Information Governance, GRaaS & Content Compliance Services
What is Information Governance and Governance as a Service (GRaaS)?
Governance is about how an organization conducts itself. It encompasses an organization’s policies and actions and includes a framework of rules and practices by which a board of executives and/or its equivalent ensures accountability, transparency, and fairness. Information governance (IG) is about the consistent management of an organization’s informational assets, cohesive policies, guidance, processes, and decision rights for a given area of responsibility. IG includes a framework of rules and practices that may be directly linked to corporate governance.
GRaaS combines a fully researched, web-accessible retention schedule—powered by the Iron Mountain® Policy Center solution—with robust, rules-based automation to apply those same written retention rules directly to documents that reside your content services platform solution from OnBase and IDT.
Why should organizations assess their Information Governance?
Most organizations are at risk of costly litigation due to noncompliance. Many organizations don’t realize how to go about properly assessing their risk level or how to begin this process. Organizations need to develop an information governance framework to begin solving these problems.
IDT’s Information Governance Assessment Overview
In almost every company, data is doubling each year and managing all this new data can be a real challenge. IDT’s Information Governance Assessment is designed to help you discover areas of strength and opportunities for improvement. The results will empower you to increase organizational transparency and data integrity while reducing risk. The IDT Information Governance Assessment follows the ARMA International Generally Accepted Recordkeeping Principles® and Information Governance Maturity Model (IGMM). IDT’s assessment is software product agnostic and is not tied to any specific Information Management solution that a company already uses or is evaluating for ownership. As a standard, our assessment identifies the critical hallmarks of information governance and provides both a standard of conduct for governing information and metrics by which to judge that conduct. In doing so, your organization will be able to give assurance to the public and society at large that you are meeting your responsibilities with respect to the governance of information.
Download and read the fact sheet on Information Governance
Information Governance includes a framework of rules and practices that may be directly linked to corporate governance.
How IDT’s Assessment Works
During our content services assessment, we conduct a series of targeted interviews, posing strategically-designed questions to your key stakeholders and executives. We are specifically looking to evaluate their understanding of the current policies, procedures, and use of tools to manage corporate information.
The areas of concern we address:
- Information Governance (IGP requirements included in FCPA, Sarbanes-Oxley, Dodd-Frank and COSO)
- IG roles and responsibilities
- The alignment of IT with IG
- Auditing records and information integrity
- Information security
- Third-party IG risk
- Best practices to avoid improper information disclosure
- Disaster recovery of electronic records
- IG compliance risks
- Litigation holds and e-discovery
- The sufficiency of IG training and documentation
The outcome of our assessment is a report summarizing the data we collected, our findings, recommendations and a score based upon the IGMM, which reveals weaknesses and strengths of your information-handling practices. These initial assessment results provide a map for plotting risk mitigation strategies and a baseline for measuring program improvement. This process ensures accountability through subsequent periodic assessments to monitor progress towards the implementation of appropriate controls.
Benefits of IDT’s Information Governance Assessment:
- Aids in evaluating employees’ understanding of and compliance with policies and procedures;
- Determines whether policies and procedures are consistently applied across the organization;
- Determines the sufficiency of training on policies and procedures;
- Determines the sufficiency of policy and procedure documentation;
- Provides feedback to Senior Management on how to modify employees’ information-handling behavior to achieve desired results;
- Identifies risks that are not effectively mitigated;
- Determines how organizations monitor and document compliance with applicable laws, regulations and standards;
- Creates the opportunity and impetus for organizational improvement;
- Validates that investments made in new policies, processes or electronic software tools achieve the desired results; and
- Creates a baseline to enable regular feedback to management, the board of directors and shareholders.