In mapping out a clear information governance strategy in any organisation, the board of directors has to be aligned with information governance goals and objectives. Its buy-in would enable the process to flow smoothly. Having clear roles and responsibilities would help the organisation understand owners of IT business functions, personnels to use for managing information flow and more importantly, build an appropriate information governance structure.
In this article, I highlight from a broad perspective what an organisational role structure in information governance should look like and the descriptions these various roles carry.
As mentioned above, the first point of call is the board of directors. Since it steers the ship of the business, it plays a critical role in ensuring that the right resource in terms of finance, human resource and software kits are procured to meet the overall information governance goals. What transpires when there is no board buy-in is a governance structure set to fail.
Once the board is on board, then there needs to be the information governance steering committee. This set of individuals usually have the expertise with regards to how information flows within the system and how it meets the day to day business functions. They usually ensure that the strategy is in line with the goals and priorities of the organisation and they monitor and encourage the implementation of the framework to support the business.
Since information governance is not a destination, but a journey, there needs to be someone responsible for the daily activities that drive and monitor the key deliverables within the information governance framework. This individual would usually have expertise in all things information governance and in most cases, they are usually called the information security manager. They are usually vast in various fields and can provide general feedback about the present state of information governance within the business, monitor the cost implication in the management of information and give timelines for various projects within the information governance framework.
Furthermore, the information security manager would approve project plans and budgets, set priorities and milestones, acquire and assign resources and ensure that the project meets business requirements.
After a data mapping exercise has been done, the information security manager can now hand various responsibilities to various business process owners. For example, a senior marketing manager will manage and oversee the information lifecycle management within the marketing department and ensure it meets the standards and agreements of the business. The roles have to be clearly documented perhaps in their resume or as addendum to their existing job contracts.
Having clear roles and responsibilities would also create an air of accountability. The company would be able to say that a particular individual manages these particular information assets and knows who to meet when something happens. It is not enough, however, for the roles to be clearly defined; the business must also ensure that the individuals managing these particular IT business functions are properly trained to execute their daily tasks.
Some questions to consider in creating various roles and responsibilities within information governance are as follows: Who is accountable for ensuring relevant controls for sensitive information assets? Who has responsibility for data classification? Who is the data owner? Which level of management is most effective in managing and executing an enterprise risk programme? Who should give final sign-off on the IT risk management plan?
Answering these questions (albeit not wide enough) would give businesses an idea of who to give various tasks within their information governance framework. Defining these roles would put any business in a very good stead to have and maintain a clear information management structure.
business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com
