Stating that maintaining good information governance has been challenging, over the past year, is an understatement. Organisations have faced an ever-changing landscape, having to enable new ways of working to keep up. Many organisations have found themselves balancing access to information, while implementing new health and safety guidelines. All the while, making sure they maintain compliance with information security standards and legislation.
So what exactly were the challenges? And what should we look out for in the future?
Access To Information
One of the biggest challenges has been how to give employees access to information, needed for their day-to-day work. This was particularly true in the first wave of working from home. Questions have been raised around maintaining governance and security, while moving away from the usual governance structures relied upon.
For physical records, there were concerns around the merits of allowing staff to take documents home. Was the best solution to open offices, with a limited capacity, to allow access? Or perhaps it was best to start a digitisation programme to digitise essential documents? (See our recent blog post for more on digitisation)
For electronic records, the concerns largely focused on the volume of access through remote connections. Organisations had to rapidly move to remote working models, however upgrading the ICT infrastructure often took some time. This was in addition to challenges employees faced, many needing to make accommodations of their own. While trying to keep up with the change, individuals within organisations may have resorted to work around solutions, such as unauthorised filesharing tools and sending potentially sensitive information by email.
The largest, and often hidden, governance issue stemming from this rapid transformation, is how to track and govern data downloaded and stored offline. There is a significant risk of unknown amounts of sensitive information being stored on employee computers. In many cases, this is potentially information with no retention, or other governance controls, applied. Bring Your Own Device (BYOD) policies, or other policies meaning new use of unfederated devices, only add to the potential risk.
Storage and Security
The conversation around access leads to a discussion around storage in the new environment. For physical records, there are questions surrounding storage and security of documents and files. Governance issues, that home working presents, can be difficult for organisations to navigate alone. There are new concerns around how employees are storing physical documents, if they are taken off site. Addressing these concerns is often made difficult by the limited resources of those in charge of information governance. But organisations should ask themselves:
- Have we communicated good practice effectively?
- Have we updated our policies and procedures, to reflect employee responsibility?
- Have we communicated the personal responsibilities to staff, highlighting that they may be risking data breaches by handling information incorrectly?
As for electronic documents, most organisations have seen an increase in the volumes of information created and stored. This is as employees, and external stakeholders, may be generating more electronic documents to minimise physical access issues. For example a shift to electronic invoicing, rather than paper invoicing.
New Collaboration Software
Governance of electronic documents may have been affected by any changes to software environments. For example, where new cloud storage repositories have been quickly rolled out.
A common example IFC supports with is a move to Microsoft 365 – we’ve seen significant pressure on implementation timescales and adoption of new productivity apps such as OneDrive, Teams or SharePoint. We’re seeing cases where these tools have been rolled out in haste, without time for adequate planning and governance controls. As a result storage volumes, as well as numbers of ‘containers’, are increasing at a substantial rate, with sustainability an often overlooked afterthought.
Getting to grips with the governance of these environments now, could save organisations considerable effort time in future.
Maintenance and Resolution
We’ve listed three top tips to combat these problems and improve information governance:
1. Review Policies and Procedures
Information governance policies and procedures need to be brought in line with new work environments. Moving forward, this could mean incorporating elements to control hybrid and cloud work environments. There needs to be consideration around employees potentially melding more flexible working patterns, with a combination of working from home and office environments.
2. Clear and Consistent Information Security Messages
Organisations need a consolidated platform to communicate updated information security to staff. This means ensuring they understand things like:
- Limiting access to sensitive data away from those they live with or are visiting
- Locking up sensitive data when not accessing, or locking and password protecting devices
- Updating relevant stakeholders about information they are physically holding, and the purpose.
3. Use Technology to Your Advantage
Look at software available to accommodate management of information that might now exist in hybrid formats. This could be to look at implementing a full digitisation project, to digitise physical records. Alternatively it could be to use software that can allow information managers to monitor records for management. Software can also support with retention and disposal functions.
Over the past 12 months, we have helped organisations facing many of these information governance challenges. We understand the intricacies of rolling out new ways of working, while ensuring that considerations around information management are not forgotten. If you would like to talk about any challenges your organisation may be facing, please get in touch.