The Information Governance Reference Model (IGRM) project started from a groundswell of interest in having a model that will frame the discussion of information management, in the same way the Electronic Discovery Reference Model has shaped our view of e-discovery. It was clear that this required much more than simply a better description of the Information Management node of the EDRM. The Information Management node deserved a reference model for itself.
The following reflects how we arrived at the current diagram. The IGRM group has a diverse membership pool so the conversation is broad and varied. We invite you to participate and bring your point of view and experience to our shared collaborative effort.
After much discussion among the EDRM Team and outside stakeholders, we have arrived at this draft diagram focused on one of the major challenges of information management: namely, that most information management efforts are crippled by insufficient collaboration among key stakeholders. We recognize that there are many stakeholders involved, but for the sake of simplicity, we have grouped them into three categories. These are:
- Business users who need information to operate the organization,
- IT departments who must implement the mechanics of information management, and
- Legal, risk, and regulatory departments who understand the organization’s duty to preserve information beyond its immediate business value.
We hope that this top level diagram will help stakeholders understand their role in information management, and bring them to the conclusion that true information management can only be achieved through successful collaboration with other groups across the enterprise. Subsidiary diagrams will provide additional granularity and perspective.
The Outer Ring
Starting from the outside of the diagram, successful information management is about conceiving a complex set of interoperable processes, and implementing the procedures and structural elements to put them into practice. It requires:
- An understanding of the business imperatives of the enterprise,
- Knowledge of the appropriate tools and infrastructure for managing information, and
- Sensitivity to the legal and regulatory obligations with which the enterprise must comply.
For any piece of information one hopes to manage, the primary stakeholder is the business user of that information. We use the term “business” broadly; the same ideas apply to end users of information in organizations whose ultimate goal might not be to generate a profit.
Once the business value is established, one must also understand the legal duty attached to a piece of information. The term “legal” should also be read broadly to refer to a wide range of legal and regulatory constraints and obligations, from e-discovery and government regulation, to contractual obligations such as payment card industry requirements.
Finally, IT organizations must manage the information accordingly, ensuring privacy and security as well as appropriate retention as dictated by both business and legal or regulatory requirements.
In the center of our proposed diagram is a workflow, or lifecycle diagram. We include this component in the diagram to illustrate the fact that information management is important at all stages of the information lifecycle – from its creation through its ultimate disposition. This part of the diagram, once further developed, along with other secondary level diagrams, will outline concrete, actionable steps that organizations can take in implementing information management programs.
Even the most primitive business creates information in the course of daily operations, and IT departments spring up to manage the logistics – indeed, one of the biggest challenges in modern organizations is trying to stop individuals from excess storing and securing of information. Legal stakeholders can usually mandate the preservation of what is most critical, though often at great cost. However, it takes the coordinated effort of all three groups to defensibly dispose of a piece of information that has outlived its usefulness, and retain what IS useful in a way that enables accessibility and usability for the business user.