An information governance maturity assessment is an excellent technique to document what users struggle with (e.g. finding information, trusting the information they find, securing sensitive information, sharing information externally), and the importance of improving how information is accessed, shared, and managed. This will help you establish a business case for change, but also prioritize your efforts.
You have several information management or information governance maturity models to choose from. Below are some examples, but this is not a complete list.
For Information Governance:
The Principles Maturity Model (Maturity Model) from ARMA is based on their Generally Accepted Record keeping Principles® (Principles), as well as the extant standards, best practices, and legal/regulatory requirements that surround information governance and describes for each Principle the characteristics of effective information governance at five distinct levels of development.
For Enterprise Information Management:
The Mike2 information management maturity model proposes five levels of maturity that an organisation may be assessed at based on their information management practices.
The ECM3 maturity model was developed jointly by Wipro, The Real Story Group (formerly CMS Watch), Smigiel Consulting Group, and Hartman Communicatie, but it is in need for an update since it doesn´t cover analytics/machine learning or the impact of the cloud.
The Gartner Enterprise Information Management maturity mode provides you with the building blocks for establishing an information management program. This entail a vision, strategy, metrics, governance, organization and roles, life cycle, and infrastructure
For Data Management:
The CMMI Institute´s Data Management Maturity Model provides guidance for improving an organization’s capability to build, improve, and measure their enterprise data management program. These best practices help organizations benchmark their capabilities, identify strengths and gaps, and leverage their data assets to improve business performance.
Define your maturity levels
For doing an information governance maturity assessment, you need to determine the maturity levels that makes most sense for you based on your program scope. The above maturity models often contain good descriptions of each level. As example, this is how the MIKE2 model describes the different information management maturity levels:
A Level 1 organisation has no common information practices. Any pockets of information management maturity that the organization has are based on the experience and initiatives of individuals.
A Level 2 organisation has little in the way of enterprise information management practices. However, certain departments are aware of the importance of professionally managing information assets and have developed common practices used within their projects. At the enterprise level, a level 2 organization reacts to data quality issues as they arise.
A Level 3 organisation has a significant degree of information management maturity. Enterprise awareness, policies, procedures, and standards exist and are generally utilized across all enterprise projects. At level 3, the information management practices are sponsored by and managed by IT.
A Level 4 organisation manages information as an enterprise asset. The business is heavily engaged in information management procedures and takes responsibility for the quality of information that they manage. A level 4 organisation has many mature and best-in-class practices and utilizes audits to ensure compliance across all projects.
A Level 5 organisation considers information to be as much an enterprise asset as financial and material assets. A level 5 organisation has best-in-class information management practices that are utilized across all enterprise projects. The distinguishing characteristic of a level 5 organisation is the focus on continuous improvement. At level 5, all data management practices and assets are regularly measured and the results are analysed as the basis for process improvement.
Define your areas to cover
For doing an information governance assessment, you also need to determine the areas or dimensions to cover. As an example, the ECM3 model covers the following 13 areas:
Human:
Business Expertise - Employee and executive education and understanding of core ECM precepts
IT Expertise - Ability to properly take advantage of incumbent and new systems
Process – Extent to which enterprise has analyzed its content-oriented business processes
Alignment – Extent of effective Business – IT collaboration, understanding, and synchronization
Information:
Content/Metadata – Extent to which enterprise has analyzed its content and metadata
Depth - Completeness of content lifecycle management
Governance- Extent of policies and procedures addressing information management
Re-use - Extent realization of content re-use opportunities
Findability - Ability to find the right content at the right time
Systems:
Scope – Relevant range of ECM functional capabilities (DM, BPM, DAM, etc.) adopted
Breadth – Evolution from departmental to enterprise-wide management systems, where necessary
Security – Extent to which actual content access reflects enterprise entitlements
Usability -- Application fitness to purpose
Consider adding any missing areas that are relevant for you, e.g. Analytics and/or Cloud.
Define your method of analysis
The maturity assessment can be done as a quantitative or qualitative study. Consider asking users to describe the as-is maturity level, and if it is important for them that this is improved (to-be maturity level). The results will help you document the business problems of the current situation, and the importance of improving certain areas for users.
Quantitative study using an online survey tool
Pros: Easy to reach many users
Cons: Users may misunderstand questions and possible answers
Qualitative study with virtual or in-person workshops
Pros: Possible to explain questions and possible answers
Cons: Requires more resources to run the assessment
Next Steps
You may also find the following blog posts of interest:
Feel free to contact us if you need help planning or running an information governance maturity assessment to develop a business case for change. This will also help you to establish the business case for implementing Office 365 compliance features.
Comments