IT Stakeholders and the Information Governance Reference Model (IGRM)

IT Stakeholders and the Information Governance Reference Model (IGRM)
Written by Doug Austin, Editor of eDiscovery Today

Three weeks ago, I introduced a new blog series on the IPRO blog called Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM) and I set the stage for the series by discussing the IGRM model in general, the complexity of information to be managed by organizations today and identified the five stakeholder groups.  The past two weeks, I’ve reviewed Legal stakeholders and Records and information management (RIM) stakeholders.  This week, I continue the series by focusing on the information technology (IT) stakeholders.

IT Stakeholder Information Needs

Information technology (IT) stakeholders are the keepers of an organization’s data – they’re the ones responsible for making vital organizational data accessible within the organization and defensibly deleting it when it’s obsolete.  IT stakeholders are also the people most likely to work with outside providers, ranging from the lit support person at a law firm to the technology team for a software platform being brought in house or set up for access via the cloud.  You want to stay on good terms with the IT team because they can keep you up and running and productive – they’re the “fix it” team.

What do IT stakeholders need in terms of information?  They need to understand the requirements of the other stakeholder groups to ensure that they have the data they need when they need it.  And, they need to work closely within privacy and security guidelines to protect organization and customer data.  In fact, in many organizations, the IT department is also acting as the Privacy and Security stakeholders because they may be the stakeholders responsible for privacy and security as well (many organizations, especially smaller ones, put privacy and security responsibilities under the IT “umbrella”).  Despite that, we’ll focus primarily on IT stakeholder needs this week and Privacy and Security needs next week.

IT’s Relation to Other Stakeholder Groups

To accomplish its role from an Information Governance standpoint within an organization, IT needs to collaborate with the other stakeholder groups by supporting the following:

  • Data Accessibility: Making sure the data the organization needs is accessible when required. This includes various responsibilities such as provisioning new servers and applications as needed (including associated storage for them), managing and defensibly deleting legacy data when appropriate and determining, aligning storage capacity and allocation to information business value and retention requirements and (of course) maintaining backups of critical organization data to ensure continuity.
  • Software Updates: Keeping software applications up to date as older versions of operating systems and other software applications are much more susceptible to hacking by outsiders.
  • Support Special Project Information Needs: IT is the group that stops auto-delete programs within the organization when there is a duty to preserve and they are the team most likely responsible to identify, preserve and collect data in support of litigation, investigation and compliance needs.
  • Communicate Technical Policies and Procedures to Employees: In just about all organizations, IT is responsible for maintaining and communicating IT policies and procedures to the organization to protect data within the organization (including customer data). Even if there is a separate Privacy and Security team, they are working “hand-in-hand” with IT to ensure data protection.

Like RIM stakeholders, IT stakeholders aren’t typically users of information within the organization, but they make sure that the other stakeholder groups can access the information they need – when they need it and are authorized to access it.

IT Stakeholder Recommendations for Better Information Governance

Here are some recommendations for IT stakeholders to help an organization improve its overall Information Governance program:

  • Stay Current with Technology Trends: Technology evolves and companies are always developing software and hardware products that are designed to make information management easier and more secure, so it’s important for IT stakeholders to stay current with technology trends (such as the various sources of data illustrated in the Internet Minute infographic) to take advantage of the latest tech trends.
  • Support Organizational Data Mapping Activities: IT stakeholders must actively participate in the data mapping process and support RIM stakeholders to implement a process that keeps the organizational data map evergreen and that critical organization data remains accessible.
  • Get Certified: You may sometimes think that your organization’s IT professionals are “certifiable”, but, if they’re doing their job right, they’re probably certified. Examples of certifications worth pursuing include: Certified Data Professional (CDP), Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP), even Certified Ethical Hacker (CEH).  Not to mention certifications specific to hardware or networking components and software platforms.  Many organizations even compensate IT professionals for obtaining certifications in key areas that support organizational goals.
  • Find Your Inner Lawyer: Remember when we told the Legal stakeholders to “find their inner geek”? The same holds true for IT when it comes to legal concepts. To keep current on legal trends, attend webinars to learn more about both areas and consider setting aside 5-15 minutes a day to read about legal concepts (this blog and eDiscovery Today are great places where you can do that). Doing so can facilitate the effort to coordinate with Legal stakeholders to understand their needs and what they may mean to the organization’s information governance goals.

Next week, we’ll continue with the goals and considerations for Privacy and Security stakeholders within an organization.  See you then!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between IPRO and eDiscovery Today, he’ll be here in the IPRO Newsroom next week with more educational content!