First, a little story of how the PHIGs were born …

In the fall of 2012 I was at a symposium in Chicago, representing OpenText who I was working for at the time. The topic was how to be ready for eDiscovery. During the final panel, of which I was a part, it struck me that even though the other panellists were espousing the virtues of being proactive, they were really only talking about an eDiscovery context. I.e.: They were referring to defensibly destroying information before it could be used in legal proceedings. Now, there’s nothing wrong with what they were saying, but it focuses entirely on a risk based approach to managing only a small portion of the information an organization has. What about managing all information, holistically and proactively, to make the business better? Could information be managed from a value perspective that also mitigates risk? Damn right it could. And a few months later the PHIGs were born.

You can download the PHIGs in pdf here.

I used to think that people were an organization’s most important resource, but I don’t think that’s the case any longer. You see, some things have changed over the years: 1) Organizations put more time and effort into making sure they have the right information than whether or not they have the right people; 2) Missing key information causes more consternation than when a key person is missing (vacation, prison, dead, etc.); 3) Organizations will happily jettison people they think are no longer required, but hold on to useless information for eternity; 4) Organizations don’t pay the people that manage information nearly enough.

If a person unexpectedly leaves their job the organization copes and moves on. If key information vanishes right before a planning cycle … different story. So why do organizations suck so bad at managing information like the asset it is? I don’t know and I’m not going to try to figure it out. This is more about helping organizations stop sucking at managing information. As for better pay for information management people … fight your own battles people.

What is Information Governance?

Information governance is all the rules, regulations, legislation, standards, and policies with which organizations need to comply when they create, share, and use information. Governance is mandated internally and externally. Done correctly (i.e.: holistically), information governance allows organizations to conduct business better and meet all their information-related obligations while minimizing risk. Done incorrectly (i.e.: in a siloed manner), information governance may help organizations meet obligations and reduce risk, but business efficiency is sacrificed.

Information Governance (IG) is about making sure all stakeholders have the necessary information to execute their jobs, without exposing the organization to unnecessary risk or overwhelming them with irrelevant information. IG requires that the information being surfaced matches the information consumer’s (internal or external) context.

Why do Information Governance?

In order to make the most effective and efficient use of information, it needs to be properly managed and governed from cradle (creation / capture) to grave (destruction / archiving). Holistic information governance makes organizations info-efficient[1] by providing the means to keep what’s needed and legally dispose of what’s no longer necessary. Holistic information governance results in faster, better decisions, reduced information-related risks, reduced legal costs, and reduced information storage costs. More importantly, holistically governing information leads to a better bottom line. Whether the bottom line is improved by increasing sales, reducing product development costs, lowering customer acquisition costs, or reducing legal fees really depends on the nature of the information and the business activities it supports.

Principles of Holistic Information Governance

The first thing to understand about the PHIGs is that no distinction is drawn between records and non-records. From a business execution perspective the difference is irrelevant, from an evidentiary perspective it’s minimal since any information you have can be used against you in proceedings.

Whether the information is structured, semi-structured, or unstructured makes no difference. Format and storage location are similarly unimportant to the PHIGs, as are the devices (personal or corporate) used to create, edit, or engage with the information. Whether the information is digital or not does not matter. Whether the information comes via social media, enterprise tools, or a spoken conversation is unimportant. The only thing that matters is whether or not the information is needed by the organization to either conduct business or meet obligations.

The PHIGs are based on understanding how an organization uses information to conduct business. Understanding has to happen at the micro (department, process) level and at the macro level to be truly useful. Not all information is equal for all organizational stakeholders; therefore it cannot be governed the same way across the entire organization. The amount of governance applied to information must be commensurate with the value of the information and the risk to the organization of inappropriate loss or disclosure.

The PHIGs are not an information approach to information governance; they are a business approach to information governance. The intent of the PHIGs is to help organizations analyze their information assets and needs, and apply the right level of governance based on how the information is used and needed to conduct business. The PHIGs are also about exposing where potentially beneficial information is, and how to get at it.

None of the ten principles is much good on its own; they only work as a whole. Other than the first and last – which are absolute – the key is to go only as deep as you need to in order to make things work for your organization, for in-scope processes, and for the information supporting the processes. Perfection is not the goal; things just need to be good enough; you can improve things as you go along.

[1] Info-efficient – it’s just a way of saying that people get the information they need to do their jobs, and not information that distracts and clutters.