Assessing Your Company’s Inventory Maturity Model – Level 3
The foundation for effective information governance, which provides for the appropriate management of information, is the identification of all information assets: documents, records, content, data, etc. This inventory provides the framework for implementing information governance. The inventory process has many levels, from human resources to technology systems to management processes. The inventory maturity model addresses the maturity levels in six areas, and details how criteria are defined for each maturity level — from chaotic to completely optimized. In this series of posts, I’ll discuss each of the six levels. All information from this series is available in the free Inventory Maturity Model for Information Governance Whitepaper.
Maturity Level 3: Defined
In this maturity level we find much more definition of processes and functions. This is where the majority of organizations are today, having moved from a hardcopy information governance model to one that includes electronic information. This move is often driven by risk and usually pertains to only portions of the organization’s electronic information. This level of maturity indicates that the organization is still vulnerable to risks such as regulatory fines and negative audit/litigation outcomes. The inefficiencies at this level can be costly, but much less so than in previous levels.
Responsibility: There is recognition of the need for central coordination, and responsibility is assigned and staffed. Often the centralized responsibility is not staffed at the level necessary for the proper identification of the organization’s information assets, and the process is never completed and rarely updated.
Process: The process for inventorying is standardized and consistent. This might involve using an enterprise-wide spreadsheet or database to memorialize the information. The process does not include provisions for periodic updates. If there was a divestiture, the information that was divested might not be memorialized.
Formats: The vast majority of information in today’s organizations is electronic. At this maturity level, there is an attempt to address electronic information based on its level of risk. For some, this could be email; for others, their electronic accounting/financial information.
A significant percentage of the electronic information would not be addressed.
Stewardship: During the inventory, the stewards of each information asset would be identified. This would relate to both hardcopy and high-risk electronic records. Because a large volume of electronic information would not be identified, neither would the stewards be identified. The stewards of financial and accounting electronic information would be identified, but the lower-risk electronic information related to human resources would not be identified.
Duplication: At this maturity level there is a deliberate effort to identify the information assets and areas of duplication. This includes duplicates throughout the enterprise and media duplicates that could exist within departments. If the records related to a project exist in both electronically and in hardcopy, this is identified.
Information Governance: The identification of the organization’s assets establishes the framework for information governance. Information governance is applied to various silos based on risk. For example, an organization may audit the protection of both private information and confidential information against the data contained in the inventory.
In my next post, I’ll detail the characteristics of Maturity Level 4 – Defined.