What do you do, again? Information governance…explained.

By Mike Frazier | Director, Information Governance, TERIS

Untitled2I am routinely asked what I do; followed by the question – “and what is that?”  That’s when I launch into an explanation of information governance, only to be received with glazed over eyes or blank stares. Have you ever tried to explain IG to someone who doesn’t know much, or anything, about it and struggled to do so?  I certainly have; and it’s a conversation killer.  It’s not that I don’t know what IG is, or even that I can’t explain it.  It’s a matter of putting it into relatable terms, and not trying to explain too much.

One of my best friends from college was really into computers.  So much so that we gave him the nickname “dot com.”  He was always my go-to for all questions related to technology; and that turned out to be well founded as he went on to a great career at Microsoft.  My questions were fairly remedial, but he was usually gracious enough to field them anyway.  I mention him because he would always try to provide an analogy to help me understand the technology about which I was inquiring.  For instance, if I asked about network file shares I received an analogy to sharing a dresser with our buddies that held everyone’s clothes.

Usually, the more detail you try to fit into an analogy, the less analogous it becomes. He wouldn’t try to explain everything about network file shares in the analogy, just enough to help me understand the basic technology by putting it into easily relatable terms.  That helped to foster my interest in technology and gave me confidence to keep expanding my knowledge.  We were a good team – he helped me understand computers and technology, and I helped him understand what our Political Science professor was talking about when he predicted the US was headed for a hegemonic war with China within the next 50 years.

Two lessons I learned from my friend are particularly relevant in the context of explaining IG.  First, find a way to put it into relatable terms for people, without trying to explain it all.  Second, my friend once said that there are so many areas of focus within what we consider “information technology” that it’s not realistic to know it all.

The house that IG built

Implementing holistic IG is a lot like constructing a building.  The IG practitioner is analogous to the general contractor overseeing the construction of that building.  Our job is to marshal all of the subcontractors, who are experts in their respective fields, and provide oversight and direction to the entire project.  There are a lot of moving parts and the IG general contractor is necessary in order to make sure everyone is moving the same direction toward properly constructing the building to the plans that have been specified by the architects and builder (the organizational leadership).  As the general contractor, we must make sure the foundation is laid before the framing is done; and the foundation and framing are done before the electrical, plumbing, and HVAC, and so on down the line until the building is ready.

In my view, the IG general contractor needn’t be the foremost expert in any subcontractor’s specialty, but rather they must be knowledgeable about the fundamentals of each subcontractor’s area of expertise in order to understand where they fit into the picture, what should (and shouldn’t) be done, help to spot and troubleshoot issues, and understand how the actions of one subcontractor affect all of the others, and the project overall.  Each expert subcontractor knows his/her piece of the puzzle better than anyone; and they certainly know it better than the general contractor; but they usually only know and care about their specialty – not everyone else’s.

Without the oversight of the general contractor work gets done in silos, which are not harmonized across the building.  Imagine what the building’s integrity would be like if the framing crew erecting the building’s frame before the foundation was laid; or the electrician set out all the wiring before a frame was erected.  Each subcontractor is just doing what they are experts at doing; but without the marshalling of a general contractor those efforts may not be effectively contributing to the whole.  In fact, performing duties in silos without proper communication across the project will likely lead to duplicated work, disconnected and angry subcontractors, and builders who are ready to scrap the whole project. To bring it back to IG terms – it wouldn’t, for instance, make much sense for an organization to implement a new ERM system, with the intention of better managing their records, if they don’t have an up-to-date record retention policy and schedule ready at the configuration stage of the technology. Yet companies do this all the time.

This isn’t to say that the general contractor could do any of it without the expertise and work of the subcontractors.  Quite the opposite.  The specialists are vitally important, indeed necessary, to the completion of building.  The building project doesn’t work without them.  IG is more a matter of coordinating their efforts in context of a larger plan.

Furthermore, each building project has the same fundamentals – foundation, framing, plumbing, electrical, etc. – which can be shown to coincide with key information stakeholders in an organization that should be fundamental to any organization’s IG program.  Generally, the key information stakeholders are records management, legal, IT, privacy, lines of business, and compliance/audit (to the extent these roles exist in the organization).  I won’t attempt to analogize stakeholders to subcontractors.  I’m sure I wouldn’t do it justice, hopefully you get the idea.

Don’t try to be a know-it-all

The second take away in this summary lies in the breadth and depth of what information governance can cover.  My good friend once explained that typical enterprise “information technology” – whether it is basic desktop support, networking, enterprise architecture, information security, forensics, mobile and communications, archive and disaster recovery, or something else entirely – covers a lot of ground.  Each of those areas may be considered its own profession under the umbrella of IT.  The same distinction can be drawn in other stakeholder areas.  Take legal, for example – patent litigators and trust & estates lawyers are both attorneys practicing law, but they are vastly different specialties; and one likely knows little or nothing about the other.

Now expand this to include the rest of the potential IG stakeholders in an organization and you can see why it’s not feasible to be an expert in all of it.  In fact, I’ll go so far as to say that you should be wary of any IG practitioner who claims to be an expert across all of the representative areas.  Instead, I’d suggest looking for ones who have a good grasp of the fundamentals of each area (or most areas), who know what they know and (more importantly) what they don’t, and are able to marshal the expert stakeholders to construct the IG program.

It may be understood, but I think it’s worth mentioning in closing, that IG and IG practitioners are not a replacement for any of the information users or suppliers in an organization.  Rather, IG is an operational model that should be woven into the culture of an organization; and the IG practitioner is a facilitator and coordinator of that operation.  This model and these facilitators exist to help bridge disconnections among information users and suppliers in order to reduce risks and increase value for the organization.   After all, without the tenants, what’s the point of constructing the building?