Information Governance.
INFORMATION GOVERNANCE
Founded in 1807, John Wiley & Sons is the oldest independent publishing company in the United States. With offi ces in North America, Europe, Asia, and Australia, Wiley is globally committed to developing and marketing print and electronic products and services for our customers’ professional and personal knowledge and understanding.
The Wiley CIO series provides information, tools, and insights to IT executives and managers. The products in this series cover a wide range of topics that supply strategic and implementation guidance on the latest technology trends, leadership, and emerging best practices.
Titles in the Wiley CIO series include:
The Agile Architecture Revolution: How Cloud Computing, REST-Based SOA, and Mobile Computing Are Changing Enterprise IT by Jason BloombergT
Big Data, Big Analytics: Emerging Business Intelligence and Analytic Trends for Today’s Businesses by Michael Minelli, Michele Chambers, and Ambiga Dhiraj
The Chief Information Offi cer’s Body of Knowledge: People, Process, and Technology by Dean Lane
CIO Best Practices: Enabling Strategic Value with Information Technology (Second Edition) by Joe Stenzel, Randy Betancourt, Gary Cokins, Alyssa Farrell, Bill Flemming, Michael H. Hugos, Jonathan Hujsak, and Karl Schubert
The CIO Playbook: Strategies and Best Practices for IT Leaders to Deliver Value by Nicholas R. Colisto
Enterprise Performance Management Done Right: An Operating System for Your Organization by Ron Dimon
Executive’s Guide to Virtual Worlds: How Avatars Are Transforming Your Business and Your Brand by Lonnie Bensond
IT Leadership Manual: Roadmap to Becoming a Trusted Business Partner by Alan R. r Guibord
Managing Electronic Records: Methods, Best Practices, and Technologies by Robert F. s Smallwood
On Top of the Cloud: How CIOs Leverage New Technologies to Drive Change and Build Value Across the Enterprise by Hunter Muller
Straight to the Top: CIO Leadership in a Mobile, Social, and Cloud-based World (Second Edition) by Gregory S. Smith
Strategic IT: Best Practices for Managers and Executives by Arthur M. Langer ands Lyle Yorks
Transforming IT Culture: How to Use Social Intelligence, Human Factors, and Collaboration to Create an IT Department That Outperforms by Frank Wanders
Unleashing the Power of IT: Bringing People, Business, and Technology Together by Dan Roberts
The U.S. Technology Skills Gap: What Every Technology Executive Must Know to Save America’s Future by Gary J. Beach
Information Governance: Concepts, Strategies and Best Practices by Robert F. Smallwoods
Robert F. Smallwood
INFORMATION GOVERNANCE
CONCEPTS, STRATEGIES AND
BEST PRACTICES
Cover image: © iStockphoto / IgorZh Cover design: Wiley
Copyright © 2014 by Robert F. Smallwood. All rights reserved.
Chapter 7 © 2014 by Barclay Blair
Portions of Chapter 8 © 2014 by Randolph Kahn
Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifi cally disclaim any implied warranties of merchantability or fi tness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profi t or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Cataloging-in-Publication Data:
Smallwood, Robert F., 1959- Information governance : concepts, strategies, and best practices / Robert F. Smallwood. pages cm. — (Wiley CIO series)
ISBN 978-1-118-21830-3 (cloth); ISBN 978-1-118-41949-6 (ebk); ISBN 978-1-118-42101-7 (ebk) 1. Information technology—Management. 2. Management information systems. 3. Electronic
records—Management. I. Title. HD30.2.S617 2014 658.4’038—dc23
2013045072
Printed in the United States of America
10 9 8 7 6 5 4 3 2 1
http://www.copyright.com
http://www.wiley.com/go/permissions
http://booksupport.wiley.com
http://www.wiley.com
For my sons
and the next generation of tech-savvy managers
vii
CONTENTS
PREFACE xv
ACKNOWLEDGMENTS xvii
PART ONE—Information Governance Concepts, Defi nitions, and Principles 1p
CHAPTER 1 The Onslaught of Big Data and the Information Governance Imperative 3
Defi ning Information Governance 5
IG Is Not a Project, But an Ongoing Program 7
Why IG Is Good Business 7
Failures in Information Governance 8
Form IG Policies, Then Apply Technology for Enforcement 10
Notes 12
CHAPTER 2 Information Governance, IT Governance, Data Governance: What’s the Difference? 15
Data Governance 15
IT Governance 17
Information Governance 20
Impact of a Successful IG Program 20
Summing Up the Differences 21
Notes 22
CHAPTER 3 Information Governance Principles 25
Accountability Is Key 27
Generally Accepted Recordkeeping Principles® 27 Contributed by Charmaine Brooks, CRM
Assessment and Improvement Roadmap 34
Who Should Determine IG Policies? 35
Notes 38
PART TWO—Information Governance Risk Assessment and Strategic Planning 41g g
CHAPTER 4 Information Risk Planning and Management 43
Step 1: Survey and Determine Legal and Regulatory Applicability and Requirements 43
viii CONTENTS
Step 2: Specify IG Requirements to Achieve Compliance 46
Step 3: Create a Risk Profi le 46
Step 4: Perform Risk Analysis and Assessment 48
Step 5: Develop an Information Risk Mitigation Plan 49
Step 6: Develop Metrics and Measure Results 50
Step 7: Execute Your Risk Mitigation Plan 50
Step 8: Audit the Information Risk Mitigation Program 51
Notes 51
CHAPTER 5 Strategic Planning and Best Practices for Information Governance 53
Crucial Executive Sponsor Role 54
Evolving Role of the Executive Sponsor 55
Building Your IG Team 56
Assigning IG Team Roles and Responsibilities 56
Align Your IG Plan with Organizational Strategic Plans 57
Survey and Evaluate External Factors 58
Formulating the IG Strategic Plan 65
Notes 69
CHAPTER 6 Information Governance Policy Development 71
A Brief Review of Generally Accepted Recordkeeping Principles® 71
IG Reference Model 72
Best Practices Considerations 75
Standards Considerations 76
Benefi ts and Risks of Standards 76
Key Standards Relevant to IG Efforts 77
Major National and Regional ERM Standards 81
Making Your Best Practices and Standards Selections to Inform Your IG Framework 87
Roles and Responsibilities 88
Program Communications and Training 89
Program Controls, Monitoring, Auditing and Enforcement 89
Notes 91
PART THREE—Information Governance Key Impact Areas Based on the IG Reference Model 95p
CHAPTER 7 Business Considerations for a Successful IG Program 97
By Barclay T. Blair
Changing Information Environment 97
CONTENTS ix
Calculating Information Costs 99
Big Data Opportunities and Challenges 100
Full Cost Accounting for Information 101
Calculating the Cost of Owning Unstructured Information 102
The Path to Information Value 105
Challenging the Culture 107
New Information Models 107
Future State: What Will the IG-Enabled Organization Look Like? 110
Moving Forward 111
Notes 113
CHAPTER 8 Information Governance and Legal Functions 115
By Robert Smallwood with Randy Kahn, Esq., and Barry Murphy
Introduction to e-Discovery: The Revised 2006 Federal Rules of Civil Procedure Changed Everything 115
Big Data Impact 117
More Details on the Revised FRCP Rules 117
Landmark E-Discovery Case: Zubulake v. UBS Warburg 119
E-Discovery Techniques 119
E-Discovery Reference Model 119
The Intersection of IG and E-Discovery 122 By Barry Murphy
Building on Legal Hold Programs to Launch Defensible Disposition 125 By Barry Murphy
Destructive Retention of E-Mail 126
Newer Technologies That Can Assist in E-Discovery 126
Defensible Disposal: The Only Real Way To Manage Terabytes and Petabytes 130 By Randy Kahn, Esq.
Retention Policies and Schedules 137 By Robert Smallwood, edited by Paula Lederman, MLS
Notes 144
CHAPTER 9 Information Governance and Records and Information Management Functions 147
Records Management Business Rationale 149
Why Is Records Management So Challenging? 150
Benefi ts of Electronic Records Management 152
Additional Intangible Benefi ts 153
Inventorying E-Records 154
Generally Accepted Recordkeeping Principles® 155
E-Records Inventory Challenges 155
x CONTENTS
Records Inventory Purposes 156
Records Inventorying Steps 157
Ensuring Adoption and Compliance of RM Policy 168
General Principles of a Retention Scheduling 169
Developing a Records Retention Schedule 170
Why Are Retention Schedules Needed? 171
What Records Do You Have to Schedule? Inventory and Classifi cation 173
Rationale for Records Groupings 174
Records Series Identifi cation and Classifi cation 174
Retention of E-Mail Records 175
How Long Should You Keep Old E-Mails? 176
Destructive Retention of E-Mail 177
Legal Requirements and Compliance Research 178
Event-Based Retention Scheduling for Disposition of E-Records 179
Prerequisites for Event-Based Disposition 180
Final Disposition and Closure Criteria 181
Retaining Transitory Records 182
Implementation of the Retention Schedule and Disposal of Records 182
Ongoing Maintenance of the Retention Schedule 183
Audit to Manage Compliance with the Retention Schedule 183
Notes 186
<h2 style="
Get FAST homework help. Place a similar order and get a 15% Discount for your first three orders. We have a team of professional tutors to help you with any assignment regardless of the deadline. Contact us for immediate Homework Help.