I saw the other day someone saying that we IG folks need to put the Governance back into Information Governance. (Apologies if this was you, I can’t remember who it was in order to credit them!).
I tend to agree.
Governance is not just about forms, processes and the art of saying no. I still see far to many of us in IG that cling on to the sense of power that saying no has. But it’s a fools game. Simply saying no without actually understanding the need behind the ask is inviting disengagement and a negative reputation.
Now I’m not saying it should be a yes to everything either.
What I am saying is that like any good governance, good information governance should be reflective, responsive, responsible and risk based.
Here are some of my top tips/questions to ask yourself for effective IG.
- How often do you review your governance processes to ensure they are still relevant and fit for purpose? Performance is just as important as ‘compliance’.
- When you say no to something, do you consider or offer an alternative? So if you ban an app because it is US based (as an example), do you give staff an EU/UK based alternative?
- Does your IG board (or similar) include all areas of organisation, or is it just a talking shop with all the usual suspects? (IG, IT, Risk etc)?
- Do all your governance board members have the training and skills they need?
- Does your governance challenge as well as support? Where does this sit against your organisation’s overall strategy?
- How clear and transparent is your governance? Does everyone (internal to it and external to it) understand its role and the work it does?
Governance doesn’t have to be a hinderance. It can be a practical force for good within your organisation, but like most things it needs time, care and attention in order to get it that way.