1. Info-Tech Research Group1 Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2012 Info-Tech Research Group Inc. Headline / Subhead Vertical pacing V3.1 Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2013 Info-Tech Research Group Inc. Deploy Effective Information Governance with a Document Source Audit When there’s trouble like litigation or compliance problems, the CIO gets the call.

2. Info-Tech Research Group2 The CIO must own enterprise information. When there’s a problem, such as litigation or service outages, the CIO will get the call. Be proactive. Get stakeholders together in a room and take control of information. Introduction CIOs and IT leaders who must take control of information in the enterprise to reduce risk or extract additional value. Other business leaders who are responsible for information governance, including: Compliance officers Records managers Build an information governance strategy. Develop an inventory of information sources, assess their relative importance, and develop appropriate projects for either risk mitigation or value delivery. Co-ordinate cross-functional Information governance initiatives involving IT, business units, legal counsel, and other stakeholders. Balance the complex sets of constraints and demands that apply to content including: Regulatory compliance eDiscovery Privacy This Research Is Designed For:This Research Will Help You:

3. Info-Tech Research Group3 Executive Summary Take control of the information in your enterprise. If the enterprise determines that there are information-related risks or opportunities in the business, you must perform an assessment and explore opportunities. Create a project team, profile information sources, and develop a list of priorities and plans. 1.Information governance is one process among many. A focus on information governance is often the result of an assessment of enterprise risk and opportunity. Review Info-Tech’s workshops: WCO: Risk Management and WCO: IT Strategy.WCO: Risk Management WCO: IT Strategy 2.Get control of information sources. Information is resident in many different places within the enterprise. Each of these sources must be identified, assessed, and assigned to a particular owner. 3.Assess risk and reward. Each information source must be classified to identify potential risks and rewards. This assessment is crucial for both the creation of project proposals and for recommending changes to standard IT services. Info-Tech Insight Situation Complication Resolution When there’s a problem, the CIO gets the call. When there’s litigation or a failed compliance audit, the CIO must assume responsibility for the remediation. A perceived lack of performance by the CIO then threatens IT’s ability to take a leadership role in other information-driven projects such as defining a social networking strategy. Many CIOs assume that information management is the problem of business units and users. The information belongs to the business, not IT. These same CIOs also want a greater role in determining the information strategy for the enterprise, particularly in sales and marketing efforts.

4. Info-Tech Research Group4 Follow Info-Tech’s information governance roadmap Reintroduce the Information Lifecycle to the Content Management Strategy WCO: Risk Management Content Mgmt. Risk Mgmt. Find Information in the Enterprise You are here: Deploy Effective Information Governance with a Document Source Audit IT Strategy WCO: IT Strategy Develop a Data Privacy Compliance Strategy Mitigate Internal Risks & Achieve Compliance with Internal Controls Move Away from File Shares and Organize Enterprise Information Minimize Litigation and FOIA Expenses with an Appropriate eDiscovery Framework

5. Info-Tech Research Group5 WCO: Risk Management 1. Risk Scenarios 2. Determine Risk Severity 3. Build the Risk Profile 4. Take Action Towards Risk 5. Report and Communicate Risk WCO: IT Strategy 1. Understand the Corporate Strategy 2. Assess the Current State of IT 3. Define the Targets and Gaps 4. Create the Roadmap 5. Create the IT Strategy Deploy Effective Information Governance with a Document Source Audit 1. Build a Project Team 2. Identify Information Sources 3. Assess Information Sources 4. Define a Retention Schedule eDiscovery: Ease Compliance through Repeatable Process When risk and strategy assessments point to information, you need an information governance strategy 5. Create a Communication Plan Info-Tech’s World Class Operations (WCO) workshops often point to the need for information governance. This set lays the groundwork for projects related to eDiscovery and knowledge management.

6. Info-Tech Research Group6 Info-Tech is just a phone call away to assist you with your project Info-Tech Assisted Implementation (IAI). Our analysts will guide you to successful project completion. This bell signifies when you’ve reached an IAI point! 1.Arrange to speak with a Consulting Analyst. Apply our research advice to your specific organizational needs. 2.Complete a critical project stage with a Consulting Analyst. Collaborate with the Analyst as you work through a project step, complete a Tool or Template, interpret results, and plan next steps. 3.Compare your results with those of others. Benefit from lessons learned. Consulting Analyst will review completed deliverables and experiences of other clients to suggest improvements and help you avoid pitfalls.

7. Info-Tech Research Group7 Info-Tech is ready to assist throughout the information governance project Recommended Info-Tech Assisted Implementations Section 1: Understand the growing need for information governance An information governance strategy is useful for almost every enterprise. It is not, however, a priority for most of them. Learn how to engage support for information governance with key stakeholders, and understand the key issues that might be crucial for the effective deployment of an information governance program. Section 4: Implement information governance Interpreting and Acting on Data Audit Results: Review data audit results, discuss how to rectify any issues highlighted, who will take ownership of the cleanup process, a communication plan for end-users and any automated tools that may assist in the cleanup initiative.

8. Info-Tech Research Group8 What’s in this Section:Sections: Understand the growing need for information governance Determine why you need an information governance program Build the information governance team Implement information governance Maintain the information governance strategy Who owns information governance? What are the top drivers? How can Info-Tech help?

9. Info-Tech Research Group9 Information governance applies people and process to the management of organizational information assets Ownership, accountability, process, and policy encourage the right behavior in stakeholders, users, and creators of all organizational information. Information is one of the largest assets owned by an organization. To manage it effectively there must be guidelines and processes put in place around the creation, storage, access, archiving, and destruction of that information. Information governance considers responsibility, accountability, and ownership for how an organization’s information is handled throughout its lifecycle. The processes and policies that encompass information governance will also ensure that an organization’s information is current, trustworthy, and reliable to promote accurate decision making. The challenge with information governance is that the amount of organizational information is growing at an increasingly rapid rate. Social media, mobile usage, and the Cloud are all contributing to the rise of unstructured content, which must also be managed under a governance initiative. Information governance not only safeguards corporate information from risks such as breaches and unauthorized access, it also puts mechanisms in place to manage compliance so that organizations don’t get themselves into legal or regulatory trouble. With over 90% of all business information being created electronically, the ultimate purpose of information governance is to help organizations capitalize on the value of their information, while reducing the potential risks. For more information on information governance strategy, refer to Info-Tech’s solution set Develop an Information Governance StrategyDevelop an Information Governance Strategy.

10. Info-Tech Research Group10 Regulation is the top driver for information governance Respondents were asked to select all that apply Source: Info-Tech Research Group, N=26 Unsurprisingly, regulatory compliance (e.g. Sarbanes- Oxley, HIPAA, etc.) is by far the top driver of the need for information governance, according to Info-Tech’s survey. Benefits and efficiencies are the second and third leading drivers. These include improved access to information for knowledge workers and reduced helpdesk and email server loads. Compliance (or non-compliance) is a concrete and imminent risk that resonates with business leaders and stakeholders around the organization. IT leaders should use compliance to gain executive buy-in and drive the cross-functional cooperation required for an information governance strategy. Once the initiative is underway, due diligence must be paid to every aspect of information governance, including benefits and eDiscovery risks. Regulation is the biggest driver of information governance initiatives Info-Tech’s Findings: Info-Tech’s Advice:

11. Info-Tech Research Group11 Start by assuming responsibility for information governance Take Leadership Action: The CIO must take a leadership role in an information governance initiative. Because IT will ultimately implement and manage solutions – and bear the brunt of the grief – IT leaders can’t afford to let apathy and indecision undermine the policy and planning stages. IT must come to the table with an understanding of what’s technically feasible and affordable versus what is not. Other stakeholders, including compliance officers and records managers, who are responsible for compliance policies and systems, must also be actively involved in the information governance project team. Source: Info-Tech Research Group. N=31 Relevant Job Descriptions: Chief Privacy Officer Chief Risk Officer Corporate Compliance Officer Electronic Records Manager CIOs have a major responsibility for information governance!

12. Info-Tech Research Group12 Info-Tech Research Group Helps IT Professionals To: Sign up for free trial membership to get practical solutions for your IT challenges www.infotech.com Quickly get up to speed with new technologies Make the right technology purchasing decisions – fast Deliver critical IT projects, on time and within budget Manage business expectations Justify IT spending and prove the value of IT Train IT staff and effectively manage an IT department “Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment. - ARCS Commercial Mortgage Co., LP Toll Free: 1-888-670-8889