Much has happened in the world of information governance since 2012. I use 2012 as my yardstick because that’s when the original CGOC Information Governance Process Maturity Model was created. The writers and working group members who put it together were experts and visionaries, and as such, over the last five years, the model has retained its place as the industry’s indispensable guide to building and measuring a comprehensive Information Governance program.
Now, however, with almost weekly announcements of breaches at large corporations and the government, organizations no longer wonder “if” they will be hacked, just “when,” and they take the threat much more seriously. Meanwhile, governments and the business community have placed an increasing emphasis on a person’s right to data privacy.
Another key development is the increasing acceptance of the science behind analytics and machine learning. The obstacle they now face is how to collect and use data legally, ethically and within the parameters of their compliance structure. This has led to the emergence of the Chief Data Officer (CDO), who leverages, protects, and promotes an organization’s rapidly growing data assets, ensuring quality and provenance.
Cloud adoption has been another significant shift over the last five years as it continues to get cheaper and easier to outsource data to someone with the infrastructure to handle it. However, with that come IG challenges, including those around classification, over-retention, Shadow IT and geolocation.
As a result of these shifts and trends, it became necessary to update the CGOC Information Governance Process Maturity Model, revising some old processes and adding new ones to guide practitioners through the developments. The new Cloud Computing process ensures Information Governance safeguards are applied to non-traditional procurement and provisioning channels such as cloud services. The Data Quality and Data Lineage process focuses on ensuring data is accurate and fit to serve its intended business or compliance purpose. The Privacy and Data Protection Obligations section now reflects evolving data privacy concerns, including the impact of the GDPR. The cost lever, Data Security: Cost Reduction through Process Maturity, helps organizations measure the impact process improvements can have on the per record cost of a data breach.
Updated by Heidi Maher, Executive Director, and Jake Frazier, Faculty Chair, of the CGOC, the latest release of the guide includes the following:
2017 CGOC Information Governance Process Maturity Model
- The Privacy and Data Protection Obligations section now reflects evolving data privacy concerns, including the impact of the GDPR.
- A new cost lever, Data Security: Cost Reduction through Process Maturity, helps organizations measure the impact process improvements can have on the per capita cost of a data breach.
- The Cloud Computing process ensures IG safeguards are applied to non-traditional procurement and provisioning channels such as cloud services.
- The Data Quality and Data Lineage processes focus on ensuring data is accurate and fit to serve its intended business or compliance purpose.
Three additional processes relate to data security best practices:
- External Intrusion focuses on creating a framework for deterring, thwarting and identifying external bad actors.
- Accidental Data Leakage focuses on developing safeguards around classifying confidential information and preventing it from leaving via the network or employee devices.
- Insider Theft of Data focuses on preventing employees from stealing information assets.
To download the Maturity Model, please sign in as a member or complete the easy membership sign-up