by Martin Atherton and Jon Collins
Forward thinking organisations no longer just talk about governance,
risk and compliance. They actively use these concepts to drive business
activities and IT requirements. Getting to grips with information
governance, a key component of a broader business strategy, gives
organisations a much stronger chance of longer term success as well as
protecting the business from costly errors.
Governance now actively drives requirements. The time for ‘broad and deep’ is here.
The market is starting to appreciate the value that founding
business strategy on good governance, risk management and compliance
can bring. Governance and risk management are key strategic and
capability drivers in a growing number of organisations. Now that
business success depends on the timely exploitation of information,
many capabilities traditionally introduced only to ensure compliance to
industry regulations need to be extended to all operational areas.
Information management is the Achilles heel in most organisations.
An information governance strategy should be given high
priority due to the need for better control over information assets.
This avoids costly mistakes and enables action on business
opportunities faster than the competition. Organisations cannot
implement a successful information governance strategy without first
exploring their information management capabilities. The majority of
organisations cite multiple and significant challenges at this level,
regardless of whether they have rules and process in place. Currently,
capabilities do not match requirements.
Information classification is pivotal to a sustainable information governance strategy.
The majority of organisations acknowledge that their information
classification capabilities are weak. Information cannot be adequately
exploited and protected if there is no way of tracking its location,
value, and sensitivity to leakage. These challenges and risks are
magnified as an increasing volume of governance-sensitive information
propagates outside centralised control in today’s business environment.
The ability to classify information according to business criteria has
multiple impact points, including dictating security, archiving,
retention and destruction requirements. Without it, information cannot
have a lifecycle.
Organisations can take practical steps to kick start an information governance strategy.
A strategy as centrally important to the long term health of an
organisation needs a central point of ownership, currently lacking in
most organisations. Internal input is worth seeking out due to the
differing levels of attitude to risk, levels of corporate governance
projects and localised information management capabilities across
The broadest possible view of risk should be taken during
business planning and exploring the areas which could be improved by
better information classification should go hand in hand with personnel
training to ensure that operational activities support strategic goals.
The study upon which this report is based was independently designed
and executed by Freeform Dynamics. During the study, which was
sponsored by CA, insights were gathered and analysed from 495 senior
business and IT leaders. Respondents were from a broad cross section of
industries and organisation sizes with a focus on USA, EMEA and Asia
Download Paper (Registered Members Only)
By downloading you agree to our Terms and Conditions. These include information regarding use of your personal data.
Register As New Member | Login as Registered Member