The Sedona Conference® Commentary on Information Governance

The Sedona Conference® Commentary on Information Governance

The Sedona Conference®  recently released a public comment version of its Commentary on Information Governance, a project of The Sedona Conference Working Group One on Electronic Document Retention & Production (WG1).

A new definition of Information Governance

The Commentary adds another definition of ‘information governance’ to our lexicon.  According to The Sedona Conference®, information governance is “an organization’s coordinated, interdisciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.”

Breaking down the silos

The Commentary emphasizes the need to break down silos and achieve coordination among an organization’s information-focused disciplines such as RIM, data privacy, information security, and e-discovery to ensure “a top-down, overarching framework, informed by the information requirements of all information stakeholders . . . [to] enable an organization to make decisions about information for the good of the overall organization and consistent with senior management’s strategic directions.”

The 11 principles at a glance

To assist organizations in developing and implementing that framework, the Commentary provides “a comprehensive set of basic principles to guide the development and operation of a robust Information Governance program in any organization.”  The eleven principles are:

  1. Organizations should consider implementing an Information Governance program to make coordinated decisions about information for the benefit of the overall organization that address information-related requirements and manage risks while optimizing value.
  2. An Information Governance program should maintain sufficient independence from any particular department or division to ensure that decisions are made for the benefit of the overall organization.
  3. All information stakeholders should participate in an organization’s Information Governance program.
  4. The strategic objectives of an organization’s Information Governance program should be based upon a comprehensive assessment of information-related practices, requirements, risks, and opportunities.
  5. An Information Governance program should be established with the structure, direction, resources, and accountability to provide reasonable assurance that the program’s objectives will be achieved.
  6. The effective, timely, and consistent disposal of physical and electronic information that no longer needs to be retained should be a core component of any Information Governance program.
  7. When information governance decisions require an organization to reconcile conflicting laws or obligations, the organization should act in good faith and give due respect to considerations such as privacy, data protection, security, records and information management, risk management, and sound business practices.
  8. If an organization has acted in good faith in its attempt to reconcile conflicting laws and obligations, a court or other authority reviewing the organization’s actions should do so under a standard of reasonableness according to the circumstances at the time such actions were taken.
  9. An organization should consider reasonable measures to maintain the integrity and availability of long-term information assets throughout their intended useful life.
  10. An organization should consider leveraging the power of new technologies in its Information Governance program.
  11. An organization should periodically review and update its Information Governance program to ensure that it continues to meet the organization’s needs as they evolve.

Each principle is discussed in detail in the body of the document.

Appendices

Appendices address the synergies – and conflicts – in the intersections of IG stakeholders (i.e. RIM, privacy, security, and e-discovery), a maturity continuum as it relates to an information function’s level of independence maturity, the risks associated with digital assets, and the quantitative/ROI business case for IG in terms of optimizing corporate value, risk reduction, hard cost avoidance, and soft cost avoidance.

Opportunity to comment

Because the document is a public comment version, comments and suggestions for improvement are welcome.  You can join the dialogue online (paid and free accounts are available) or submit comments by email to info@sedonaconference.org

Leave a Comment

Your email address will not be published.

Related Posts

byod

New Paper — RIM Strategies for BYOD

Sheila Taylor has authored a new chapter for the March, 2016 supplement to Carswell’s Records and Information Management subscription-based service, entitled “RIM Strategies for BYOD”. The chapter provides an assessment of the current state of Bring Your

Read More »
  • About the Author

  • Sheila Portrait
    Sheila Taylor
  • Sheila Taylor is a well known consultant, educator, speaker and writer with more than 25 years of experience in the information management (IM) field.

  • Recent Tweets

  • Company News

  • Search Site

  • Archives By Date

  •  Telephone

     

    (905) 702-8756
    1-877-857-7111

     

    Email

     

    info@eimc.ca

    Request A Call

    Case in Point

    That's A Lot of Records!
    Often the requirement for a needs assessment is driven by a specific initiative being considered or an immediate problem to be solved, rather than a general desire to establish a corporate (or organization-wide) IM program. We had a client wanting to improve its management of a specific group of critical records – thousands of member files in paper, microform and digital formats containing hundreds of unique document types.
    Assess, Plan and Schedule
    Ergo reviewed the organization’s current practices for managing those records, compared those practices to best practices, and identified risks and areas for improvement. From there we developed a strategic plan with a focus on records storage and retention. The plan identified the operational, financial and technological requirements for implementing the recommended changes, improvements and enhancements in the lifecycle management of the member records. Activities in the plan were classified as short term (next 6-12 months), medium term (next 12-24 months) and longer term (next 25+ months).
    Step by Step Success
    Implementation of the strategic plan enabled this organization to ensure its member records are properly identified, organized, accessible, protected and retained as long as necessary to meet operational and other requirements.
    Previous
    Next