture information accurately and make it reliably retrievable Consider the types of information capture technologies, indexing strategies, capture planning, and interoperability Applying Technology With The Principles

Principle of Integrity (Continued) Assess information controls Information security controls Information security procedures Standardized metadata Maintenance and backups (Continuity of Operations) Upgrades of software and hardware the processes and how often

Planned and managed data and system migrations Applying Technology With The Principles Principle of Integrity (Continued) Controlling user account information Role-Based access Have good documentation

Content and format Include not only current but also future systems, processes, roles, etc. Plans for updates, upgrades, decommissions, etc. Applying Technology With The Principles Principle of Protection - An information governance program shall be constructed to ensure a reasonable level of protection for records and information that are private, confidential, privileged, secret, classified, or essential to business continuity or that otherwise require protection Assess the information in the organizations technology systems What information is stored and where cloud storage, server

How is the information used What happens to the information when it is no longer needed Applying Technology With The Principles Principle of Protection (Continued) Assess the information security system protocols Firewalls Compliancy monitoring systems

Business continuity planning and testing Backup and recovery procedures System maintenance Applying Technology With The Principles Principle of Protection (Continued) Quality control measures are vital to protection

Protection methods will vary based on Record Media Hardware Software Limit ability to access and manipulate information based on users role (need to know) Applying Technology With The Principles Principle of Compliance - An information governance program shall be constructed

to comply with applicable laws and other binding authorities, as well as with the organizations policies Align technology system requirements with requirements for compliance with laws and regulations Documentation of system processes as needed for compliance Employee training addressing information compliance responsibilities and procedures Standardize workflows for all information lifecycle stages Applying Technology With The Principles

Principle of Compliance (Continued) Organizations that produce relevant Standards ISO ANSI AIIM/ARMA IEEE Specific Records and Information Standards DOD5015 ISO 15489

Applying Technology With The Principles Principle of Availability - An organization shall maintain records and information in a manner that ensures timely, efficient, and accurate retrieval of needed information Identify the information created and maintained by the organization Classify the organizations information and implement indexing capability Have effective procedures, workflows, and controls

Train users Implement proper technology solutions to meet information needs Applying Technology With The Principles Principle of Availability (Continued) Employ effective information technology maintenance processes Records Series/file plan Taxonomies

Applying Technology With The Principles Principle of Retention - An organization shall maintain its records and information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements Determine appropriate and compliant records retention classifications Document in the Records Retention Schedule Develop records retention compliant workflows within the information systems Train employees about appropriate records retention and the

organizations Records Retention Schedule Applying Technology With The Principles Principle of Retention (Continued) Document strategies, results, decisions, and efforts associated with legacy systems Implement appropriate documentation for electronic records disposition Apply Retention to all records regardless of format, media, or location

Paper vs. Electronic Onsite vs Offsite Consider special steps needed to retain records for long retention periods or for permanent retention Applying Technology With The Principles Principle of Disposition - An organization shall provide secure and appropriate disposition for records and information that are no longer required to be maintained by applicable laws and the organizations policies Disposition includes destruction and transfer to a historical digital archives

Systems should ensure appropriate security of records during the full disposition process Includes disposition approval process Includes disposition hold processes Includes transfer of information to a historical digital archives Applying Technology With The Principles Principle of Disposition (Continued) Appropriate and compliant methods of information storage and disposition should be implemented

Includes appropriate and compliant methods for destruction Includes appropriate and compliant methods for historical preservation Retention Schedule should guide the disposition process Destruction methods used are based on properties, media, and security Media: Shredding, Recycling, and pulverization Digital: Erasing, overwriting, or digital shredding Applying Technology With The Principles Principle of Transparency - An organizations business processes and activities, including its information governance program, shall be documented in an open and

verifiable manner, and that documentation shall be available to all personnel and appropriate interested parties System documentation including: Documentation of the records management polices and processes the system provides Defined digital records creation processes Metadata standards employed in the system Documented clear workflows Documentation of the systems digital records disposition and disposition hold processes

Scenario Group Exercise Scenario Group Exercise A midsized company is expanding. They have identified a need to develop an Information Governance program. Your consulting team has been hired to develop recommended functional areas and the roles and responsibilities for the Information Governance program. The Board of Directors expects to see your consulting teams full report with each functional area listed and the justification/reason for each area. Your consulting team has been told by the Board that they want to ensure that their information is managed appropriately and that the organization gets the most value from its information. Remember that the Board is expecting you to address all records across all media. You and your group members are the consulting team that has been hired by the company

in the scenario above. In your individual groups, document the different areas of the Information Governance program to be presented to the Board of Directors. Be sure to also include your teams recommended roles and responsibilities of the Information Governance program. Keep in mind that the Board is concerned about maximizing the value of the companys information. Your group should identify what of type of company (communications, transportation, manufacturing, etc.) that youve been hired by because that might determine some of your recommendations for the Information Governance program. Feel free to give the company a name. Select a spokesperson for your group The groups spokesperson will share the groups recommendations for the solution with the all of us. Benefits and Advantages of Maximizing Value Value of Information Business purpose of the information

Information can support the purpose of the organization Document the actions of the organization Document compliancy of the organization Process information according to the needs and purpose of the organization Predictive analytics and modeling Visualization Customer experience analysis Fraud prevention analysis Efficient information processes yield value

Enhance decision making Improve customer targeting and improve customer experience Enhance protection of sensitive information Benefits and Advantages of Maximizing Value Examples of Data Visualization Treemapping of Soft Drink Preferences Across a Group of People Benefits and Advantages of Maximizing Value Examples of Data Visualization Treemapping of Countries by Geographic Size with Darker Colors Indicating More Population Density Benefits and Advantages of Maximizing Value

Examples of Data Visualization A streamgraph showing an individuals music listening habits Benefits and Advantages of Maximizing Value Examples of Data Visualization Data visualization of Facebook relationships by the third-party app MyFnetwork "Kencf0618FacebookNetwork" by Kencf0618 - Own work. Licensed under CC BY-SA 3.0 via Wikimedia Commons http://commons.wikimedia.org/wiki/File:Kencf0618FacebookNetwork.jpg#/media/File:Kencf0618FacebookNetwork.jpg Benefits and Advantages of Maximizing Value Appropriate IG Reduces Risk Compliance with information laws and regulations reduces risk of fines and other results of non-compliance

Appropriate Business Continuity Planning reduces the down time an organization could experience in the face of a disaster Appropriate and defensible disposition reduce the volume of information that could otherwise be subject to discovery or information requests Benefits and Advantages of Maximizing Value Appropriate IG Helps Contain Costs More efficient information processes Automated Classification Enhance decision making processes Data Analytics

Information storage efficiencies Tier and Cloud Storage/ Offsite Collaborative sites - Reduce Copies Better search technologies Reduce researcher time Benefits and Advantages of Maximizing Value Benefits and Advantages of Maximizing Value IG provides a framework for comprehensive management of the organizations information assets with a collaborative approach

The Principles provide the characteristics an IG program should achieve The IG Maturity Model is an assessment tool that provides characteristics of the Principles at various levels of maturity within an organization The IGRM depicts a framework for IG within an organization by key stakeholders Benefits and Advantages of Maximizing Value IG helps an organization optimize the value of information by: Reducing risks

Ensuring compliance Lowering costs Improving information access and security Improving workflows Using big data and data analytics Supporting improved decision making

Q&A Contact Information Margaret Hermesmeyer, MLIS, CRM (512) 463-2154 [email protected] Kevin Waldrup, MBA, CRM (512) 972-5108 [email protected]

Recently Viewed Presentations

  • October 24th 2016 RIGHT NOW Please get out

    October 24th 2016 RIGHT NOW Please get out

    Conflict between Britain and France for control over the land west of the Appalachian Mountains - Rich Fur Area in the Ohio River Valley. Britain won - gained control of Canada & all the land EAST of Mississippi River. Treaty...
  • Introduction to High Performance Liquid Chromatography

    Introduction to High Performance Liquid Chromatography

    Quantification - Calibration In This Section, We Will Discuss: The steps necessary to build a calibration table. How to select calibration settings.
  • The American Ethnic Cultural Mosaic - SSCC - Home

    The American Ethnic Cultural Mosaic - SSCC - Home

    The American Ethnic Cultural Mosaic What Will Become of Us? Hopi Reggae: Casper Lomayesva Our Hopi reservation no stretch far and wide It gives us sense of purpose, me say sense of pride Religion and our culture help keep us...
  • Unified Messaging in Microsoft Exchange Server 2010 Michael

    Unified Messaging in Microsoft Exchange Server 2010 Michael

    Voice mail accessible via Outlook and OWA . Access to Exchange from any phone. Voice Mail, E-mail, Calendar, Directory, and Contacts. Exchange UM Administrator Perspective: Familiar Tools. All messages are stored in Exchange. All messages are transported by Exchange. All...
  • The problem of Evil Lesson 1 - WordPress.com

    The problem of Evil Lesson 1 - WordPress.com

    Mackie's reformulation of the logical problem - page 6. J.L Mackie claims the problem of evil as a simple case of logical inconsistency - logically impossible that there can be a God. Mackie argued that the existence of evil and...
  • PREPARE AND DISPLAY PETIT FOURS - Amazon S3

    PREPARE AND DISPLAY PETIT FOURS - Amazon S3

    Prepare and display petit fours. This Unit comprises five elements: Prepare and display petit four glace. Prepare and display marzipan petit fours. Prepare and display petit four sec. Prepare and display caramelised petit four. Store petit four. Slide . Trainer...
  • Diapozitiv 1 - GZS

    Diapozitiv 1 - GZS

    ENERGETSKI SEKTOR vlaganje, razvoj, dvig gospodarstva Ljubljana 4.7.2012 LETNA KONFERENCA MALTA 4-5 Junij 2012 EZS Z veliko energije Andris PIEBALGS European Commissioner for Development "Energija je temeljna pravica in pogoj za rast in razvoj," "Zasebni sektor mora biti z nami...
  • BRAF mutation rates in primary and metastatic Cutaneous ...

    BRAF mutation rates in primary and metastatic Cutaneous ...

    Claire Faulkner (Clinical Scientist, Genetics) Aims. Determine the frequency of BRAF mutation in primary and metastatic melanomas in Bristol and compare with published studies. Compare methods of test material preparation to determine if they are comparable.