Selecting the right initial project(s), determining outcomes and measures, and preparing the business case are important groundwork for your Information Governance initiative, as discussed in Part 1. But to secure resilient management support for an ongoing initiative, you’ll also want to tie the individual projects to strategic objectives for Information Governance at your organization.
Strategic IG Objectives
While a single successful project is fine, higher-level strategic objectives are needed to foster an ongoing information governance initiative. The strategic objectives connect the dots of the benefits from individual projects, providing the 1 + 1 = 3. Strategic IG objectives provide both a road map for next steps and also a narrative of impact worthy of ongoing executive support.
Strategic IG objectives usually focus on one or more of (1) reducing unnecessary data volumes, (2) retaining and using valuable, reliable data, (3) safeguarding protected and confidential data, and (4) preserving data as required for litigation. Each of these strategic objectives usually also align with some combination of (a) ensuring information compliance, (b) controlling information risk, and (c) maximizing information value.
INFORMATION GOVERNANCE STRATEGIC OBJECTIVES
Reduce Unnecessary Data Volumes
- Compliance: Comply with regulatory and contractual requirements for disposing of information.
- Risk: Dispose of information not required for legal compliance or business need and reduce creation of unnecessary information, to mitigate data security exposures and data volume litigation exposures.
- Value: Realize operational cost-savings and increased productivity and efficiency by decreasing the amounts of unnecessary information.
Retain and Use Valuable, Reliable Data
- Compliance: Comply with regulatory and contractual requirements for retaining and managing information.
- Risk: Avoid loss of valuable information and protect information vital for continuing operations and enforcing legal rights.
- Value: Maintain reliable information to support analysis for decision-making and ensure accessibility of reliable information for productivity and efficiency.
Safeguard Protected and Confidential Data
- Compliance: Comply with regulatory and contractual requirements for privacy and security of protected information and for safeguarding confidential information.
- Risk: Avoid unauthorized use or compromise of protected and confidential information and detect and respond effectively to breaches and other security incidents, to minimize reputation damage and legal exposures.
- Value: Enhance reputation as trusted custodian of protected and confidential information.
Preserve Data for Litigation
- Compliance: Comply with legal requirements for preserving and collecting data relevant to litigation or regulatory proceedings.
- Risk: Reduce costs and inefficiencies in preservation and collection and reduce exposures for preservation failures.
- Value: Achieve more efficient, timely, and accurate case assessment and valuation.
Unlike building a quantified business case for specific projects, the value of attaining strategic IG objectives is usually best expressed qualitatively, highlighting the significant general benefits of improving compliance, mitigating risk, and maximizing of information value. But IG strategic objectives can easily be converted into SMART goals (Specific, Measurable, Achievable, Relevant, and Timely). To do so, simply adopt the most compelling IG strategic objectives, which provide the strategic direction, and then graft onto them your SMART elements from the related, pending project(s). For example:
“Reduce unnecessary data volumes [i.e., the strategic objective] by completing Phase 1 of Email Retention and Disposal Project by end of 3rd Q 2020, including implementation of (1) going forward storage and retention strategy for record-quality email, (2) new retention policy for non-record email, and (3) related updates to legal hold process [i.e., the initial project’s parameters, with incorporated project measures].”
Upon completion of the initial specific project, this same SMART goal can be updated with whatever is the next project to advance this strategic objective:
“Reduce unnecessary data volumes [i.e., the ongoing strategic objective] by completing Phase 2 of Email Retention and Disposal Project by end of 1st Q 2021, including processing of legacy email troves isolated in Phase 1 [i.e., the subsequent project’s parameters, with incorporated project measures].”
So now you have the clarity of one or more specific, concrete projects, each with outcomes, measures, and a business case, and also tied to strategic objectives for governing compliance, cost, risk, and value for your organization’s information. Yet there’s still something missing – how is all of this relevant to what drives your organization? To tap into relevance, you will want to align your IG initiative with your organization’s business model or brand, discussed in Part 3.