It governance is a framework that ensures your organisation's IT infrastructure supports and enables the achievement of the organizations strategies and objectives.
As I get ready to dig deep into Governance for my organization, I wanted to share with you all some of the information that I am taking into consideration. I am not re-creating the wheel, although it does feel like ground zero! I am starting with a checklist so that I don't bite off more than I can chew! I have gathered some baseline information to take into consideration. I am also interested in what other items you all might consider adding to the list, perhaps even another category!
Governance should mitigate risk and improve organization performance, allowing for growth!
The following 6 items are the focus for my project, and I am certainly open to additional considerations on how to best create and deploy governance!
How much data do we have?
Where does our data come from?
How much new data do we generate each year?
What kind of data do we have?
Current Records Management Systems
How do we currently handle our data?
What is our current records management policy?
Where do we store our data?
Where do we store our current backups of data?
How long are we storing our data?
How are we handling our physical records?
What groups are currently involved in the data management process?
Have we identified all parties who need to be involved in the decision making process to make changes to current data management process?
Do we have policies in place regarding use of personal devices and data storage
Do we have policies in place regarding backing up devices regularly either to company owned devices or network locations.
Do we segregate out legal hold data?
How do we identify legal hold data?
How can we recall the data we need to respond in a litigation or inquiry?
Do we have a process in place for departing custodians under legal hold?
Who controls our data?
Who needs our data?
What organizational data management policies are already in place?
How much data storage do we have? How much will we need going forward?
What types of data sources do we have?
What data can we delete?
Do we have a Mobile Device Management Software in place?
How quickly can we aggregate and organize our data?
Do we need to classify our data?
Can you access remote data without the device?
Mitigating Risk and Creating Cost Savings
Can we navigate through our data easily?
What are our current personally identifiable information or other sensitive data policies?
Will our new data management policies address regulatory requirements?
How much money are we spending on managing out data?
How much time are we speeding on managing our data?
How often do we need to revisit our data management tools?
What protections do we have to prevent data loss?
Have we established an archiving system for transient data?
How quickly can we implement change to our data management process?
Who will we leverage internally and externally to help in changing our data management process?
Gave we involved all necessary stakeholders that could be affected by changes in data management policies?
How will this affect our current compliance policies?
Will we be able to maintain an independent process and if so who will oversee it?
Do we have the governance structure to implement effective data classification?
How flexible will our data management have to be?
How will we handle new types of data, separating employees?
How well do our technology solutions support enforcement of leading practices an policies?