Assessing Your Company’s Inventory Maturity Model – Level 2
The foundation for effective information governance, which provides for the appropriate management of information, is the identification of all information assets: documents, records, content, data, etc. This inventory provides the framework for implementing information governance. The inventory process has many levels, from human resources to technology systems to management processes. The inventory maturity model addresses the maturity levels in six areas, and details how criteria are defined for each maturity level — from chaotic to completely optimized. In this series of posts, I’ll discuss each of the six levels. All information from this series is available in the free Inventory Maturity Model for Information Governance Whitepaper.
Level 2: Repeatable
This maturity level contains some repeatable processes and functions, although the organization is still vulnerable to risks such as regulatory fines and negative audit/litigation outcomes. The resulting inefficiencies are costly, but moderately less than in the “chaotic” maturity level.
Responsibility: Responsibility levels for the identification of the organization’s information assets are done departmentally, or in silos. Example: An attorney insuring that the legal department knows what their categories of information are, but with no other groups in the organization having the same level of identification for their information assets.
Process: The process of identifying information assets is standardized, but the execution of this standardization is inconsistent. The group in charge of physical security might know, using a standard format, where the company’s hardcopy proprietary information is located. However, the organization’s electronic proprietary information is unidentified.
Formats: In Maturity Level 2, both the active and inactive hardcopy information assets are identified for organized departmental centralized files and off-site storage. The hardcopy in individual offices is not identified. For example, there would be organizational knowledge of all HR personnel files that are both active and inactive; however, there would be no identification of electronic data about employees that is tracked in the payroll system.
Stewardship: The stewards of hardcopy information assets are identified for departments, but this does not extend to electronic information. Example: the company has access to the names of all stewards responsible for hardcopies of executed contracts.
Duplication: There is more content identified at the second level of maturity; however, this identification is isolated and does not seek to identify duplication.
Information Governance: There is no comprehensive identification of the organization’s assets. Information governance is ad hoc. For example, certain hardcopy records are kept locked because there is identification of all proprietary and confidential hardcopy records.
In my next post, I’ll outline the organizational characteristics of a company at Level 3: Defined.