Skip to main content

Build-in Information Governance - Section Quick Links

Too much content with too few controls is a real liability. This habit looks at how to embed Information Governance into your ECM system and content-driven processes.

Build in Information Governance

Why is Information Governance Important?

Information Governance is all about taking control of business information—not just your unstructured digital content, but also structured data and paper documents. It encompasses the policies, procedures, and technologies that determine how your organization manages, secures, uses, retains, and disposes of this information.


Why is Information Governance important?

A robust Information Governance program helps your organization comply with laws and regulations, safeguard its data and reputation, and respond efficiently to eDiscovery or Freedom of Information Act (FOIA/FOI) requests. It also prevents information overload by keeping only the most valuable content.


What’s the urgency?

Organizations face ever-growing compliance obligations, like the new General Data Protection Regulation (GDPR) in the EU and the new NYDFS Cybersecurity Regulation (23 NYCRR Part 500) in the U.S. High-profile hacks, leaks, and data breaches (Equifax, Sony, US Office of Management and Budget, and Yahoo) amplify security risks. And the explosive growth in the volume and variety of content isn’t going to stop.


But we’ve already got a records management system

Records management is just one part of a broader Information Governance program. You also need to consider issues like data security and eDiscovery.


Plus, many companies have struggled with legacy records management systems due to low user adoption and a bolt-on approach. Distributed content stores, mobile working, and the use of unsanctioned file-sharing sites add to the challenge of managing records in a consistent, compliant way.

Question:What legal and regulatory requirements do you need to meet?
Read this report on understanding GDPR readiness.

The Role Enterprise Architects Play in Information Governance

Information governance requires a holistic approach that can include people from legal, finance, corporate risk, HR, IT and lines of business. As experts in using technology to meet business objectives, here’s how enterprise architects can strengthen Information Governance:


  • Systems Assessment. Identify the systems that store business content and records. These can include ECM repositories; CRM, ERP, HR, and LOB systems; e-mail inboxes, SharePoint sites, collaboration apps, and shared drives. An audit like this is often the first step in a new governance or compliance initiative.
  • Solution Architecture. What’s the best way to set up your governance solution when content and records are spread across so many disparate systems? You’ll need to decide whether records should be managed in place (in the applications where they were created) or in a centralized repository. For many organizations, a hybrid approach is the right call. 
  • Technology Selection. Evaluate the technologies that can help your organization meet its compliance and governance objectives. Top considerations include how well they work with your existing systems and content repositories and how easily they integrate Information Governance into the natural flow of business. The less manual intervention the better.
  • Cloud Adoption. Put cloud storage in your plans for significant savings over housing everything on-premises. Providers like AWS offer several tiers of secure, highly durable storage to meet a variety of data access and retrieval needs. Plus, you’ll get more value from your content by consolidating it on a modern platform where it’s available to people across the enterprise. To learn more about the benefits of cloud storage, read our habit on Embrace a Cloud Architecture.
  • Digital Transformation. Don’t treat a new compliance requirement like a check-the-box exercise. Instead, use it as a catalyst for digital transformation. Look for opportunities to optimize information flows, automate repetitive functions, and modernize your infrastructure. The payoffs include improved business outcomes and a better end user experience.



Best Practices for Sustainable Information Governance

Here’s how some of the most forward-looking companies use technology to build an effective Information Governance program.


  1. Aim for Invisible Information Governance
    A governance solution is useless if people don’t, well… use it. So, take advantage of technologies that allow governance to happen “invisibly” behind the scenes. By bypassing end users, your business is in a better position to run a consistent, legally defensible governance program. Examples include:

    “Take advantage of technologies that allow governance to happen “invisibly” behind the scenes. By bypassing end users, your business is in a better position to run a consistent, legally defensible governance program.”

    • Intelligent Classification. Solutions with this capability use a business rules engine to automatically declare a record, populate its metadata, and file it in the right place. Records management can be integrated seamlessly into any workflow. It’s effortless for users and eliminates haphazard, error-prone manual processes.

    • Auto-Classification Engines: These solutions use machine learning and analytics to automate content classification at scale. They discover and tag sensitive or compliance-related data (like personally identifiable information, or PII) in TBs of unstructured content—a must for complying with regulations like GDPR or 23 NYCRR 500.

  2. Manage Records Holistically 
    A strong information governance program requires a unified records management strategy. That means giving records managers the ability to apply standard policies and classification schemes to content stored in disparate applications and locations. A central hub for records management provides maximum flexibility for both the business and IT, with the ability to manage records in place, in a centralized repository, or both. 

  3. Build in Extra Controls
    Extra security controls are needed to comply with today’s increasingly strict data protection regulations. Look for features that allow the business to limit which content people can see and what they can do with it. These safeguards go well beyond basic access control lists and permissions to include capabilities like:

    • Security marks that identify content as having sensitive information (such as PII)
    • Security classifications (top secret, secret, etc.) that travel with a file
    • Roles that control the actions individuals can take with a file
    • Encryption of content in transit and at rest

    And while compliance is one thing, demonstrating it is another. Audit logs that detail the complete lifecycle of governed content can help you show compliance with confidence.

  4. Future-Proof Your Solution Information Governance isn’t a set-it-and-forget-it program. The technologies you implement need to be flexible enough to support new compliance and business demands—because they’re coming. Here are some features that will future-proof your solution:

    • Open architecture so that records remain readable and accessible over time
    • Connectors to a wide range of systems to support an evolving software environment
    • Cloud-ready to enable durable, low-cost storage on a modern platform
    • Ability to manage multiple file types, including video, email, and social media
    • Ability to handle explosive growth in content
    • Certified or aligned to leading industry standards like DoD 5015.02 and ISO:15489

Question:Can you consistently apply governance policies to content and records across their lifecycle?
Learn more about implementing a modern records management system for your business.

Newsletter Signup:

Join thousands of other IT strategists getting the latest news and thought leadership from Alfresco in their inbox every week. Enter your email address below:
Thanks! We’ll be in touch soon.

Checklist for New Compliance Requirements

Improved regulatory or legal compliance is the top driver for ECM investment in 2017, according to research from Forrester. Here are a few of the new regulations that have organizations scrambling to upgrade their Information Governance capabilities. Which apply to you?


  23 NYCRR Part 500 GDPR NARA 2019
Description Set of cybersecurity requirements intended to protect customer data and information systems Set of data protection laws that cover the management, use, and security of personal data Mandate to manage all permanent records in electronic format
Applies to Financial services firms that operate in New York state Companies around the world that hold personal data on EU citizens U.S. federal agencies
Enforcement Date August 28, 2017 May 25, 2018 December 31, 2019
What's at Stake Fines, imprisonment, and possible shut down of an organization’s business in New York state Fines of up to 4% of annual global revenue in event of a security breach An opportunity to modernize government operations
Good to Know

Sets a new high watermark for compliance with specific requirements and teeth behind it


Expected to have a ripple effect in other U.S. states

GDPR applies in the UK even with BREXIT


Only 23% of companies feel they are fully prepared for 2018 deadline

Technologies used to meet the 2016 mandate for managing email records won’t cut it 


Question:How are you preparing your business for new compliance mandates?
Learn how to get ahead of regulations and apply best compliance practices.

Explore More

Overcoming Information Governance Inertia
Webinar: Learn simple steps to combat compliance risk & secure your information.
Watch now

White Paper: Understanding GDPR Readiness in 2017 – AIIM Report

Read Now

Video: Alfresco ArchiTech Talks – Governance Services

Watch Now

White Paper: Modernizing Records Management: Taking Action Beyond Compliance

Read Now

7 Habits Main Page


Forrester: The Five Key Trends for 2017 That Shape How We Manage Content, p 3

AIIM: Understanding GDPR Readinness in 2017

Ponemon Institute: 2017 Cost of Data Breach Study, p 1

Talk to an Expert
Please submit your information below and one of our experts will reach out to you in the next 48 hours. We look forward to hearing from you!
Thanks! We’ll be in touch soon.