Business Stakeholders and the Information Governance Reference Model (IGRM)
Written by Doug Austin, Editor of eDiscovery Today
Last month, I introduced a new blog series on the IPRO blog called Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM) and I set the stage for the series by discussing the IGRM model in general, the complexity of information to be managed by organizations today and identified the five stakeholder groups. The past four weeks, I’ve reviewed Legal stakeholders, Records and information management (RIM) stakeholders, Information Technology (IT) stakeholders and Privacy & Security stakeholders. This week, I conclude the series by focusing on the Business stakeholders.
Business Stakeholder Information Needs
Let’s face it – in the IGRM model (as the white paper issued by EDRM regarding the release of IGRM v3.0 illustrates), business stakeholders are primarily responsible for one thing – profit. As a result, business stakeholders are very invested in using information that enables the organization to drive up profits overall. If the value of that information expires, business stakeholders could lose interest in managing it, cleaning it up, or paying for it to be stored. In other words, business stakeholders are users of the information that drives the business and determines the success of the business. It’s important for an organization to balance efficiency of governing information with the need for business stakeholders to use that information effectively to meet the profit goals of the business itself. It’s that balancing act that comprises the challenge to maintaining information important to the business for as long as the information is needed while being prepared to discard it as soon as it’s redundant, obsolete and/or trivial (ROT) and should be disposed.
Business stakeholder units include:
- Sales: Certainly, an organization’s sales team is managing very important information within an organization. They keep track of an organization’s sales pipeline and information about not only customers with which they do business, but also prospects with which they hope to do business. All of these customers and prospects have (whether they are individuals or organizations) have data that needs to be protected – especially in these days of increased data privacy requirements. Customer relationship management (CRM) solutions have become a vital part of any organization’s management of their customers and prospects and many of the most popular solutions are cloud-based, such as SalesForce. Even though the data within a CRM platform may be stored in “the cloud”, organizations still have the same responsibility to protect that information from a compliance standpoint.
- Marketing: The marketing team not only utilizes information within a CRM solution, one of their primary responsibilities is to build a list of prospects to be tracked by the CRM solution to supply leads to the Sales team. Marketing accomplishes this in a variety of ways, including online and in-person resources and events designed to acquire leads. With in-person events on hold for now, online activities and content are more important than ever to acquire those leads. With so much data being acquired about prospects, the marketing team has an important responsibility to protect that information as well.
- Products/Services: Without products and services, there would be no customers (of course). So, the information stored by the products/services team(s) can include everything from intellectual property that make the organization’s offerings unique to data about customer requests or even support histories for those customers. How much customer history does an organization need to store? It depends on the type of business and how long that information provides significant value to the organization. Regardless, the information generated by the products/services team(s) is vital to enable the organization to generate the income it needs to thrive (or at least survive).
- Finance/Accounting/HR: The finance team keeps track of all of the information that is important to understand how the organization is doing overall. It needs to work with Sales and Products/Services to understand the full revenue picture (both actual and projected) and balance that against data associated with expenses to determine profitability. The expense data can involve information about various providers who are (in turn) selling their products or services to this organization. It can also include personnel expenses, which involves individual data associated with the employees and contractors who actually run the business. Just as organizations are expected to protect data of customers who are individuals, they are also expected to protect data of employees who are individuals as well. Again, that data may reside in cloud-based solutions like QuickBooks, but the responsibility for the organization to protect that data remains the same.
Business’s Relation to Other Stakeholder Groups
Business stakeholders tend to want to hang onto information indefinitely (on the off chance they may need it), but it’s an inherent responsibility for the other stakeholder groups (Legal, RIM, IT and Privacy/Security) to work with the business stakeholders to establish an understanding for when the return on investment (ROI) of keeping the data no longer exceeds the cost of retaining it. ROI for retaining the data as well as regulatory requirements for doing so should drive all stakeholder groups (including business stakeholders) in terms of how long any data is maintained within the organization. Business stakeholders need to be willing to accept guidance from the other stakeholder groups regarding the risk and efficiency considerations regarding retention of organizational data.
Business Stakeholder Recommendations for Better Information Governance
Here are some recommendations for Business stakeholders to help an organization improve its overall Information Governance program:
- Support Organizational Data Mapping Activities: Business stakeholders must actively participate in the data mapping process and support the other stakeholder groups to implement a process that keeps the organizational data map evergreen and that critical organization data remains accessible.
- Stay Current with Technology and Legal Trends: Technology evolves and companies are always developing software and hardware products that are designed to make information management easier and more secure. Rules and laws change regularly from a Legal standpoint. So, it’s important for Business stakeholders to stay current with both technology and legal trends to better understand their considerations and obligations regarding both areas.
- Stay Current with Data Privacy Trends: Data privacy laws are continuing to change and so are the responsibilities of organizations to stay abreast of changing laws. This includes monitoring sites like the IAPP site for updates to data privacy laws, attending webinars to learn more about rapidly changing trends and setting aside 5-15 minutes a day to read about data privacy trends and updates (this blog and eDiscovery Today are great places where you can do that).
As we have discussed over the past several weeks, each stakeholder group has needs, responsibilities and areas they can address to ensure an effective information governance program within the organization. An organization which has all five groups “plugged in” to the information governance program will manage organizational data more efficiently and effectively, saving costs and reducing overall organizational risk.
For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between IPRO and eDiscovery Today, he’ll be here in the IPRO Newsroom next week with more educational content!