Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM)
Written by Doug Austin, Editor of eDiscovery Today
EDRM may be best known for its Electronic Discovery Reference Model by which it’s named, which reflects the stages of electronic discovery. Even though there is a current EDRM revision project in the works, that project appears to be focused on updating the underlying documentation of the EDRM model to reflect changes in technology, process, and the law – not the EDRM model itself. That’s good, because it’s become the framework on which so many have based their understanding of electronic discovery – it conveys more in a single diagram about electronic discovery than any other document or infographic could.
Information Governance Reference Model (IGRM)
In recent years, the EDRM model has been updated to replace a simple circle for Information Governance with the Information Governance Reference Model (IGRM). Information Governance (which started out as an Information Management box in the original EDRM model and was subsequently updated to an Information Governance circle) has become a term that has become popular with eDiscovery professionals and non-eDiscovery professionals alike – it has become a suitable replacement for “Records Management” that conveys the extent of electronically stored information that organizations deal with today, for which a term like “records” no longer seems to adequately fit the challenge. Information governance is unlike any other eDiscovery phase in that it is perpetual – which is why it is represented by a circle in the EDRM model – the only phase represented as such, which the IGRM upholds with its design.
From outside in, the IGRM model reflects the stakeholders involved in information governance, an inner ring that combines the concepts of policy integration with that of process transparency and the workflow or lifecycle diagram that reflects all stages of the information lifecycle – from its creation through its ultimate disposition. For each type of information considered for IGRM, you need to understand the Duty (Legal obligation for that information, Value (Utility or Business Purpose of that information) and Asset (Specific description of that container of information).
It’s hard to believe, but the IGRM has itself been around since 2010, for ten years now! In 2012, EDRM announced the release of version 3.0 of the IGRM, which is the version still in use today. In that version, EDRM – in cooperation with ARMA International and the CGOC (Compliance, Governance and Oversight Council) – included privacy and security as primary functions and stakeholders in the effective governance of information.
Complexity of Information to be Managed by Organizations Today
When IGRM was first developed, information was much more highly centralized within organizations today, but the advent of mobile devices, social media and cloud-based repositories (either managed by the organization itself or managed by third party providers) has enormously increased the complexity of information governance within those organizations. So much activity is happening through the Internet today that the amount of activity happening every minute can be mind-boggling.
To reflect that amount of activity, Lori Lewis created an Internet Minute infographic that she has updated every year for the past several years and it’s a great reflection of the activity happening within the Internet in an average minute. Here is a link to the 2020 infographic, which reflects things like 190 million emails per minute, 59 million messages sent every minute (on Facebook Messenger and WhatsApp combined), over 19 million text messages per minute (just on iMessage), even 1.6 million Tinder swipes every minute(!) and so forth. Much of this is data that has to be tracked and accounted for more and more by organizations today and it continues to evolve as some of these sources were minimal to non-existent just a few years ago.
Five Stakeholder Groups of the IGRM
Adding privacy and security as primary functions and stakeholders for IGRM in 2012 brought the total number of stakeholder groups in the IGRM to five. Each group has different goals and considerations for information within the IGRM model that differ from each of the other groups. Here are the five stakeholder groups with their primary focus/consideration for information in parentheses:
- Legal (Risk)
- Records Management (RIM) (Risk)
- Information Technology (IT) (Efficiency)
- Privacy & Security (Risk)
- Business (Profit)
Over the next five weeks, I’ll discuss each of them in turn: how they relate to the other stakeholder groups in terms of their goals for information within an organization, how complimentary (or not so complimentary) those goals are in relation to other stakeholder groups, their requirements for business information, considerations for addressing challenges in today’s world and so forth. So, this is more than another IPRO cliffhanger, it’s a whole series! Next week, we’ll begin with the goals and considerations for Legal within an organization. See you then!
For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between IPRO and eDiscovery Today, he’ll be here in the IPRO Newsroom next week with more educational content!