Two years ago, when we were researching a name for our newly formed business unit, the only hits on "information governance" that Google returned were associated with the management of patient records within the UK's health services. Now, while that sector is still prominent, every analyst is tracking the rapidly emerging information governance (IG) market and several vendors (in addition to ourselves), have software offerings "or at least have developed knowledge content such as whitepapers.
There's no doubt a need for IG: growing data volumes, increased regulation and frequent litigation have seen to that. But what is the true substance and likely direction of the information governance market?
- Should activity be reactive, in improving the capability and reducing the cost of responding to an eDiscovery or disclosure requirement?
- Should activity be proactive, in better identifying, organising, managing and disposing of information?
What part does archiving of information have to play? Is it just email that we need to worry about?
How does this requirement relate to that of "Information Assurance", where security and data loss prevention is the primary consideration?
The answer, I think, is likely to be "All of the Above".
It just makes unquestionable business sense to manage the organisation's information assets more efficiently "to reduce stale content, support business process and facilitate discovery when it (surely) happens. Records management has proven principles, processes and technologies to deliver that "and not just for records, but for all content that needs to be retained as work-in-progress, in addition to that which constitute business records.
Email and, to a lesser degree, file archiving, are clearly needed to meet the immediate challenges faced by messaging and storage system administrators, but they need to allow a seamless progression into longer-term solutions to the fundamental challenge of data growth, not just deliver a "point solution" that simply disguises the problem for a few years.
When a discovery or regulatory investigation, or even just an audit, takes place, the organisation needs robust and practiced processes and technologies to minimise the impact and cost, and support repeatability "which brings us back to records and retention management.
Finally, knowing what to secure, to what degree to prevent loss (accidental or otherwise), while not degrading the efficiency of the exploitation of that information asset, is also dependent on understanding its value to the business "which, again, records management principles can deliver.
The difficulty may be that, while the potential costs of failure are huge, the positive return on the successful provision of such capabilities is very difficult to quantify in "˜hard' dollar terms"¦