HaystackID® Acquires Business Intelligence Associates, Inc.Read More

Information Governance: Managing Information Risk and Compliance

information governance

As we discussed in an earlier blog about the Information Governance Professional (IGP) certification and its relationship to our work in eDiscovery, we are now going to take a look at the first competency domain tested by the IGP.  

From the ARMA/IGP competency domain page

Managing Information Risk and Compliance – understanding and mitigating information-related risks through such activities as researching and monitoring legal, regulatory and industry-specific compliance requirements; and creating and monitoring internal policies and procedures. The IGP collaborates with stakeholders to determine acceptable risk levels, and then designs and implements methods for measuring and monitoring the effectiveness of the organization’s plan to mitigate its risk.

Those of us who work with discovery and regulatory requests can relate to this competency domain as we have a part in managing risk and compliance. Information Governance professionals are frequently called on to collaborate with the other business units involved in responding to discovery requests, and in putting together a strategy and framework that responds effectively to these requests. Information Governance professionals also must work in a manner that eliminates the risk associated with producing information, such as producing confidential information or not producing all of the information that is responsive.

There is no better example of where Information Governance (IG) would need to be aware of the legal, regulatory and industry-specific compliance requirements to ensure that risk is being minimized than at the time a legal hold notice is issued.

Locking down the responsive information, suspending automatic deletions, and ensuring compliance with the litigation hold order all fall within the practice of managing information governance risk and ensuring compliance. After all, the most frequently written about decisions have involved sanctions for spoliation or improper legal holds.

This is also one of the reasons that BIA developed what has become one of our highest attended, and most requested program: Risk & Responsibilities: The Ethics of Legal Hold, which is our annual refresher and update on the ethics of legal hold. This program is attended each year by professionals who are working in IT, RIM, IG, Legal, Risk, Compliance and Privacy, and is the most comprehensive discussion of the Federal Rules, ABA Model Rules, case law and best tips and practices to help ensure your organization is in compliance with legal hold initiatives. 

Thanks to Robin Thompson, CEDS, IGP, CIP, IGp for her contribution to this post.