Published in: eDiscovery and Information Governance

eDiscovery | Information Governance Implementation Program – Part III

Author flexadmin

Published on: October 28, 2014

eDiscovery | Information Governance Implementation Program – Part III

 

CIGP Installment # 3: Implementation

Third Segment of Sherpa’s Corporate Information Governance Program (CIGP)

After reading the third installment of the Sherpa Software’s Corporate Information Governance Program (CIGP), I found that the white paper was detailed and well written. Rick Wilson, from Sherpa Software, has a real good grasp and defines the various stages an organization should follow when embarking on eDiscovery | Information Governance implementation project. Below are some of the highlights of the white paper.

The first two segments were centered on Understanding Access and Planning and Document. Now they are talking about the third step, which is the implementation phase of an Information Governance Project.

During this phase, the implementation phase of an Information Governance project, they are taking the documented plan and transitioning it into action. During this phase, there are five steps an organization should follow and they are:

• Creation of a IG Committee and CIGP Kickoff
  • Typically, most IG committees comprise of the executive team, IT, HR, Records and Security personnel. They should know where the organizations data is stored, what information that needs to be stored, how long it should be stored, what should be deleted and when and how the information is accessed and moved around the organization.
  •  The project meeting’s objectives should be as follows:
    •  Re-iterate the importance of the project
    •  Prioritize the list of governance objectives
    •  Encourage feedback from the team members on the best approach for implementation
    •  Ensure that there is clear and concise communication between the team members
    •  Use technologies like SharePoint to be the central repository for documents and agenda items for the meetings
• Create Policies and Map them to the Business Processes
  • The committee will need to develop policies which will address and adhere to your business and regulatory needs. Below is a charts which may help the committee with assigning possible areas of responsibilities or who will determine what they are.

Some questions you may want ask when understanding your current status of the data you have within each of the repositories:

• Who controls the information in question
• How much storage is being taken up by the data
• How long should you be keeping the data
• Where is it being stored

Policy layout may vary depending upon the organization, but typically, they will include the following sections:

• Purpose – Description of the intent of the policy
• Scope – Who the policy applies to
• Definition – Explanation of any specific terms
• Responsibilities – Who is responsible for the policy implementation, enforcement, and auditing
• Designated Record Set – which data repositories the policy applies to

Minimum Policy – Detailed description of the policy

• Training- how the compliance policy(s)will be communicated to the organization
• Enforcement – How the policy will be applied
• Sanctions – description of the actions which will be taken should the policy not be adhered to.

Once the policy has been created and then approved by executive management, this policy is then implemented.

• Installation of the Applicable Technology
  • It used to be the case that you could rely on written policies alone when dealing with and managing files, emails and other forms of communication and users were responsible for controlling these policies. As a result of electronic communications growing at an alarming rate, the need to comply with regulatory compliance standards and the increasing threat of litigation, these written policies are no longer a good business practice. It is now more important than ever, to implement software which will automate the policy enforcement, thus reducing the risk for the organization and ensuring that the users

• Training and Communications for the CIGP Project
  • Your information governance intuitive depends upon how successful you are in having it become an intrinsic part of your corporate culture. In order to facilitate this, communicating to the users and training of the users are two of the most important parts of the program.
    • Effectively, communicating why the changes are taking place to the operational procedures quite often improve the adoption rate. By taking some additional time to explain how the business processes will change and how it will protect their organization, and in the end, “their jobs”, also, improves the acceptance rate of these changes. Thus, making the transition easier and ultimately reducing the time it takes to implement an IG program into the more controlled environment.
    • When it comes to training, this is the critical part of the program. By developing and implementing a well-designed training program for the end users. They will be able to understand how the IG policies operate. The training program should include the following:
      • Clear description of the policy and how it works
      • What is expected of the end user regarding each of the Policies
      • Period refresher courses(Quarterly and Yearly)
      • Schedule these training sessions as close to the start date of the program to ensure that the end users is as familiar as possible with these new changes.
      • Once the initial training programs are completed, create some online training videos tutorial, which are required viewing. This will allow the end users to familiarize themselves with the processes and procedures of the IG program as well as to be reviewed recent enhancements to the program.
• Modify or Update Changes to Existing Policies and Procedures
  • Over time the policies your have created during this intuitive will need to be modified as a result of changes to your business processes and or any modifications to the regulatory/compliance requirements and the same procedures should be followed:
    • The IG committee should meet and approve any changes or modifications to your current procedures
    • The software/ technology you have selected to assist with your IG project should have the capabilities to schedule, modify or add new policies
    • Any changes that were made to the IG policies and procedures should be relayed to your users
    • As a result of these changes, your training programs should be updated to reflect these changes

The Next Installment

The final installment of the Sherpa software CIGP program will include information about the ongoing management of the CIGP program.

In summary, the following are the key points to the third segment of the CIGP program:

• Make sure you have allocated time to gather key metrics about your information prior to developing any policies.
• When developing these policies make sure you utilize the knowledge and expertise of your IG committee
• Use Policy enforcement tools which are flexible and extensible
• Convey to your users the reasons why the IG polices are being put into place
• Allocate the appropriate resources for initial and continued user training
• When policies are modified, avoid taking short cuts and ensure that you repeat the implementation steps.

Please share this information with your colleagues or send us your questions, comments and feedback to: waynes@flexnet.com  Additionally, if you would like to download a full copy of their Information Governance implementation white paper, please click here or you can find more eDiscovery | information governance resources on our web site www.flexnetsoftware.com and we look forward to answering any Information Governance questions you may have; please contact us at 1 (800) 263-8733

eDiscovery | Information Governance Implementation Program – Part III