Improving Performance while Addressing Compliance Initiatives: Implementing Information Governance Strategies across your Enterprise

By Sylvia Feldman, Corporate Writer, Optical Image Technology, Inc.

(Note: This article was originally published in the July 2007 edition of document eNotes)

View printable PDF (opens in new window)

Have you ever had to teach a child right from wrong? In most cases, when it comes to instructing children, our disciplinary efforts are geared toward specific behaviors. We see an action with questionable motives, explain why it is wrong, and gently suggest some better alternatives.

As children grow, their ethical behavior is often shaped by larger forces, such as laws or cultural directives. These forces are provided as instructive deterrents rather than after-the-fact responses to specific behaviors, and are able to provide guidance with respect to moral development. Human behavior is often influenced by these extrinsic factors, which complement individuals’ intrinsic value systems. A similar progression often occurs in the business world.

Managing risk: Controlling your information

In order to mitigate and manage risk, organizations are adopting information governance strategies on both small and large scales. Small scale adoptions are usually enacted in response to specific business needs, while large-scale implementations are typically enacted in order to address regulatory standards. As a concept, information governance encompasses many areas; realistically, what it really boils down to is the way in which organizations control the collection, management, and dissemination of their information.

To control corporate information, organizations must take into consideration intelligence regarding business processes, customers, and employees. Businesses might adopt measures driven by government regulations (SOX, HIPAA, DOD, etc.) and compliance initiatives. By implementing enterprise-wide governance standards, an organization can ensure that it is addressing the compliance requirements that are specific to its industry. At the same time, it can realize improved process management as a result.

Data protection: How secure are your files?

If your organization is serious about protecting and managing customer and employee information, it is imperative that you evaluate your existing records management system. Have you transitioned from paper to electronic document management (EDM)? EDM is the foundation of a solid data protection plan. It provides a level of security that paper processes—no matter how evolved—cannot hope to match. EDM allows you to designate not only who has access to information, but how long that information should be retained. By scrutinizing your existing system, you can determine which individuals should be granted or denied access to corporate information. Establishing data protection standards with a robust EDM system enables you to streamline your business processes and ensures that you are complying with industry regulations.

Another component that is integral to the concept of data protection is data classification. Do you have a means to index your information so that it can be retrieved efficiently? What measures are in place to ensure that everyone within your enterprise is indexing consistently? Does your indexing structure reflect the needs of the entire organization, or of only one or two departments? When indexing strategies are standardized throughout your entire enterprise, you are assured that you will be able to truly manage your information.

Compliance: A legal framework

Many organizations formulate information governance strategies in direct response to corporate compliance requirements. What measures do you have in place currently to supplement the legal framework to which you are beholden? A combination of EDM and records management provides an excellent means to address compliance obligations. In turn, it serves as a foundation for an information governance strategy.

Start by implementing strategic initiatives throughout your enterprise so that you do not experience discrepancy or redundancy among individual departmental responses to compliance requirements. These initiatives should serve the dual purpose of addressing regulatory requirements and supporting business processes. Once your policies are in place, be sure that you are effectively communicating them to every tier of your organization. Document your compliance efforts and the processes that you use to manage your information.

Automate your internal controls. An EDM system combined with workflow can ensure that records retention and destruction schedules are not subject to human error. If you can pre-configure how long information should be kept and when it should be destroyed, you are assured that the document life cycle will not be accidentally extended or terminated. EDM reporting tools can monitor your business processes to provide real-time information regarding your system’s performance. These tools help organizations to further manage and control information, addressing both compliance directives and information governance measures. Audit trails, which are also available with robust EDM systems, provide accountability to further protect organizations. They report on which employees accessed documents, and at which times they were accessed. Audit trails also give details regarding who added to or otherwise altered documents.

E-discovery as a motivator

Know what information you have, and know where it is located. Do you have the ability to produce information upon request? Recognize that, for most organizations, the responsibility for retrieving information usually rests with the users. What measures can you enact to ensure that standardized procedures are in place throughout your enterprise if your organization is requested to produce specific information?

Today, technology is evolving faster than our ability to control it. Without governance strategies, we cannot be sure that we are in control of our information. Personal Digital Assistants (PDAs), in particular, have proved to be particularly challenging with respect to this arena, as is the control of email. Organizations can take measures to control their documents, but if users upload documents to PDAs or other devices, those documents are no longer governed by an organization’s control measures. Enterprise-wide policies must be enacted to address the possibility that corporate information may leave the jurisdiction of the organization. Plan for the likelihood that, should your organization face litigation, you will be able to control and retrieve your information.

Is your email records retention policy determined by your records managers, or by your users? Without a strategy to locate and produce specific email messages, your company risks losing millions of dollars in the event that it is asked to produce information as part of litigation. A versatile EDM system has the tools to allow you to filter and capture email messages, attachments, and headers. It can incorporate email messages into your records management architecture, addressing the need for both BPM enhancement and legal compliance.

Conclusion

Unfortunately, the quest to adopt effective information governance policies offers no easy solutions. There are, however, some steps that you can take as you consider implementing procedures on an enterprise-wide scale:

Establish a communication plan that outlines your corporate policies and ethics. Disseminate this plan throughout every level of your organization, and establish a system of checks and balances to make sure that policies are being carried out.
Document your procedures. Demonstrate your compliance efforts, and establish audit trails so that your organization is protected.
Automate your procedures wherever possible. Automated workflow removes the element that may result in the mishandling of information, and helps you to better manage and control your information.

Make sure that you are compliant, not complacent.

To learn more about how DocFinity document management and workflow software can augment your information governance strategies, please contact Optical Image Technology (http://www.docfinity.com) at 814.238.0038 or email info@docfinity.com.