Building an Information Governance Program

Questions and Answers

What is a key benefit of Information Governance?

Maximizing the value of information while minimizing associated risks and costs (correct)

Minimizing the value of information

Ignoring the importance of information in achieving organizational goals

Maximizing the risks associated with information

What is the primary focus of Information Governance?

Focusing on data governance alone

Managing and governing all information across the organization (correct)

Only archiving and retrieving information

Managing only digital information

Why are records professionals well-positioned to contribute to Information Governance initiatives?

They only manage physical records

They have a deep understanding of the flow of information across the enterprise (correct)

They are not involved in information management

They have no understanding of information flow across the enterprise

What is the outcome of embracing Information Governance in an organization?

Improved decision-making and reduced risks

What is a key characteristic of Information Governance?

It is an integrated, strategic approach to managing information

What is the role of representatives from various departments in developing an Information Governance strategy?

Representatives from legal, HR, IT, and business units participate in developing the strategy

What is the primary goal of Information Governance in relation to business operations?

To ensure business continuity and provide access to necessary information

What is the definition of Information Governance according to Gartner?

The specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving, and deletion of information

What is a crucial aspect of an organization's legal and regulatory environment when designing an IG framework?

Compliance with governing laws and regulations

What are the three core elements of an IG governance framework?

Policies, processes, and compliance

What is the primary goal of an Information Governance program?

To minimize information risks and costs, while maximizing its value

What is necessary to understand for legal and compliance purposes in an IG program?

The difference between records and information

What should an IG framework address?

All information, whether meeting the definition of a record or not

What is a record, as defined in the context of IG?

Information created, received, and maintained as evidence and as an asset

What should a comprehensive RIM policy address?

Roles and responsibilities, communications and training, and metrics and monitoring

Why is it necessary to have a media-neutral records retention schedule?

To comply with applicable laws, regulations, and standards

What should be included in a policy team for an IG framework?

Representatives from the appropriate functional areas, including records management, information technology, business units, and others

What should be harmonized in an IG framework?

Policies governing communications, security, privacy, and compliance

What is the primary obligation of records management?

Accountability

Which of the following is NOT an objective of RIM programs?

Disposing of records without business needs

What is the term used to describe the field of management responsible for the efficient and systematic control of records?

Records Management (RM)

Which of the following risks is associated with not having a comprehensive records management program in place?

All of the above

What is an essential characteristic of information?

Its value

Why is it important to consider the value of information contained in records at each stage of the RIM lifecycle?

Because its value may increase or decrease over time

What is the term used to describe the services provided by the RM profession?

Records and Information Management (RIM)

What is the purpose of RIM programs in mitigating risks?

To reduce risks to the organization

What is the primary focus of some records management guidelines?

Technology that can automate records management functions

What is the benefit of having a RIM program in place?

A well-managed and secure records management system

What is the primary difference between a document and a record in an electronic environment?

A document is a work in progress, while a record is evidence of an action.

What is the main purpose of an Information Management System (IMS)?

To collect, store, organize, and distribute information.

What is the key characteristic of unstructured data?

It is difficult to classify and maintain.

What is the function of indexing, search, and disposal capabilities in document management systems?

To store and retrieve records within an electronic library.

What is the primary focus of the records and information lifecycle model?

Managing documents from creation to destruction or archiving.

What is the purpose of Information Lifecycle Management (ILM)?

To manage the flow of an information system's data and associated metadata.

What is a key difference between the records and information lifecycle model and the information lifecycle model?

The information lifecycle model does not mention creation.

What is the purpose of OCR (Optical Character Recognition) in document management systems?

To convert scanned images into editable text.

What is the primary characteristic of structured data?

It is organized in a way that makes it easily searchable.

What is the purpose of eSignatures in document management systems?

To enable secure and legally binding electronic signatures.

What is the primary focus of the records continuum model?

The integration of recordkeeping into business and societal processes

Which of the following is a principle of the records continuum concept?

The concept of record is inclusive of records of continuing value

What is the main difference between the records lifecycle model and the records continuum model?

The records lifecycle model emphasizes time-bound stages, while the records continuum model combines recordkeeping and archiving processes

What is Enterprise Content Management (ECM) according to AIIM?

A business goal or strategy for managing content

What replaced Enterprise Content Management (ECM) according to Gartner Analyst Michael Woodbridge?

Content Services and Intelligent Information Management

What is the primary focus of Content Services?

Utilizing information regardless of where it resides

What is a key characteristic of the records continuum model?

It combines the recordkeeping and archiving processes into integrated time-space dimensions

What is the role of the recordkeeping profession in the records continuum model?

To integrate recordkeeping into business and societal processes

What is the main goal of the records continuum model?

To fulfill both managerial and cultural responsibilities

Which of the following is an essential functional component of Enterprise Content Management (ECM)?

Document management

What is the main difference between data-centric technologies and traditional technologies?

Data-centric technologies treat data as the permanent source of value

What is a key aspect of Intelligent Document Processing (IDP)?

Extracting data from structured and unstructured content

According to AIIM, what is the primary goal of Intelligent Information Management (IIM)?

To integrate people, processes, information, and technology to achieve digital transformation

What is the purpose of a records inventory in a records management program?

To identify and analyze records and information

What is a key responsibility of the records management team at the World Bank Group?

Maintaining the WBG Management of Records Policy

What is a common characteristic of vendors that reengineered their on-premises products for the cloud?

They are traditional ECM vendors

What is the main focus of Content Services?

Managing structured and unstructured content

What is a key benefit of using Intelligent Document Processing (IDP)?

Reducing manual data entry

What is a key element of a comprehensive records management program?

Policy and procedure development

What is the main challenge of implementing Intelligent Information Management (IIM)?

Developing a comprehensive information management strategy

Which standard provides model, high-level functional requirements and guidance for software applications intended to manage digital records?

ISO 16175-1:2020

What is the primary purpose of the ISO 18128:2024 standard?

To assist organizations in assessing records risks

Which standard provides principles and guidelines for risk management?

ISO 31000:2018

What is the purpose of the ISO/TR 23081-3: 2011 standard?

To provide guidance on conducting a self-assessment on records metadata

Which family of standards deals with information security management systems?

ISO/IEC 27000

What is the purpose of the ISO 30300:2020 standard?

To provide terms and definitions relevant to the core concepts of the records management domain

Which standard addresses the development and implementation of a records policy and objectives?

ISO 30301:2019/Adm 1:2024

Which standard provides a practical application of the concept of appraisal introduced in ISO 15489-1:2016?

ISO/TR 21946:2018

Which standard establishes a framework for defining metadata elements consistent with the principles and implementation considerations?

ISO 23081-2:2021

What is the primary purpose of developing Records Retention and Disposition Schedules?

To document business needs for information and archival value decisions.

What is the primary focus of the ISO 16175-2:2020 standard?

To provide guidance for decision making and processes associated with the selection, design, implementation and maintenance of software for managing records

What is the term used to describe standards that are developed informally, used often and widely, and accepted as standard practice?

De facto standards

Which standard provides implementation guidance for the creation, capture, and management of records?

ISO 15489-1:2016

What is the primary focus of records management programs?

To safeguard physical and electronic records

What is the benefit of considering prevailing trends in case law when evaluating risk?

It provides insight into governing laws, regulations, and standards

What is the purpose of technical reports in standards development?

To provide implementation guidance

What is the primary goal of regulatory compliance in records management?

To safeguard physical and electronic records

What is the purpose of the WBG Records Center and Archives?

To preserve analog and digital records of enduring value

What is the role of standards in records management?

To create a professional environment of best-practice procedures

What is the purpose of ARMA’s Generally Accepted Recordkeeping Principles?

To provide codification of practice for records management

What is the estimated percentage change in data creation and replication worldwide from 2010 to 2027?

14450%

What is the primary purpose of a national standards development body in relation to formal standards?

To develop and maintain formal standards

What is the term used to describe a rule or order issued by an executive authority or regulatory agency of a government?

Regulation

What is the name of the act that established the National Archives to centralize federal recordkeeping in the United States?

National Archives Act of 1934

What is the primary purpose of the Freedom of Information Act (FOIA) of 1966?

To ensure public access to U.S. government records

What is the estimated percentage of global data that will be unstructured by 2025, according to IDC?

80%

What is the primary goal of managing records in a prudent and defensible manner?

To minimize risk and establish proof of compliance

What is the name of the act that amended the Federal Records Act of 1950 to clearly include electronic records and grant the Archivist final determination as to what constitutes a federal record?

Presidential and Federal Records Act Amendments of 2014

What is the primary purpose of laws and regulations in relation to records management?

To provide guidance on the retention and disposition of records

What is the primary function of the Office of the Federal Register?

To provide access to the official text of federal laws and presidential documents

What is the basis of records management in the federal government?

The Federal Records Act of 1950

What is the purpose of Title 36 of the United States Code?

To provide policies for federal agencies' records management programs

What is a system of records, as defined by the Privacy Act of 1974?

A group of records under the control of any agency from which information is retrieved by the name of the individual

What is the purpose of 36 CFR 1220, subchapter B?

To specify policies for federal agencies' records management programs

What is the purpose of the Code of Federal Regulations (CFR)?

To codify the general and permanent rules published in the Federal Register

What is the purpose of the Federal Records Act of 1950?

To ensure that federal agencies make and preserve records containing adequate and proper documentation

What is the purpose of Title 44 of the United States Code?

To address records management in the federal government

What is the purpose of the National Archives and Records Administration (NARA)?

To provide policies for federal agencies' records management programs

What is the purpose of 44 USC Chapters 21, 22, 29, 31, and 33?

To provide policies for federal agencies' records management programs relating to RIM

Which of the following technologies has been adopted by professionals in various industries to speed up business transactions without increasing risk?

Electronic Signatures

What is the primary focus of Rule 26 and other amendments of the Federal Rules of Civil Procedure?

The production of evidence in federal court cases

According to Rule 37e, what is the consequence of failing to preserve Electronically Stored Information?

All of the above

What is the concept introduced by Rule 26(b)(1) of the Federal Rules of Civil Procedure?

Proportionality

What is the requirement for credit unions to maintain electronic records according to the E-Sign Act?

All of the above

What is the primary focus of the Sarbanes-Oxley Act of 2002?

Protecting shareholders and the public from accounting errors and fraudulent practices

What is the purpose of the National Credit Union Administration's checklist of questions?

To ensure compliance with the E-Sign Act

Which of the following is a requirement for businesses under the Electronic Signatures in Global and National Commerce Act (E-SIGN)?

Obtaining consumers' electronic consent to receive information electronically

What is the primary goal of the Financial Industry Regulatory Authority (FINRA) in relation to recordkeeping?

To ensure fair and honest operations in the broker-dealer industry

What is the consequence of not taking reasonable steps to preserve Electronically Stored Information?

Adverse inference instruction

What is the purpose of HIPAA regulations in the healthcare industry?

To protect individually identifiable health information

What is the focus of the amendments to the Federal Rules of Civil Procedure?

E-discovery procedures

What is the consequence of noncompliance with the Sarbanes-Oxley Act of 2002?

Fines, imprisonment, or both

What is the main purpose of the Electronic Freedom of Information Act Amendments of 1996?

To require agencies to release records in electronic form on request

What is the role of the Administrator of General Services in records management?

To establish records management guidelines for federal agencies

What is the purpose of Rule 30 of the U.S. SEC Regulation S-P?

To require written policies and procedures to safeguard customer records and information

What is the primary goal of the Privacy Act of 1974?

To establish safeguards for the protection of records that the federal government collects and maintains on U.S. citizens

What is the primary focus of Chapter 33 of the Code of Federal Regulations?

Disposal of records, including definitions and guidelines

What is the main difference between the Presidential Records Act of 1978 and the Presidential and Federal Records Act Amendments of 2014?

The Presidential Records Act of 1978 governs the official records of Presidents and Vice Presidents, while the Presidential and Federal Records Act Amendments of 2014 modernized the PRA of 1978

What is the primary focus of the Paperwork Reduction Act of 1995?

To require agencies to obtain the approval of Office of Management and Budget (OMB) before requesting most types of information from the public

What is the purpose of Regulatory Notice 22-29 published by FINRA?

To alert firms to increased ransomware risks and provide strategies to defend against threats

What is the primary focus of Chapter 31 of the Code of Federal Regulations?

Records management by federal agencies

What is the main purpose of the U.S. Electronic Signatures in Global and National Commerce (ESIGN) Act of 2000?

To grant electronic signatures the same legal status as handwritten signatures throughout the United States

What is the primary goal of the FOIA Improvement Act of 2016?

To establish a minimum of ninety days for requesters to appeal an adverse determination

What is the main difference between a digital signature and an electronic signature?

A digital signature uses a digital certificate from a trust service provider (TSP), while an electronic signature uses any electronic process to indicate acceptance of an agreement or record

What is the primary responsibility of the Archivist of the United States?

To control, preserve, and provide access to presidential records of past presidents

What is the main purpose of the E-Government Act of 2002?

To promote the use of the internet and other information technologies to improve government services

What is the primary focus of the Presidential Records Act of 1978?

To govern the official records of Presidents and Vice Presidents created or received by all Presidents who come into office after January 20, 1981

Study Notes

Information Governance (IG)

• IG is an integrated, strategic approach to managing, processing, controlling, archiving, and retrieving information as evidence of all transactions of an organization. • IG provides a framework for the "conservative side of information management." • It includes processes, roles, and policies, standards, and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.

Records Management (RM) and Information Management (IM)

• RM is the field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, and disposition of records. • IM is a holistic approach that manages both records and information. • The term Records and Information Management (RIM) is often used to describe the services provided by the RM profession.

Records and Information Management Objectives

• Develop and/or identify standards or procedures for the effective, efficient, and secure management of records and information. • Provide effective control, appropriate security, and management over the creation, maintenance, use, and disposition of all records within the organization. • Ensure that records accurately reflect the business practices, policies, and transactions of the organization. • Simplify the activities, systems, and processes of records creation, maintenance, and use. • Preserve and dispose of records in accordance with business needs, statutes, and regulations. • Protect essential records; facilitate business continuity in the event of a disaster. • Protect records of historical importance; provide evidence of business, personal, and cultural activity. • Maintain corporate, personal, and collective memory.

Risks Associated with RIM

• Damage to the organization's reputation • High costs for information management and storage • Lost files and risk of spoliation • Legal discovery penalties or sanctions • Audit and compliance violations • Cybersecurity risks

Records and Information Management Lifecycle

• Capture/Creation • Organization and Storage • Use and Maintenance • Disposition • Destruction or Archiving

Information Management Lifecycle Model

• Capture • Organization and Storage • Retrieval and Use • Maintenance • Disposition • Destruction or Archiving

Records Continuum

• An alternative to the records lifecycle model • Emphasizes the overlapping characteristics of recordkeeping—evidence, transaction, and identity of the creator • Deemphasizes the time-bound stages of the lifecycle model • Combines recordkeeping and archiving processes into integrated time-space dimensions

Enterprise Content Management (ECM)

• Defined by AIIM in 2000 as business goals, strategies, and processes that help guide effective content and data capture, management, storage, preservation, and delivery • Not a tool or technology, but a comprehensive approach to content and data management • Includes document management, records management, image-processing applications, social content/collaboration, content workflow, packaged apps and integration, analytics, and extended components such as digital asset management and enterprise search

Content Services and Intelligent Information Management

• Content Services: a new way of thinking about utilizing information regardless of where it resides • Includes Content Services Applications, Platforms, and Components • Provides a more rapid and cost-effective way to deliver content services while maintaining an appropriate level of governance and compliance • Intelligent Information Management (IIM): integrates people, processes, information, and technology to achieve digital transformation

Intelligent Document Processing (IDP)

• Uses natural language technologies and computer vision to extract data from structured and unstructured content, especially from documents, to support automation and augmentation • Includes the ability to transform paper to images### Records Management Program Elements

• A comprehensive records management program includes policy and procedure development, records inventory, appraisal, retention, and disposition, active files management, inactive files management, preservation and access, essential records protection, disaster recovery, and business continuity planning, and training and outreach programs.

Records Management Activities

• The World Bank's records management team is responsible for the strategic management of records and information, including:
  • Maintaining the WBG Management of Records Policy
  • Appraising the business, legal, and research value of records
  • Developing Records Retention and Disposition Schedules
  • Providing guidance and training on records management
  • Supporting the transfer of valuable records to the WBG Archives
  • Preserving analog and digital records of enduring value

Standards, Laws, Regulations, and the Legal Environment

• Regulatory compliance is necessary to safeguard physical and electronic records, shield organizations from risk, and control costs.
• Standards, technical reports, and guidelines provide a professional environment for best-practice procedures, enabling organizations to develop compliant records/information systems, policies, and procedures.
• Types of standards include:
  • De facto standards (developed informally, widely accepted, and used often, e.g., QWERTY keyboard and GIF images)
  • De jure standards (adopted by an official standards-setting body, e.g., ISO)
• Examples of ISO standards and technical reports relevant to RIM/IG:
  • ISO 15489-1:2016, Records Management, Concept and Principles
  • ISO/TR 15801:2017, Document management—Electronically stored information—Recommendations for trustworthiness and reliability
  • ISO 16175-1:2020, Information and documentation—Processes and functional requirements for software for managing records—Part 1: Functional requirements
  • ISO 16175-2:2020, Information and documentation — Processes and functional requirements for software for managing records — Part 2: Guidance for selecting, designing, implementing and maintaining software for managing records
  • ISO 18128:2024, Information and documentation—Records Risk: Risk Assessment for records management
  • ISO/TR 21946:2018, Appraisal for Managing Records
  • ISO 23081-1:2017, Information and documentation—Records management processes—Metadata for Records—Part 1: Principles
  • ISO 23081-2:2021, Information and documentation—Metadata for managing records—Part 2: Conceptual and implementation issues
  • ISO/TR 23081-3:2011, Information and documentation—Metadata for managing records—Part 3: Self-assessment method
  • ISO/IEC 27000 family, Information security management systems
  • ISO 30300:2020, Records management—Core concepts and vocabulary
  • ISO 30301:2019/Adm 1:2024, Information and documentation—Management systems for records—Requirements, Amendment 1: Climate action changes
  • ISO 31000:2018, Risk Management Guidelines

Laws and Regulations

• In 2010, 2 zettabytes (ZB) of data were created and replicated worldwide, projected to grow to 291 ZB in 2027.
• IDc predicts that 80% of global data will be unstructured by 2025 and stored everywhere.
• Records retention and disposition decisions will still be made about many high-value business records due to official actions.
• Examples of key U.S. federal statutes related to records management:
  • National Archives Act of 1934
  • Federal Records Act of 1950
  • Freedom of Information Act (FOIA) of 1966
  • Privacy Act of 1974
  • Presidential Records Act (PRA) of 1978
  • Paperwork Reduction Act of 1995
  • U.S. Electronic Signatures in Global and National Commerce (ESIGN) Act of 2000
  • E-Government Act of 2002### Federal Records Management
• The Code of Federal Regulations (CFR) is the codification of general and permanent rules published in the Federal Register by executive offices and agencies of the Federal Government.
• Title 36 of the CFR is most relevant to Records and Information Management (RIM), covering topics such as creation and maintenance of federal records, records disposition programs, and electronic records management.

United States Code (USC)

• The USC is the consolidation and codification of the general and permanent laws of the United States.
• Title 44 of the USC is especially relevant to RIM on the federal level, covering topics such as the National Archives and Records Administration (NARA), Presidential Records, and Records Management by Federal Agencies.

Sarbanes-Oxley Act (SOX)

• Enacted by the U.S. Congress in 2002 in response to the Enron and WorldCom financial scandals.
• _administered by the Securities and Exchange Commission (SEC).
• Applies to all public companies in the U.S., international companies that have registered equity or debt securities with the SEC, and the accounting firms that provide auditing services to them.
• Contains three rules that affect the management of business records:
  • Destruction, alteration, or falsification of records.
  • Retention period for records storage of at least five years.
  • Types of business records that need to be stored, including electronic communications.

Financial Industry Regulatory Authority (FINRA)

• Requires brokerage firms and their registered representatives to operate fairly and honestly.
• Governed by Rule 30 of the U.S. SEC Regulation S-P, firms must have written policies and procedures to safeguard customer records and information.
• Provides guidance to firms through regulatory notices, including alerts on ransomware risks and strategies to defend against threats.

Health Insurance Portability and Accountability Act (HIPAA)

• Federal statute to standardize the electronic exchange of information between trading partners.
• Establishes privacy and security standards to protect individually identifiable health information.
• Healthcare-related organizations and employers outside of the health sector who store records regarding employee health must comply with HIPAA rules and regulations.

Electronic Signatures in Global and National Commerce Act (E-SIGN)

• Enacted by Congress in 2000 to facilitate the use of electronic records and signatures.
• Ensures the validity and legal effect of contracts entered into electronically.
• Requires businesses to obtain consumers' electronic consent or confirmation to receive information electronically that a law requires to be in writing.
• Recommends maintaining a record of the transaction in the form of an audit trail.

Federal Rules of Civil Procedure (FRCP)

• Governs the conduct of civil actions brought into federal district courts.
• Rules 26 and 27 govern the production of evidence in most federal court cases.
• Amended in 2015 to impact e-discovery procedures, introducing the concept of proportionality and focusing on "failure to preserve Electronically Stored Information".

Description

This quiz covers the importance of information governance in organizations, its evolution, and its significance in the current business landscape.