Information Governance


Founded in 1807, John Wiley & Sons is the oldest independent publishing company in the United States. With offi ces in North America, Europe, Asia, and Australia, Wiley is globally committed to developing and marketing print and electronic products and services for our customers’ professional and personal knowledge and understanding.

The Wiley CIO series provides information, tools, and insights to IT executives and managers. The products in this series cover a wide range of topics that supply strategic and implementation guidance on the latest technology trends, leadership, and emerging best practices.

Titles in the Wiley CIO series include:

The Agile Architecture Revolution: How Cloud Computing, REST-Based SOA, and Mobile Computing Are Changing Enterprise IT by Jason BloombergT

Big Data, Big Analytics: Emerging Business Intelligence and Analytic Trends for Today’s Businesses by Michael Minelli, Michele Chambers, and Ambiga Dhiraj

The Chief Information Offi cer’s Body of Knowledge: People, Process, and Technology by Dean Lane

CIO Best Practices: Enabling Strategic Value with Information Technology (Second Edition) by Joe Stenzel, Randy Betancourt, Gary Cokins, Alyssa Farrell, Bill Flemming, Michael H. Hugos, Jonathan Hujsak, and Karl Schubert

The CIO Playbook: Strategies and Best Practices for IT Leaders to Deliver Value by Nicholas R. Colisto

Enterprise Performance Management Done Right: An Operating System for Your Organization by Ron Dimon

Executive’s Guide to Virtual Worlds: How Avatars Are Transforming Your Business and Your Brand by Lonnie Bensond

IT Leadership Manual: Roadmap to Becoming a Trusted Business Partner by Alan R. r Guibord

Managing Electronic Records: Methods, Best Practices, and Technologies by Robert F. s Smallwood

On Top of the Cloud: How CIOs Leverage New Technologies to Drive Change and Build Value Across the Enterprise by Hunter Muller

Straight to the Top: CIO Leadership in a Mobile, Social, and Cloud-based World (Second Edition) by Gregory S. Smith

Strategic IT: Best Practices for Managers and Executives by Arthur M. Langer ands Lyle Yorks

Transforming IT Culture: How to Use Social Intelligence, Human Factors, and Collaboration to Create an IT Department That Outperforms by Frank Wanders

Unleashing the Power of IT: Bringing People, Business, and Technology Together by Dan Roberts

The U.S. Technology Skills Gap: What Every Technology Executive Must Know to Save America’s Future by Gary J. Beach

Information Governance: Concepts, Strategies and Best Practices by Robert F. Smallwoods

Robert F. Smallwood




Cover image: © iStockphoto / IgorZh Cover design: Wiley

Copyright © 2014 by Robert F. Smallwood. All rights reserved.

Chapter 7 © 2014 by Barclay Blair

Portions of Chapter 8 © 2014 by Randolph Kahn

Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifi cally disclaim any implied warranties of merchantability or fi tness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profi t or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at For more information about Wiley products, visit

Library of Congress Cataloging-in-Publication Data:

Smallwood, Robert F., 1959- Information governance : concepts, strategies, and best practices / Robert F. Smallwood. pages cm. — (Wiley CIO series)

ISBN 978-1-118-21830-3 (cloth); ISBN 978-1-118-41949-6 (ebk); ISBN 978-1-118-42101-7 (ebk) 1. Information technology—Management. 2. Management information systems. 3. Electronic

records—Management. I. Title. HD30.2.S617 2014 658.4’038—dc23


Printed in the United States of America

10 9 8 7 6 5 4 3 2 1

For my sons

and the next generation of tech-savvy managers





PART ONE—Information Governance Concepts, Defi nitions, and Principles 1p

CHAPTER 1 The Onslaught of Big Data and the Information Governance Imperative 3

Defi ning Information Governance 5

IG Is Not a Project, But an Ongoing Program 7

Why IG Is Good Business 7

Failures in Information Governance 8

Form IG Policies, Then Apply Technology for Enforcement 10

Notes 12

CHAPTER 2 Information Governance, IT Governance, Data Governance: What’s the Difference? 15

Data Governance 15

IT Governance 17

Information Governance 20

Impact of a Successful IG Program 20

Summing Up the Differences 21

Notes 22

CHAPTER 3 Information Governance Principles 25

Accountability Is Key 27

Generally Accepted Recordkeeping Principles® 27 Contributed by Charmaine Brooks, CRM

Assessment and Improvement Roadmap 34

Who Should Determine IG Policies? 35

Notes 38

PART TWO—Information Governance Risk Assessment and Strategic Planning 41g g

CHAPTER 4 Information Risk Planning and Management 43

Step 1: Survey and Determine Legal and Regulatory Applicability and Requirements 43


Step 2: Specify IG Requirements to Achieve Compliance 46

Step 3: Create a Risk Profi le 46

Step 4: Perform Risk Analysis and Assessment 48

Step 5: Develop an Information Risk Mitigation Plan 49

Step 6: Develop Metrics and Measure Results 50

Step 7: Execute Your Risk Mitigation Plan 50

Step 8: Audit the Information Risk Mitigation Program 51

Notes 51

CHAPTER 5 Strategic Planning and Best Practices for Information Governance 53

Crucial Executive Sponsor Role 54

Evolving Role of the Executive Sponsor 55

Building Your IG Team 56

Assigning IG Team Roles and Responsibilities 56

Align Your IG Plan with Organizational Strategic Plans 57

Survey and Evaluate External Factors 58

Formulating the IG Strategic Plan 65

Notes 69

CHAPTER 6 Information Governance Policy Development 71

A Brief Review of Generally Accepted Recordkeeping Principles® 71

IG Reference Model 72

Best Practices Considerations 75

Standards Considerations 76

Benefi ts and Risks of Standards 76

Key Standards Relevant to IG Efforts 77

Major National and Regional ERM Standards 81

Making Your Best Practices and Standards Selections to Inform Your IG Framework 87

Roles and Responsibilities 88

Program Communications and Training 89

Program Controls, Monitoring, Auditing and Enforcement 89

Notes 91

PART THREE—Information Governance Key Impact Areas Based on the IG Reference Model 95p

CHAPTER 7 Business Considerations for a Successful IG Program 97

By Barclay T. Blair

Changing Information Environment 97


Calculating Information Costs 99

Big Data Opportunities and Challenges 100

Full Cost Accounting for Information 101

Calculating the Cost of Owning Unstructured Information 102

The Path to Information Value 105

Challenging the Culture 107

New Information Models 107

Future State: What Will the IG-Enabled Organization Look Like? 110

Moving Forward 111

Notes 113

CHAPTER 8 Information Governance and Legal Functions 115

By Robert Smallwood with Randy Kahn, Esq., and Barry Murphy

Introduction to e-Discovery: The Revised 2006 Federal Rules of Civil Procedure Changed Everything 115

Big Data Impact 117

More Details on the Revised FRCP Rules 117

Landmark E-Discovery Case: Zubulake v. UBS Warburg 119

E-Discovery Techniques 119

E-Discovery Reference Model 119

The Intersection of IG and E-Discovery 122 By Barry Murphy

Building on Legal Hold Programs to Launch Defensible Disposition 125 By Barry Murphy

Destructive Retention of E-Mail 126

Newer Technologies That Can Assist in E-Discovery 126

Defensible Disposal: The Only Real Way To Manage Terabytes and Petabytes 130 By Randy Kahn, Esq.

Retention Policies and Schedules 137 By Robert Smallwood, edited by Paula Lederman, MLS

Notes 144

CHAPTER 9 Information Governance and Records and Information Management Functions 147

Records Management Business Rationale 149

Why Is Records Management So Challenging? 150

Benefi ts of Electronic Records Management 152

Additional Intangible Benefi ts 153

Inventorying E-Records 154

Generally Accepted Recordkeeping Principles® 155

E-Records Inventory Challenges 155


Records Inventory Purposes 156

Records Inventorying Steps 157

Ensuring Adoption and Compliance of RM Policy 168

General Principles of a Retention Scheduling 169

Developing a Records Retention Schedule 170

Why Are Retention Schedules Needed? 171

What Records Do You Have to Schedule? Inventory and Classifi cation 173

Rationale for Records Groupings 174

Records Series Identifi cation and Classifi cation 174

Retention of E-Mail Records 175

How Long Should You Keep Old E-Mails? 176

Destructive Retention of E-Mail 177

Legal Requirements and Compliance Research 178

Event-Based Retention Scheduling for Disposition of E-Records 179

Prerequisites for Event-Based Disposition 180

Final Disposition and Closure Criteria 181

Retaining Transitory Records 182

Implementation of the Retention Schedule and Disposal of Records 182

Ongoing Maintenance of the Retention Schedule 183

Audit to Manage Compliance with the Retention Schedule 183

Notes 186


information governance

I need help with a Computer Science question. All explanations and answers will be used to help me learn.

In chapter seven (7), we have learned from “The Path to Information Value” that 70% (seventy percent) of managers and executives say data are “extremely important” for creating competitive advantage.

In addition, it is implied by the authors that, “The key, of course, is knowing which data matter, who within a company needs them, and finding ways to get that data into users’ hands.”

Based on the company you have identified for your Final Paper, discuss 1) the data that matters to the executives in that industry, 2) who, within that industry, needs that data, and 3) some methods for ensuring that the critical data gets into the users’ hands. Remember to respond to two other learners’ post, letting them know if they missed any data or details in their industry.