Assessing Your Company’s Inventory Maturity Model: Level 1
The foundation for effective information governance, which provides for the appropriate management of information, is the identification of all information assets: documents, records, content, data, etc. This inventory provides the framework for implementing information governance. The inventory process has many levels, from human resources to technology systems to management processes. The inventory maturity model addresses the maturity levels in six areas, and details how criteria are defined for each maturity level — from chaotic to completely optimized. In this series of posts, I’ll discuss each of the six levels. All information from this series is available in the free Inventory Maturity Model for Information Governance Whitepaper.
Level 1: Chaotic
The lowest maturity level is uncontrolled chaos, at which the organization is most vulnerable to risks such as regulatory fines, negative audit outcomes and other costly inefficiencies.
Responsibility: Responsibility levels for the identification of the organization’s information assets are not defined. If they exist at all, they are both need-based and reactive. Example: Assigning responsibility to know where particular assets are for a divestiture or lawsuit.
Process: The process of identifying information assets is uncontrolled, varying from one area to another based on need. The privacy officer might have a spreadsheet of the locations for private information, but these are isolated and inconsistent.
Formats: The lowest level of maturity will generally focus on inactive records stored off-site, at a commercial records center or company-owned facility. There is no identification of records that exist in electronic formats, regardless of their location.
Stewardship: The importance of knowing the stewards of information is not recognized, and if there are stewards identified, it is a by-product of any process for sending hardcopy records off-site. Identifying the steward for a particular type of electronic record would not be possible at this stage.
Duplication: Categories of information are identified — with isolated instances of de-duplicating — as part of sending records off-site. Duplication between the electronic and hardcopy versions of records would not be available.
Information Governance: There is no identification of the organization’s assets — the foundational process for information governance. Any information governance would be executed without identifying resources for the organization’s categories of information.
In my next post, I’ll detail Level 2: Repeatable.