"12. Proper metrics are required to measure the conformance and performance
of your IG program. You must have an objective way to measure how you are
doing, which means numbers and metrics. Assigning some quantitative measures
that are meaningful before rolling out the IG program is essential."
 

To your question, Gary, just off the top of my head, some general metrics,
with the caveat that the most relevant metrics are those that your
organization develops and decides are most relevant for your scenario:

1) Identify all duplicate unstructured content on file shares, SAN, and NAS,
and reduce storage size/volume and costs by 20% in one year. (Note: The
average of duplicate content found in organizations using file analysis
software is typically 40-70% and very rarely less than 40%).

2) Identify orphaned content from decommissioned applications and terminated
employees; then review, classify, and delete non-record materials by year
end. Objective is to reduce storage requirements and costs by 10% over
previous FY.  Implement new system and processes for tracking, classifying,
 and managing orphaned content by year end. 

3) Cut attorney review costs for e-discovery by 20% over previous FY by
leveraging predictive coding technology.

4) Complete a network intrusion test by a 3rd party to determine the
weaknesses in our network infrastructure and systems by year end. 

5) Address network and system vulnerabilities, update all needed security
patches and cut the number of attempted hacker incursions by 25% over the
previous year.

6) Complete basic information governance and records management training for
100 employees in a target area in FY2015.

7) Identify all personally identifiable information (PII), protected health
information (PHI) and credit card information (PCI) and secure it using
redaction and encryption technologies by FY end. Implement an ongoing
process to keep personal information secure by FY end.

8) Complete privacy training for 100 employees in target area by FY end.

9) Implement a data governance program using master data management (MDM)
software and eliminate duplicates of structured data by year end. Target
goal is 20% reduction in storage requirements and costs for structured data
versus last FY.

10) Conduct an IT governance audit using ISO 38500 and COBIT5 guidance and
tools by year end. Generate recommendations for improved IT governance by
year end. 

11) Test disaster recovery and business resumption plan by running core
operations on alternate power for one week by end of FY.

12) Review and audit vital records management program by end of FY. Make
recommendations for improvements and enhancements by end of FY. 

And I am sure there are dozens more. This should stimulate the formation of
meaningful metrics for planned IG programs. 


Robert Smallwood
Institute for IG @ IMERGE
San Diego, CA USA

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]