Review: ARMA’s Information governance body of knowledge

American Records Management Association’s 200-page Igbok provides comprehensive advice on records and information management in the digital age. Topics include legal, retention, discovery and working with third party cloud providers.

ARMA, the American Records Management Association kindly provided Oil IT Journal with a review copy of ‘Igbok’, its 2018 Information governance body of knowledge, a 200-page compendium of information governance best practices and advice. What is information governance? Igbok defines it as an attempt at ‘balancing the cost of management tools and human resources against an organization’s information-based risks and opportunities’. This is achieved with the implementation of ‘transparent and consistently-applied policies, practices, and controls that address information needs across the organization’.

That is quite a broad remit and encroaches on many data management-oriented tasks. In fact, there is an interesting historical division of labors between the administrative and legal-oriented tasks of the typical ARMA member, and the overlapping fields of IT and technical data management and governance. So, how does ARMA and the Igbok stack-up against the more data and IT-related aspects of modern information management?

Our quick spin through the Igbok suggests that it does a pretty comprehensive job of addressing such issues. Igbok covers IM core concepts, the business value of the discipline and its cross-functional nature. Here, it offers insights as to how IM has evolved from its backroom tasks of organizing, filing, safeguarding and helping people find information to become the hub around which a constellation of information management tools and techniques revolve. Although technical data managers may see things differently. Igbok advocates application of the Generally Accepted Recordkeeping Principles ARMA’s own certification program but Igbok can be read without reference to the Garp. Information retrieval also falls under the Igbok purview. Here the approach is definitely one of ‘proper classification with the appropriate metadata’ rather than free-form text search. Igbok encourages records management professionals to work with IT on backup scheduling and on deciding what information needs to be retained long term to meet legal, regulatory and business requirements. Format conversion, the removal obsolete or redundant information are also addressed, as is the need for information protection throughout the information asset life cycle. Again, collaboration with IT and information security specialists is required to align information protection with regulations and corporate governance.

This review is turning into something of a check list which reflects the scope of the Igbok to an extent. 200 pages is probably a bit short to go into the depth required to implement all of the recommendations in the book, but there is more than enough food for thought and quite a few good questions to ask specialists elsewhere in the organization. Igbok’s main contribution to more IT-related practitioners may well be its coverage of the legal aspects of IM in a changing landscape. It points out that ‘protecting information that is under an organization’s direct control can be straightforward [ … ] but ensuring sufficient protection when information is transferred to a third party [ … ] such as a cloud-based service provider, requires extra diligence’. Cloud-based third parties must provide the same physical and virtual information protection of information according to the organization’s policies. This is to be achieved via service level agreements. Igbok observes that negotiating such with large service providers (read GAFA) is likely to be very challenging to all but the largest organizations with whom a significant volume of business is at stake. One suspects that getting cast iron guarantees from the GAFAs for this may be challenging even for the largest oil and gas companies.

Igbok equates ‘governance’ with a multi-disciplinary approach that spans information management, legal, risk/compliance, information technology, privacy, security and the business units. Citing author William Saffady, Igbok deprecates a ‘A siloed approach, in which stakeholders operate independently and, in some cases, competitively’ as incompatible with effective governance. An interesting observation in a world where new silos and specializations are constantly being created.

Igbok opines that ‘any major planned IT project, such as migrating to the cloud, rolling out a new big data strategy, or implementing new security software, may influence the IG strategic plan and priorities. Consult with IT and information security groups to accommodate such projects.’ Consulting may be putting things mildly!

Igbok speaks from the standpoint of a large organization with a substantial IM department operating in parallel with technical data management and IT. It is likely to be a valuable resource for such IM purists, but perhaps even more useful for smaller organizations (or larger ones that have downsized) who are desperately trying to map a pathway through the maze of the ‘cloud’, big data, GDPR, backup retention and, who knows, one day a major ‘discovery’ episode*.

Purchase your copy of the Information Governance Body of Knowledge from the ARMA store, a snip at $105.

* For a good example of such read our report of PG&E’s misery following the San Bruno explosion.

Click here to comment on this article

Click here to view this article in context on a desktop

© Oil IT Journal - all rights reserved.