Information Governance and Management: solving the problem


The Tech world is changing rapidly. IOT, AI, Virtual Reality, beginning of Mesh and Adaptive Security and a lot of other interesting trends that cause a lot of data flowing into the companies, and there is much more to come.

After years of working in Tech environments, I can definitely tell that one of the challenges is to have a proper Enterprise Information Management and Data Governance, and in many companies, it is becoming an issue. Is it possible to fix it?

Yes, it is. Here is how. But before we get to the point let’s figure out the terms and see, why you need the governance and management and what happens if you don’t have it:


Data – Facts and statistics collected together for reference or analysis. (I think that is the best definition of data that comes from Google) – Somewhat structured data

Information (or content) – structured (raw data) and unstructured data (files, digital media, etc.)

So what is Data Governance? A majority of the companies use this term speaking about raw, unstructured data, which is used for analysis. Data governance is set of rules and procedures which govern the process which service data from it birth or its first appearance in the company until the end of its life – mainly rules and regulations for the data life cycle. Data Governance is very tightly connected with IT governance and Corporate governance overall. Data Governance is a part of Enterprise Information Management structure.

Data policies can be very similar to Enterprise Information policies plus there are additional components should be applied such as Business Glossary, Data Quality rules, data associations, etc.

Data Governance is a part of Enterprise Information Governance which is a part of IT Governance, which is a part of Corporate Governance.

What is Enterprise Information Governance?

Applies to all information including structured and unstructured data.  Set of rules and procedures which govern the process which service information from it birth or its first appearance in the company until the end of its life – mainly rules and regulations for the information life cycle. Information governance typically includes privacy regulation, information security, information flows, data flows and ownership.

What is a Data Management and Information Management?

The actual process of dealing with data structured or unstructured applying governance policies, dealing with components and eventually generating the results which are necessary for the producing the value. It includes Data Lifecycle Management, Information Lifecycle Management, Records management, Archiving processes, etc.

Information is one of the main components of every living and breathing business entity. By that, we mean every bit of information that surrounds and services the main purpose of any business – creating a value and generating revenues. It can be any company’s document, e-mail, raw data used for analytics or statistics (either about the user or simply hardware performance metrics), software codes – you name it – the list can be extremely long.

The Goal of having Enterprise Information and Data Governance processes:

To put it in one phrase: to prevent throwing money into the wind.

By building the standard processes you are achieving the main goals, such as: risk mitigation, proper compliance,  security and privacy protection. Additionally achievement of an optimization of IT processes related to content, so it will be efficient, time and money saving process. Reducing operational friction is another valuable part.  All that points to the main goal of generating better revenue – keeping the money in the house and use resources for growth instead of dealing with issues.

Unfortunately, there is no direct metrics such as  “Losses due to lack of Governance”, but if you start digging deeper into some company’s processes or incidents you will see that the reason why problems pop out – in many cases, it’s a lack of Governance.

Sadly in some cases, the management is not worrying about it until the lightning strikes, and in some cases, they don’t even act after the lightning strikes – they’d keep patching the holes without really addressing the root cause issues.

Having Information Governance and Management in place is one of the main pillars of successfully functional business. Well developed processes can make a big difference for the company’s well-being: either being profitable or losing money, either developing more new initiatives and growing or struggling with supporting constantly sick infrastructure.

Here are some stats from several years ago: According to Gartner 8 out of 10 spent in IT is a dead money. IT spending ratio – New Initiatives vs. Maintenance is 20% / 80%. Maintenance is quite a broad term, but out of my own experience I can tell for sure: a lot of maintenance comes from the lack or limping Information and Data Management and Governance or IT governance in total.

It can cause things from very quietly, “under the surface” ongoing loss of productivity which quietly sucks money out of the company to major, very loud systems incidents.  Either way – very unpleasant.

Another point I want to make: it is not enough to have a process  – it is very important to enforce it in the company and keep following it.

Examples of Information and Data Governance:

Example: Policy that avoids redundancy in data, by avoiding copying the same data to different locations. Use only one version that is accessible from different locations.

Result: fewer resources for storage, backup/recovery processes, hardware/servers maintenance, fewer man hours for support, less confusion etc.

Example: Policy that outlines archiving strategy by creating stages for data / information retention and finally deletion. The benefits of this one are endless, but to name a few:

Result: proper usage of enterprise applications and their capacity – avoidance of overstuffed DBs and App libraries, moving an old data to a non-production tiers, which means less money for storage, backup/recovery, DR processes, less man hours for system support, better end users productivity, better SLA, better performance of the production systems, less chaos in data.

Example: Policy for data / information classification. Result: better archiving strategy (topic above) + better searchability which results in better users productivity.

There are many more very important money keeping policies that are part of information / data governance that touches security, compliance and other areas.

Components of Information and Data Governance:

  • Data rules and definitions (what the processes are)
  • Controls (change or incident management, access management, etc.)
  • Decision rights (who is making decisions)
  • Accountability (who is responsible)
  • Physical architecture of the data / information flow (how, where and when the data is moved or other processes implemented)

There is no really “one-size fits all” model of governance, and every governance process is pretty much custom-built. But the above frameworks will work for everybody.

How to develop and implement it?

Answer several questions first:

Are there any existing issues already? If yes – what is the cause? How to solve them?

Are there any potential issues? If yes – what will be most likely the cause? How to avoid it?

And here is the process that can be used as a guidance for information and data governance:

I am not going to go into the details of developing a business case and funding it, which is more of a pre-acquisition state but the main acquisition and utilization phases should consist of:

  • Analyzing data / information
  • Analyzing locations (on prem, cloud, etc.)
  • Analyzing storage (tiered, )
  • Creating a team to work with (management, stakeholders)
  • Creating frameworks for Data / Information Classification
  • Creating rules
  • Appointing accountable parties
  • Appointing the decision makers
  • Architecting the data / information flow processes (this is a big project that includes conceptual/logical/physical system architecture)
  • Testing the solution
  • Deploying the solution
  • Monitor the success

Start small – say with the easy department or project. Create a custom-built framework. Work off this framework.

Good communication is a vital component

If you are a growing business dealing with a lot of incoming information – don’t put off the governance process for too long. Yes, you’ll have to allocate budget and resources for this venture, but in the long run it well worth it. If you think about it: once you create a reusable process – the major part of the job is done,  you just need to follow it and modify it when the need comes.

Here are some additional important parts:

Just like in any system engineering process you need to craft and well document the governance process in such a way, so it should be just enough for the company to be successful in all governance processes, but not overstuff the process with unnecessary bureaucracy. The trick is to find just the right balance.

The other important thing is that the leadership should understand the importance of the governance and keep stressing this subject to the company. If that is not the case – you can create a state of the art process, but it will be useless because it needs to be actually enforced and followed.

To conclude: organizing a good governance process well worth the money!