Information Governance Benchmark Survey 2018

Information Governance Benchmark Survey 2018

In the face of big data, the Internet of Things (IoT) and growing privacy concerns, information governance (IG) is now a key topic in boardrooms around the world. The role of IG has also expanded far beyond its original scope of legal and records information management (RIM) issues. Today, IG encompasses corporate and regulatory compliance challenges, information privacy and security concerns, IT data management processes and how lines of business manage their data.

The Compliance Governance and Oversight Council (CGOC) has evolved along with this trend. We have broadened the scope of our meetings and resource development to include these escalating concerns. Further, to better understand how these new challenges impact enterprise IG programs, we recently conducted an IG benchmark survey to measure progress since our first such survey in 2010.

Some of the survey results were just as we expected, including increased executive support for IG programs. However, we were shocked to find that there has actually been little substantial progress in bringing key processes to maturity when measured against the CGOC’s IG Process Maturity Model. This model identifies 22 critical processes that must be made more mature across legal, records, privacy and security, IT and business lines. It also provides a 4-level maturity scale for measuring process improvement and includes tools for developing a strong business case for the broader IG program.

The gap between the increased support for IG programs and the lack of measurable progress is best expressed in the following survey results:

  • Eighty-one percent of respondents report progress on their IG programs, while in 2010 only 33 percent had an IG improvement program in place.
  • Seventy-two percent say they have the appropriate level of executive support and leadership, up from only 43 percent in 2010.
  • Despite these positive signs, only 33 percent currently have an automated defensible disposal program in place, up from 22 percent in 2010 when 98 percent of respondents identified defensible disposal of information as a desired benefit! And the majority of respondents are still at level 2 maturity and below.   
  • Because of this lack of maturity, the volume of enterprise data with no business, legal or regulatory value, which stood at 69 percent in 2010, is still extremely high at 60 percent today.

This means that despite all the concerns about information privacy and security, the ever-increasing cost of information storage and management, increasing cost and risk around legal discovery and the desire to gain business insight from high-quality data, 67 percent of companies are still saddled with massive amounts of redundant, obsolete and trivial data (ROT). This data debris makes every IG task more complicated and expensive, leaving organizations at increased risk from a variety of vectors.

Why has progress been so slow? The primary cause is that organizations are not using the right yardstick to measure their IG program progress. For example, increased budgets and greater process efficiency are measurable signs of improvement. However, the tsunami of data that floods enterprises can be so overwhelming that ROT still cannot be eliminated in a timely way, leaving organizations at increased risk despite their valiant efforts. This is certainly not as easy to measure.

That is why in 2019, CGOC will focus on understanding the relationship between executives and their IG teams and how they can come together to better measure their programs against a meaningful standard.

Take a deeper dive into the CGOC Information Governance Benchmark Survey Report 2018 and consider becoming a member of the CGOC, where you will have the opportunity to meet with IG thought leaders and gain access to an ever-expanding body of vital resources.