Presentation is loading. Please wait.

Presentation is loading. Please wait.

Maximizing the Value of Information Information Governance As A Strategic Framework Presenter: Margaret Hermesmeyer, MLIS, IGP, CRM Division Chief Information.

Published byLily Stevenson Modified over 8 years ago

Similar presentations

Presentation on theme: "Maximizing the Value of Information Information Governance As A Strategic Framework Presenter: Margaret Hermesmeyer, MLIS, IGP, CRM Division Chief Information."— Presentation transcript:

1 Maximizing the Value of Information Information Governance As A Strategic Framework Presenter: Margaret Hermesmeyer, MLIS, IGP, CRM Division Chief Information Governance and Logistical Operations Office of the Attorney General of Texas

2 After attending this session, attendees will have gained understanding about:  The role the Generally Accepted Recordkeeping Principles® have in Information Governance  How an organization may improve compliance, efficiency and effectiveness of information management by appropriately applying the Generally Accepted Recordkeeping Principles® (the Principles)  How an organization may maximize the value of its information by appropriately applying the Principles Objectives For This Presentation

3 The Generally Accepted Recordkeeping Principles ® The Generally Accepted Recordkeeping Principles® Citation and Copyright Information About ARMA International and the Generally Accepted Recordkeeping Principles® ARMA International (www.arma.org) is a not-for-profit professional association and the authority on information governance. Formed in 1955, ARMA International is the oldest and largest association for the information management profession with a current international membership of more than 10,000. It provides education, publications, and information on the efficient maintenance, retrieval, and preservation of vital information created in public and private organizations in all sectors of the economy. It also publishes Information Management magazine, and the Generally Accepted Recordkeeping Principles®. More information about the Principles can be found at www.arma.org/principles.

4 The Principles ARMA International The Generally Accepted Recordkeeping Principles®  The Principles provide characteristics of an effective information governance program  Information Governance (IG) is defined several ways: Gartner defines IG as: An accountability framework that includes the processes, roles, standards, and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals The Institute for Information Governance defines it as: IG is the policy-based control of information to maximize value and meet legal, regulatory, risk, and business demands

5 The Principles ARMA International The Generally Accepted Recordkeeping Principles®  Records & Information Management (RIM) The Principles outline the critical role RIM has in IG ARMA defines RIM as: The management of recorded information, regardless of medium or characteristics, made or received and retained by an organization in pursuance of legal obligations or in the transaction of business  Examples of other industry accepted principles Generally Accepted Accounting Principles (GAAP) Generally Accepted Privacy Principles (GAPP )  The Principles align with ISO 15489, the International Standard for Information and Documentation - Records Management ISO 15489 Part 1 is General ISO 15489 Part 2 Guidelines

6 The Principles ARMA International The Generally Accepted Recordkeeping Principles®  The Life Cycle of Records and Information Initia l Pha se Create or Receiv e Initia l Pha se Create or Receiv e Acti ve Pha se Freque nt Use & Acces s Acti ve Pha se Freque nt Use & Acces s Inactive Phase Infrequent use & access Must maintain until records retention period has been met Inactive Phase Infrequent use & access Must maintain until records retention period has been met Dispositi on Phase Destroy or Transfer (For example, transfer to an archives) Dispositi on Phase Destroy or Transfer (For example, transfer to an archives)

7 The Principles ARMA International The Generally Accepted Recordkeeping Principles®  8 Principles Accountability Integrity Protection Compliance Availability Retention Disposition Transparency

8 The Principles ARMA International The Generally Accepted Recordkeeping Principles®  1) Principle of Accountability An organization shall assign a senior executive who will oversee a recordkeeping program and delegate program responsibility to appropriate individuals, adopt policies and procedures to guide personnel, and ensure program auditability.  2) Principle of Integrity An information governance program shall be constructed so the information generated by or managed for the organization has a reasonable and suitable guarantee of authenticity and reliability.

9 The Principles ARMA International The Generally Accepted Recordkeeping Principles®  3) Principle of Protection An information governance program shall be constructed to ensure a reasonable level of protection for records and information that are private, confidential, privileged, secret, classified, or essential to business continuity or that otherwise require protection.  4) Principle of Compliance An information governance program shall be constructed to comply with applicable laws and other binding authorities, as well as with the organization’s policies.

10 The Principles ARMA International The Generally Accepted Recordkeeping Principles®  5) Principle of Availability An organization shall maintain records and information in a manner that ensures timely, efficient, and accurate retrieval of needed information.  6) Principle of Retention An organization shall maintain its records and information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements.

11 The Principles ARMA International The Generally Accepted Recordkeeping Principles®  7) Principle of Disposition An organization shall provide secure and appropriate disposition for records and information that are no longer required to be maintained by applicable laws and the organization’s policies.  8) Principle of Transparency An organization’s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate interested parties.

12 The Principles ARMA International The Generally Accepted Recordkeeping Principles®  Key Concepts Information and information systems are linked with an organization’s activities:  Include important elements for the function of the organization  Support activities of the organization  Facilitate activities through improved workflows and predictive capabilities  Document and assist in compliance with applicable laws, regulations and standards

13 The Principles ARMA International The Generally Accepted Recordkeeping Principles®  Key Concepts Continued Information must be managed to effectively support the organization:  Information life cycle management  Information in all formats and on all media

14 The Principles ARMA International The Generally Accepted Recordkeeping Principles®  Key Concepts Continued The Principles are comprehensive and general  Provide the characteristics of an effective IG program  Allow flexibility in application

15 Information Governance Maturity Model ARMA International Information Governance Maturity Model ARMA International

16  What is the Information Governance Maturity Model? The IG Maturity Model defines the characteristics of the Principles at various levels of the IG program For example, how the organization:  Addresses information  Recognizes information  Sets requirements for information  Improves operations

17 Information Governance Maturity Model ARMA International  What are the 5 levels of the Information Governance Maturity Model? Level 1 - Sub-Standard Recordkeeping concerns are not addressed systematically Level 2 - In Development Developing recognition for the benefits of recordkeeping Level 3 - Essential Essential or minimum requirements are addressed Level 4 - Proactive Initiating IG program improvements across its business operations Level 5 - Transformational IG is integrated into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine

18 Information Governance Maturity Model ARMA International  Applying the Maturity Model Across the Principles Evaluate the organization’s current information practices and the IG program Identify business needs to improve through improved information practices Identify risks that can be reduced with improved information practices Design a realistic improvement strategy

19 Information Governance Maturity Model ARMA International Example of the Principle of Accountability Through the 5 Levels of the Maturity Model  Principle of Accountability - Level 1 (Sub-Standard) Emphasis is not placed on the importance of IG  No senior executive is responsible for records or information  The Records Manager role is largely non-existent  The records manager role may be a clerical role shared across employees, the chief information governance officer and the records manager Information assets may not be managed, or not managed consistently

20  Principle of Accountability - Level 2 (In Development) No senior executive is responsible for records or information Records Manager role is recognized  Role is responsible only for tactical management of records  Role is not responsible for developing policies and procedures for all information assets  Records Manager is not involved in discussions and planning for electronic systems Existing program may only address paper records IT is the assumed lead for electronic records storage Information is not stored in a systematic manner Organization is aware of the need to govern its broader information assets Information Governance Maturity Model ARMA International

21  Principle of Accountability - Level 3 (Essential ) Senior management is aware of the records management program Records Manager role is recognized within the organization  Responsible for the tactical operation of the established records management program  Responsible for the records management program on an organization-wide basis  Actively engaged in strategic information and records management initiatives with other officers of the organization Organization includes electronic records as part of the records management program Organization envisions a broader-based information governance program to direct various information-driven processes throughout the enterprise Organization has defined specific goals related to accountability

22 Information Governance Maturity Model ARMA International  Principle of Accountability - Level 4 (Proactive) Organization has appointed an IG professional  The Records Management Program is an element of the IG Program  This IG professional is responsible for the IG Program and oversees the Records Management Program The Records Manager is a senior officer responsible for all tactical and strategic aspects of the Records Management Program There is a stakeholder committee  Members of the committee represent all functional areas of the organization  The committee meets periodically to review records management related issues

23 Information Governance Maturity Model ARMA International  Principle of Accountability - Level 5 (Transformational ) Significant emphasis is placed on information governance Organization has appointed an IG professional  The records manager directs the records management program  The records manager reports directly to the chief information governance officer The chief IG officer and the records manager are essential members of the organization’s governing body The organization’s initial goals related to accountability have been met Goals for accountability are routinely reviewed and revised

24 Example of the Principle of Protection Through the 5 Levels of the Maturity Model  Principle of Protection - Level 1 (Sub-Standard) Emphasis is not placed on the importance of IG  No consideration is given to information protection  Records and information are stored haphazardly  Protection of records and information is provided by various groups and departments  There are no centralized access controls Information Governance Maturity Model ARMA International

25  Principle of Protection – Level 2 (In Development) Some protection of information assets is exercised There is a written policy for records and information that require a level of protection, however:  Does not give clear & definitive guidelines for all information in all media types  Does not address how to exchange records and information among internal/external stakeholders Guidance for employees is not uniform or universal  Employee training is not formalized Access controls are implemented by individual content owners Information Governance Maturity Model ARMA International

26  Principle of Protection – Level 3 (Essential) The organization has a formal written policy for protecting records and information  Confidentiality and privacy considerations are well-defined within the organization  The importance of chain of custody is defined  The organization has defined specific goals related to records and information protection The organization has a formal written policy for centralized access controls Training for employees is available Records and information audits are conducted only in regulated areas of the business  Audits in other areas may be conducted, but they are left to the discretion of each functional area Information Governance Maturity Model ARMA International

27  Principle of Protection – Level 4 (Proactive) The organization has implemented systems that provide for the protection of the information Employee training is formalized and well-documented Auditing of compliance and protection is conducted on a regular basis Information Governance Maturity Model ARMA International

28  Principle of Protection – Level 5 (Transformational) Great value is placed on the protection of information by the executives, senior management, and other governing bodies such as the board of directors The organization’s initial goals related to protection have been met There is an established process to ensure the goals for protection are routinely reviewed and revised  Audit information is regularly examined  Continuous improvement is undertaken Inappropriate or inadvertent information disclosure or loss incidents are rare Information Governance Maturity Model ARMA International

29 Maximizing Value of Information  Business purpose of the information  Document the actions of the organization  Document compliancy of the organization  Process information according to the needs and purpose of the organization

30 Maximizing Value of Information  Information supports the purpose of the organization  Predictive analytics and modeling  Customer experience analytics and analysis  Fraud prevention and detection  Visualization and Data Visualization

31 Example of Data Visualization  Data Visualization - Migration Between California & Other States SOURCE: Census 2000 and 1960 Census Subject Reports, Migration Between State Economic Areas, Final Report PC(2)-2E, Washington, DC, 1967.

32 Maximizing Value of Information  Efficient information processes yield value  Enhance decision making  Improve customer targeting and improve customer experience  Enhance protection of sensitive information

33 IGRM: Duty, Value, Asset

34 Maximizing Value Through Information Governance  Appropriate IG Reduces Risk Compliance with information laws and regulations reduces risk of fines and other results of non-compliance Appropriate Business Continuity Planning reduces the down time an organization could experience in the face of a disaster Appropriate and defensible disposition reduces the volume of information that could otherwise be subject to discovery or information requests

35 Maximizing Value Through Information Governance  Appropriate IG Helps Contain Costs More efficient information processes – Automated Classification Enhance decision making processes – Data Analytics Information storage efficiencies – Tier and Cloud Storage/ Offsite Collaborative sites - Reduce Copies Better search technologies – Reduce researcher time

36 Maximizing Value Through Information Governance  IG Framework IG provides a framework for comprehensive management of the organization’s information assets with a collaborative approach The Principles provide the characteristics an IG program should achieve The IG Maturity Model is an assessment tool that provides characteristics of the Principles at various levels of maturity within an organization The IGRM depicts a framework for IG within an organization by key stakeholders

37 Maximizing Value Through Information Governance  IG helps an organization optimize the value of information by: Reducing risks Ensuring compliance Lowering costs Improving information access and security Improving workflows Supporting big data & data analytics to enhance the decision making process

38 Q & A Margaret Hermesmeyer, MLIS, IGP, CRM (512) 463-2154 Margaret.Hermesmeyer@texasattorneygeneral.gov

Download ppt "Maximizing the Value of Information Information Governance As A Strategic Framework Presenter: Margaret Hermesmeyer, MLIS, IGP, CRM Division Chief Information."

Similar presentations

The Impact of Auditing on Records Management Risk and Compliance Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross.

The Impact of Auditing on Records Management Risk and Compliance Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross.
Introduction to Records Management Policy

Introduction to Records Management Policy
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Records and Information Management: An Overview. What are Records? Records - Any recorded information regardless of physical form/characteristics or storage.

Records and Information Management: An Overview. What are Records? Records - Any recorded information regardless of physical form/characteristics or storage.
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
Alaska Chapter of ARMA International Presented by: Dawn Kewan, ARMA Board Member & Treasurer February 6, 2014 Based on Generally Accepted Recordkeeping.

Alaska Chapter of ARMA International Presented by: Dawn Kewan, ARMA Board Member & Treasurer February 6, 2014 Based on Generally Accepted Recordkeeping.
How a Large Company Used the Principles to Establish its Corporate Information Governance Robin Woolen, MBA, IGP President / Principal.

How a Large Company Used the Principles to Establish its Corporate Information Governance Robin Woolen, MBA, IGP President / Principal.
Effective Information Governance Legal Tech Asia Technology Summit March 3, 2014 Marilyn Bier, CEO ARMA International.

Effective Information Governance Legal Tech Asia Technology Summit March 3, 2014 Marilyn Bier, CEO ARMA International.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Security Controls – What Works

Security Controls – What Works
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
IS Audit Function Knowledge

IS Audit Function Knowledge
SKILLS TO MANAGE INFORMATION GOVERNANCE ARMA Chicago Chapter 10 February 2015 Carol E.B. Choksy 1 Adjunct Lecturer Department of Information and Library.

SKILLS TO MANAGE INFORMATION GOVERNANCE ARMA Chicago Chapter 10 February 2015 Carol E.B. Choksy 1 Adjunct Lecturer Department of Information and Library.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
SAFA- IFAC Regional SMP Forum

SAFA- IFAC Regional SMP Forum
Records Management and the Law

Records Management and the Law
Session 3 – Information Security Policies

Session 3 – Information Security Policies
RECORDS MANAGEMENT City of Oregon City “ That was then… this is now!”

RECORDS MANAGEMENT City of Oregon City “ That was then… this is now!”

Similar presentations

Ads by Google