Bruno Wildhaber - Information Governance: A Practical Guide - How to regain control over your information

INFORMATION GOVERNANCE

How to regain control over your information

A Practical Guide

by

Bruno Wildhaber

Daniel Burgwinkel

Jrg Hagmann

Stephan Hollnder

Peter Neuenschwander

Daniel Spichty

The Swiss Information Governance Competence Center

www.informationgovernance.ch

ISBN 978-3-9524430-2-6

Table of Contents

Figures / Diagrams / Tables

About this book

We live in a world filled with data that is growing at an exponential rate. This rapid growth poses a daunting challenge for many companies. Even SMEs struggle with an ever increasing deluge of information that overwhelms servers and storage devices. As social media gains popularity, data management has become more difficult and this abundance leads to the question about which is the better alternative: Should data be saved in company files or to a cloud solution?

The active, controlled handling of data and information is the goal of Information Governance.Many businesses feel overwhelmed by the concepts and struggle with its implementation. The Competency Centre Records Management (CCRM) and Wildhaber Consulting have tasked themselves with the goal of helping companies overcome these challenges. This book is based on the 2008 Records Management Guide and the Records Management Competency Centre emerged from the work done on the revision of the Swiss retention law . This book focuses on Information Governance as an interdisciplinary field and is the primary source of best practice in Europe. It is a platform for transferring knowledge and provides solutions and advice for Information Governance vendors and customers.

What does this book not do? By no means do the authors claim this book to be comprehensive or to provide all possible theories that apply to this field. The authors have no interest in teaching scientific disciplines such as information science, information technology or business administration, nor do they wish to criticise the teaching of these disciplines. The authors have avoided dogmatic discussions as these have no place in everyday business. This book does not discuss extravagant, strange, theoretical proposals that would confuse and frustrate companies. Instead, the content presented to the reader is based on practical knowledge and real-life project experience.

I would like to thank my colleagues and co-authors Daniel Burgwinkel , Jrg Hagmann , Daniel Spichty , Stephan Hollnder , Peter Neuenschwander and Jrg Stutz for the central support (and ideas) . I would also like to thank Hans Brfuss , Beat Lehmann , Michael Rumpf and others who have been actively involved in this work.

Due to the collaborative nature of this book the authors are mentioned in the irrespective chapters. More information about the authors and partners can be found at the end of this book and on our website . Special thanks to Peter Hill for the translation.

Zurich , August2016

Bruno Wildhaber, CIP/CISA/CISM/CGEIT

Entrepreneur with a focus on interdisciplinary Information Governance issues, co-founder of the Competency Centre Records Management, lawyer, IT auditor and pinball player.

www.informationgovernance.ch

1. Introduction

1.1 What is this book about?

Bruno Wildhaber

The challenges that arise from appropriate and up-to-date management of information and data have changed the world of computing altogether. This fact is best shown in the introduction to the second edition of the guide Records Management (RM).

The companys management sees, in an age of an information society, a challenge which up to now has been previously unknown. Solutions to earlier obstacles such as business data production, administration and accounting were created with much thought and effort. Modern IT systems are important to all business activities, providing significant support and generate a continuous data stream. This electronic data must be constantly monitored, evaluated, distributed, redistributed, checked for quality, corrected, and archived until it is no longer useful and then destroyed. Because of this, data administration is a part of many internal corporate functions; from top management to personnel management, to the IT department. Other stakeholders investors, creditors, business partners, and government agencies are keen to know how corporate data is managed.

What has changed in records management since 2007? The most important development in the field of information processing is the change in perception of the IT department. The involvement of users in the management of information has moved the IT department to the background. The use of numerous Apps and cloud services has removed the need for laborious web-searches and physical visits to the IT department, allowing users to obtain IT services directly from the cloud. But what are the consequences for corporate governance when there is so much freedom?

Corporate governance is certainly not simple. The established bodies and parties that have formally defined rules for governance processes are being constantly questioned and undermined. This confusion regarding the ultimate use of data and information leads to regulatory pressure in many areas of business activity. Excluding the financial industry, new regulations demand rapid implementation and quick results from many companies. Often these regulations relate to data collection. Even small businesses that may have a minor international presence must be cautious and abide by these regulations.

In several areas, legislation places demands on data storage and archiving in order to ensure a minimum standard for the detection of relevant facts and events for Information Governance (IG). Often additional technical and non-technical requirements must be considered. Since the invention of Records Management, companies can now designate, specify, and manage relevant data in a precise manner. Organisations must keep an increasingly vigilant watch on data that is not subject to retention requirements and possibly not even stored within the company. This raises many questions: Who is responsible for the data on an employees sma rtphone? Who ensures that strategic data is available at any time in the cloud, even when the service has been switched off?

IT IS NECESSARY FOR COMPANIES TO MOVE AWAY FROM THE CONCEPT OF A FULLY CONTROLLED SYSTEM OF RECORDS AS THIS CONCEPT IS FROM AN ERA OF CARBON COPYING AND CAN NO LONGER BE APPLIED TODAY!

This book therefore introduces new approaches to finding solutions, methods, and concepts that will help companies overcome these challenges.

1.2 The Information Governance Platform

Bruno Wildhaber

1.2.1 The Book the eBook the Community

The practical guide of the second edition has been expanded to be the core of a three-part platform composed of the following components:

1. The printed book (practical guide)
2. The eBook (available on Amazon)
3. The community website: www.informationgovernance.ch .

The printed book was created in response to the demand for an easy-to-use eBook. The printed book is intended to serve primarily as a reference and thus remains static while the eBook remains adaptable to current and future circumstances. The guide features case studies and content describing various approaches of responding to the challenges of IG and the implementation of solutions.

The community website was established in order to promote exchanges between stakeholders and to provide a platform that goes beyond a book of theoretical knowledge. It is the aim of the authors to convey the contents of this book in a manner that allows practice and further development. This is done in the hope that this book will become a foundation for the next edition of the guide. The community website includes a discussion platform, content offerings, whitepapers, product information, and latest news on current topics.