Developing an Information Governance Framework

Duties, Tasks, and Steps
A
1
a
b
c
d
e
2
a
b
c
Conduct benchmarking
c
d
e
Obtain stakeholder signoff
a
b
c
d
e
Conduct a risk assessment

Identify risk assessment methodology
Identify stakeholders
Identify and collect resources
Develop interview materials
Interview and collect data
Tools, Equipment, and

Resources
Analytical skills
Project management
skills
Research skills
Stakeholder specific
communication skills
Analytical skills
Communication skills
Cultural sensitivity
Networking skills
Project management
skills
Research skills
Surveying skills
Benchmarking tools
Professional
associations and
industry groups
Research services
Analytical skills
Interviewing skills
Presentation skills
Project management
skills
Surveying skills
Risk assessment methods

Subject matter knowledge
of the business area
Analytical skills
Business process
analysis skills
Interviewing skills
Risk assessment
standards, models
and tools
Software
Managing Information Risk and Compliance

Monitor legal and regulatory landscape
Industry regulations
Engage with legal department and other
stakeholders
Jurisdictional regulations
Identify and interpret existing applicable laws Legal defensibility
Legal frameworks
of all jurisdictions and regulations
Legal research
Identify resources for current development
Document relevant laws and regulations
Establish regular review process
Identify internal and external compliance requirements
Benchmarking methods
Investigate industry practices
Business practices
Review business practices
Cultural practices
Collaborate with internal stakeholders
Industry practices
Regional differences
Prepare risk profile

Collaborate and consult with stakeholders
Identify management's view of acceptable
risks
Evaluate and document risk tolerances
Create risk profile document
Skills, Abilities, and

Attributes
Knowledge
Organizational knowledge
Risk analysis methods
Risk management
Internet
Legal defensibility
Research services
Subscription services
Internet
Presentation
software

f
g
h
a
b
c
Analyze and review risk assessment data

Prepare risk assessment report
Obtain risk assessment report signoff(s)
Develop risk and compliance metrics
Define risk mitigation and compliance success
Identify measurement methodology
Identify non-compliance triggers
Conduct ongoing gap analysis
Document metrics
Present metrics to stakeholders
Obtain signoff of metrics
Create the mitigation plan
Conduct a cost benefit analysis
Prioritize risks to mitigate
Develop methodology for mitigation of risks
Communicate mitigation plan to stakeholders
Provide implementation assistance
Monitor implementation of mitigation plan
Manage the risk mitigation process
Monitor and update metrics
Respond to anomalies
Communicate with stakeholders
Modify risk mitigation program as needed
a
b
c
Conduct risk and compliance audit

Develop the audit framework
Identify resources for audit
Assign audit responsibilities
5
a
b
c
d
e
f
g
6
a
b
c
d
e
f
7
Knowledge

Attributes
Presentation skills
Project management
skills

Resources
Cost benefit analysis
Measurement
methodologies
Organizational knowledge
Statistical analysis
Analytical skills
Project management
skills
Risk assessment
standards, models
and tools
Software
Business process
management
Project management
skills
Risk assessment
standards, models
and tools
Software
Business process
management
Insured vs. uninsured
risks
Ability to respond
under pressure
Project management
skills
Audit methodology
Ability to assess and

analyze contract
terms with regard to
Risk assessment
standards, models
and tools
Software
Audit standards,
models and tools

d
e
f
g
B
1
a
b
2
a
b
c
d
e
f

Attributes
IG requirements
Analytical skills
Presentation skills
Project management
skills

Resources
Project management
skills
Information
governance
standards, models
and tools (e.g., the
Principles, ISO 15489,
CAN/CGSB 72.342005)
Organization's
operational plan
Organization's
strategic plan
Organization's vision,
org chart, values,
mission, goals, budget
Interviewing skills
Project management
skills
Relationship building
skills
Business area
strategic and
operational plans
Organization's
operational plan
Organization's
strategic plan
Organization's vision,
org chart, values,
mission, goals, budget
Knowledge
Oversee the performance of the audit

Analyze results of the audit
Present audit findings and recommendations
to stakeholders
Update risk mitigation plan based on audit
findings
Developing IG Strategic Plan
Align resources to develop plan
Information governance
Obtain executive sponsorship
Information management
Identify stakeholders
(e.g., records, privacy,
security)
IT governance
Resource management
Strategic planning
Identify roles and responsibilities
Analyze internal drivers

Incorporate enterprise strategic plan into IG
plan
Incorporate IT strategy into IG plan
Incorporate business plans into IG plan, to
maximize business opportunity through
governance efforts.
Incorporate corporate culture into IG plan
Incorporate corporate risk tolerances into IG
plan
Incorporate cost benefit analysis into IG plan
Information governance
(e.g., records, privacy,
security)
IT governance
Resource management
Strategic planning
b
c
d
e
f
g
h
i
Review other constraints (e.g., financial, time,

legal)
Analyze external drivers and trends
Identify technology trends
Identify information and data trends (e.g.,
information types and new data formats)
Identify external dependencies
Evaluate economic environment/conditions
Evaluate political environment
Evaluate legal and regulatory environment(s)
Identify industry best practices and trends
Evaluate competitive landscape
Develop a strategic plan
Define strategies based upon collected
information
Prioritize strategies
Align goals to strategies
Identify initiatives to achieve goals
Define critical success factors
Define measurements for success
Write the strategic plan
Review with stakeholders
Obtain approval for strategic plan
Regularly review and update plan as needed
g
3
a
b
c
d
e
f
g
h
4
a
C
1
a

Resources
Software
Business practices
Cultural practices
Financial analysis and
planning
Industry practices
Industry regulations
Jurisdictional regulations
Legal frameworks
Regional differences
Trend analysis skills
Professional
associations and
industry groups
Research services
Continuous improvement
Critical success factors
Environmental scanning
methodologies
Strategic planning
Analytical skills
Continuous
improvement
Critical thinking
Discernment and
judgment skills
Environmental
scanning
Project management
skills
Software
Standards, methods
and tools for strategic
planning
Analytical skills
Key Industry
standards 1
Developing IG Framework
Conduct due diligence to identify standards to guide the IG framework
Evaluate external standards, guidelines,
standards
technical reports, best practices
Refer Key Industry Standards list on page 7

Attributes
Knowledge

b
c
d
e
2
a
b
c
d
e
3
a
b
c
d
Evaluate internal polices, standards,

guidelines, technical reports, best practices
Select standards, guidelines, technical
reports, best practices to inform the
framework
Document the selection process
Review and verify selection with stakeholders
Establish enterprise IG policies and standards
Define discrete policies and standards
Validate against organizational goals and
objectives
Draft internal policies and standards
Review draft documents with stakeholders
Obtain approval and signoff
Develop authority, roles and responsibilities
Define authority, roles and responsibilities
Assess role requirements
Review roles with stakeholders
Obtain role assignment approval from
executive stakeholder(s)
Assign authority, roles and responsibilities
Develop communications and training

Identify communication audiences
Draft communications

Attributes
Discernment and
judgment skills
Project management
skills

Resources
Professional
development
Information preservation
and archives
Legal defensibility
Organizational goals and
objectives
Policy development
standards
Records and information
management (RIM)
Discernment and
judgment skills
Negotiation skills
Project management
skills
skills
Technical writing skills
Trust building skills
Glossary of terms
Key Industry
standards
Policy development
guidelines
Professional
associations and
industry groups
Technical writing
guidelines
Authorities, roles and

responsibilities
Legal defensibility
Organizational structure
Negotiation skills
Project management
skills
Trust building skills
Human Resources
policies and
procedures
Discernment and
judgment skills
Negotiation skills
Project management
Training resources
(3rd party)
Training software
Training standards,
models and tools
Knowledge
Information technology
standards
Legal defensibility
Policy development
standards
Change management
Legal defensibility
Management theory and
practice
Personnel management
Knowledge
Training and learning
methodologies
b
c
d
Develop auditing and enforcement mechanisms for the framework

Auditing
Establish auditing criteria and metrics
Legal defensibility
Organization structure and
Establish enforcement mechanisms
culture
Establishing the IG Program
Establish program scope, mandate and reporting
Engage executive leadership and establish
Budgeting
primary and secondary organizational
Organization dynamics
structure
Define the IG program mandate and scope
culture
Establish appropriate funding and resources
Establish ongoing executive reporting
Obtain executive management signoff
Assign accountabilities
Identify IG program roles and responsibilities Management theory and
practice
Assign IG program roles and responsibilities
a
b
D
1
a
3
a
b
Implement the IG program

Develop communication plan for the IG
program
Implement a change management plan for
the IG program

Attributes
skills
skills

Resources
Analytical skills
Project management
skills
Human Resources
policies and
procedures
Budgeting skills
Discernment and
judgment skills
Negotiation skills
Presentation skills
Project management
skills
Organizational charts
Professional
development
Program benchmarks
Budgeting skills
Discernment and
judgment skills
Negotiation skills
Project management
skills
Human resources
Job descriptions
Professional
associations and
industry groups
Professional
development
Discernment and
judgment skills
Negotiation skills
Training resources
(3rd party)
Training software
Training standards,
Change management
practice
c
4
Provide training of assigned resources
Knowledge
Training and learning
methodologies

Attributes
Project management
skills
skills

Resources
models and tools
Discernment and
judgment skills
Negotiation skills
Personnel
management
Presentation skills
Project management
skills
skills
Human resources
Industry groups
Professional
associations
Professional
development
Software
Business process
analysis and mapping
Discernment and
judgment skills
Interviewing skills
Project management
skills
skills
Tact
Key Industry
standards
Software
Manage the IG program
Monitor adoption of the IG program

practice
Metrics and statistical
analysis
Performance management
Evaluate effectiveness of IG program
Evaluate and align resources
Report to management
E
1
a
b
c
Establishing IG Business Integration and Oversight

Define current state of business processes
Business process
Interview business areas
management
Review current business environment (e.g.,
methodologies
culture, systems, processes)

Identify information needs of the business
culture
management (RIM)
Document current environment and desired
state

2
a
b
c
d
3
a
b
c
d

Attributes
Knowledge
Define current state of technology use in business process

Benchmarking
Identify business and technology
stakeholders and users
Business process
management
Survey and interview technology
Electronic information
stakeholders and users
management principles
Collect and analyze data
and practices
Identify gaps
Data repositories and
associated classification
schemes (e.g., metadata,
taxonomy, ontology)
IT operations and tools
IT vocabulary and concepts
Address gaps through responsible channel
culture
management (RIM)
Align IG framework with business area requirements
Business and IT vocabulary
Review strategic goals of the enterprise
and concepts
Review strategic goals of the business area(s)
Business area goals and
Collaborate with each business area to
objectives
develop IG framework
Business process analysis
Review and approve each business area IG
framework
and practices
Enterprise goals and
objectives
Draft detailed change management process
IG principles and practices

as required
culture
Guide information management decisions

Resources
Business process
analysis and mapping
Discernment and
judgment skills
Interviewing skills
Project management
skills
skills
Tact
Benchmarking tools
Business analysis
standards, models
and tools
Hardware and
application inventory
Network crawler tools
Network usage
analysis tools
Business process
analysis skills
Discernment and
judgment skills
Interviewing skills
Project management
skills
skills
Tact
Business analysis
standards, models
and tools
Business area
strategic plans, org
charts, SOPs
Key Industry
standards
Develop an ongoing participation process
Develop an ongoing approval process
Implement the participation and approval

process
F
1
a
b
c
d
e
f
g
h
i
Knowledge
Business and IT vocabulary
and concepts
Business area goals and
objectives
Business process analysis
and practices
Enterprise goals and
objectives
culture
management (RIM)
Business area procurement
and development
processes
Aligning Technology with the IG framework

Identify how technology is used in the business
Review IT, information asset inventory or

register, architecture and strategic plan
Review technology adoption
Review backup strategy
Review disaster recovery strategy
Review security strategy
Review privacy strategy
Review information mobility strategy

Review information storage practices (hard
copy, digital, microforms)
Review use of vendors and outsourcing
and practices
IT governance
IT roles and responsibilities
IT storage metrics and
performance
improvements

Attributes
Business process
analysis skills
Collaboration skills
Discernment and
judgment skills
Interviewing skills
Project management
skills
skills
Tact

Resources
Business analysis
standards, models
and tools
Business area
strategic plans, org
charts, SOPs
Key Industry
standards
Analytical skills
Discernment and
judgment skills
Interviewing skills
Project management
skills
skills
Professional and
trade associations
Research services
Technology
standards, models
and tools
j
k
l
m
n
2
a
b
c
e
f
3
a
b

Attributes
Knowledge

Resources
throughout information governance practices

Review existing policies pertaining to
information
Review electronic communications strategies
Review help desk strategy
Review technology outsourcing strategy
Review content retention and disposition
strategy
Review digital preservation plans to ensure
data quality through integration of new
technologies to enhance business operations
(e.g., master data management, metadata
management)
Monitor and evaluate technology trends
Review general technology trends in the

markets (e.g., cloud computing, social media)
Evaluate general technology trends for IG
implications
Review IG implications with stakeholders in
accordance with IG framework

Review technology trends specific to IG in the
markets (e.g., record/content management
applications, developing standards, data
discovery, storage, new data formats
Participate in the evaluation of IG specific
technologies
Review IG specific technologies with
stakeholders in accordance with IG
framework
Evaluate hardware, software and data life cycles
Review IT procurement procedures
Incorporate information governance

requirements to IT procurement process
and practices
Technology industry
Professional and
trade associations
Research services
Technology
standards, models
and tools
Analytical skills
Discernment and
judgment skills
Project management
skills
skills
Analytical skills
Decision making skills
IG framework
IG standards, models
and tools
Data migration processes

Decommissioning
processes

c
d
e
4
a
b
c
d
Knowledge
IT development process
requirements to IT development process
IT procurement
procedures
requirements into system retirement and
data migration processes
requirements to decommissioning process
Align IG strategic plan and framework with the IT strategy and operations
Review goals of IT organization
Assess and analyze IT goals
and practices
Collaborate with IT to develop strategy to
Electronically stored
incorporate information governance
information (ESI)
requirements into existing systems
requirements
Collaborate with IT to incorporate IG
Financial modeling
requirements into legacy systems
TCO (Total Cost of
Ownership)
Collaborate with IT to assist in system
upgrade and replacement strategy
Privacy and security
Structured and
unstructured systems
Technology industry

Attributes
Negotiation skills
Persuasion skills
Project management
skills

Resources
Research services
Technology
standards, models
and tools
IG framework
IG standards, models
and tools
IG strategic plan
IT strategic plan and
operational plans
Key Industry
standards
Analytical skills
Business relationship
building skills
Financial skills
Negotiation skills
Project management
skills
Strategic thinking
skills

Developing an Information Governance Framework

Cargado por

Información del documento

Descripción original:

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Developing an Information Governance Framework

Cargado por

Copyright:

Formatos disponibles

Duties, Tasks, and Steps

Obtain stakeholder signoff

Conduct a risk assessment

Tools, Equipment, and

Risk assessment methods

Managing Information Risk and Compliance

Prepare risk profile

Skills, Abilities, and

Duties, Tasks, and Steps

Analyze and review risk assessment data

Modify risk mitigation program as needed

Conduct risk and compliance audit

Skills, Abilities, and

Tools, Equipment, and

Cost benefit analysis

Ability to assess and

Duties, Tasks, and Steps

Skills, Abilities, and

Tools, Equipment, and

Oversee the performance of the audit

Identify roles and responsibilities

Analyze internal drivers

Duties, Tasks, and Steps

Review other constraints (e.g., financial, time,

Regularly review and update plan as needed

Tools, Equipment, and

Trend analysis skills

Refer Key Industry Standards list on page 7

Skills, Abilities, and

Duties, Tasks, and Steps

Evaluate internal polices, standards,

Assign authority, roles and responsibilities

Develop communications and training

Skills, Abilities, and

Tools, Equipment, and

Authorities, roles and

Duties, Tasks, and Steps

Develop auditing and enforcement mechanisms for the framework

Obtain executive management signoff

Assign IG program roles and responsibilities

Implement the IG program

Skills, Abilities, and

Tools, Equipment, and

Duties, Tasks, and Steps

Provide training of assigned resources

Skills, Abilities, and

Tools, Equipment, and

Manage the IG program

Monitor adoption of the IG program

Management theory and

Evaluate effectiveness of IG program

Evaluate and align resources

Establishing IG Business Integration and Oversight

Organization structure and

Duties, Tasks, and Steps

Skills, Abilities, and

Define current state of technology use in business process

IG principles and practices

Tools, Equipment, and

Duties, Tasks, and Steps

Develop an ongoing participation process

Develop an ongoing approval process