In late 2012, with the support and collaboration of ARMA International and the Com- pliance, Governance and Oversight Council (CGOC), the Electronic Discovery Ref- erence Model (EDRM) Project released version 3.0 of its Information Governance Reference Model (IGRM), which added information privacy and security “as pri-y mary functions and stakeholders in the effective governance of information.” ³ The model is depicted in Figure 6.1 .

The IGRM is aimed at fostering IG adoption by facilitating communication and collaboration between disparate (but overlapping) IG stakeholder functions, includ- ing information technology (IT), legal, RM, risk management, and business unit

Figure 6.1 Information Governance Reference Model Source: EDRM.net

Linking duty + value to information asset = efficient, effective management

Duty:

Legal obligation for specific information

Value:

Utility or business purpose of specific information

Asset:

Specific container of information VALUE

Create, Use

DUTY ASSET

Dispose Hold,

Discover

Store, Secure Retain

Archive

UNIFIED GOVERNANCE BUSINESS

Profit

IT Efficiency LEGAL

Risk

RIM Risk

PRIVACY SECURITYAND

Risk

PROCESS TRANSPARENCY POLICY INTEGRATION

Information Governance Reference Model / © 2012 / v3.0 / edrm.net

stakeholders. ⁴ It also aims to provide a common, practical framework for IG that will foster adoption of IG in the face of new Big Data challenges and increased legal and regulatory demands. It is a clear snapshot of where IG touches and shows critical in- terrelationships and unifi ed governance.⁵ It can help organizations forge policy in an orchestrated way and embed critical elements of IG policy across functional groups.

Ultimately, implementation of IG helps organizations leverage information value, re- duce risk, and address legal demands.

The growing CGOC community (2,000+ members and rising) has widely adopted the IGRM and developed a process maturity model that accompanies and leverages IGRM v3.0. ⁶

Interpreting the IGRM Diagram * Outer Ring

Starting from the outside of the diagram, successful information management is about conceiving a complex set of interoperable processes and implementing the procedures and structural elements to put them into practice. It requires:

■ An understanding of the business imperatives of the enterprise,

■ Knowledge of the appropriate tools and infrastructure for managing informa- tion, and

■ Sensitivity to the legal and regulatory obligations with which the enterprise must comply.

For any piece of information you hope to manage, the primary stakeholder is the business user of that information [emphasis added]. We use the term “business” broadly; the same ideas apply to end users of information in organizations whose ultimate goal might not be to generate a profi t.

Once the business value is established, you must also understand the legal duty at- tached to a piece of information. The term “legal” should also be read broadly to refer to a wide range of legal and regulatory constraints and obligations, from e-discovery and government regulation to contractual obligations such as payment card industry requirements.

Finally, IT organizations must manage the information accordingly, ensuring pri- vacy and security as well as appropriate retention as dictated by both business and legal or regulatory requirements.

* This section is adapted with permission by EDRM.net, http://www.edrm.net/resources/guides/igrm (accessed January 24, 2014).

You must inform and frame IG policy with internal and external frameworks, models, best practices, and standards.

Center

In the center of the diagram is a work-fl ow or life-cycle diagram. We include this com- ponent in the diagram to illustrate the fact that information management is important at all stages of the information life cycle—from its creation through its ultimate disposition.

This part of the diagram, once further developed, along with other secondary-level diagrams, will outline concrete, actionable steps that organizations can take in imple- menting information management programs.

Even the most primitive business creates information in the course of daily operations, and IT departments spring up to manage the logistics; indeed, one of the biggest challeng- es in modern organizations is trying to stop individuals from excess storing and securing of information. Legal stakeholders can usually mandate the preservation of what is most critical, though often at great cost. However, it takes the coordinated effort of all three groups to defensibly dispose of a piece of information that has outlived its usefulness and retain what is useful in a way that enables accessibility and usability for the business user. s How the IGRM Complements the Generally Accepted

Recordkeeping Principles *

The IGRM supports ARMA International’s “Principles” by identifying the cross- functional groups of key information governance stakeholders and by depicting their intersecting objectives for the organization. This illustration of the relation- ship among duty, value, and the information asset demonstrates cooperation among stakeholder groups to achieve the desired level of maturity of effective information governance.

Effective IG requires a continuous and comprehensive focus. The IGRM will be used by proactive organizations as an introspective lens to facilitate visualization and discussion about how best to apply The Principles. The IGRM puts into sharp focus The Principles and provides essential context for the maturity model.

* This section is adapted with permission by EDRM.net, http://www.edrm.net/resources/guides/igrm (accessed January 24, 2014).

The business user is the primary stakeholder of managed information.

Information management is important at all stages of the life cycle.

Legal stakeholders can usually mandate the preservation of what is most criti- cal, though often at great cost.