Since the organization that owns CRISC, CGEIT, et. al is ten times larger
and better funded than ARMA with research money, my answer is that they are
eminently suitable to establish framework in a truly comprehensive and
authoritative manner. And, they have established multiple international
information governance frameworks recognized by audit, information
technology, project management, risk management, and information security
credentialing bodies.
COBIT (v5 now available) is just one information governance framework that
has extended its reach even further into the world of information governance
to include the need for retention schedules, lifecycle management, and
"governance" of information, regardless of the media. There are several
other frameworks available depending on the preference of each organization,
but COBIT is by far the most recognized by multiple professional groups that
offer credentials associated with managing information risk (i.e. risk
management, internal audit, project management, and information security
professionals). So, why are we not in collaboration with these
organizations instead of inventing a different framework when there are
information governance frameworks already recognized by multiple groups?
Information Technology departments do focus a great deal on managing the
technology that contains the information, but they are now rapidly shifting
to manage the information lifecycles as well because a large number of
Records Managers are unable to do it without help from Information
Technology. In many organizations, it is considered easier to teach IT how
define and manage a record lifecycle within an acceptable level of risk than
to teach a Records Manager how to manage information governance across
multiple technology platforms (a point that I strong disagree with whenever
I get the chance). In a tough economy, this is why many Records Managers
lose their jobs before the IT department takes a hit.
Any good information governance framework will help the organization various
departments define optimum conditions, measure the maturity of the existing
business process, rate the risks associated with the current business
process, and determine whether or not the risk is acceptable. I always
encourage CRM's who are trying to learn the "language and viewpoint" of IT
begin with their organization's information governance framework used to
measure success and maturity of the information management model throughout
the organization. It is, without a doubt, a very useful tool to begin
addressing information governance issues using a common approach that is
already recognized by everyone else in the organization...except, in my
experience, Records Management. If we are all driving on the information
management superhighway, should we attempt to use the same GPS as everyone
else in the organization?
Warmest regards,
Angie Fares
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|