Solving the biggest Information Governance challenge: knowing what to look for and where

Customer Success Stories

As a national critical services operator, maintaining compliance with the Security of Network & Information Systems Regulations (NIS Regulations) remains a top priority as the UK looks to increase cybersecurity and systems resilience.

July 30, 20247 mins
Solving the biggest Information Governance challenge: knowing what to look for and where

Impacted by loss of knowledge and resources

As a national critical services operator, maintaining compliance with the Security of Network & Information Systems Regulations (NIS Regulations) remains a top priority as the UK looks to increase cybersecurity and systems resilience.

However, the organisation had experienced major change with considerable loss of knowledge and resources, a situation not helped by unexpected redundancy and furlough schemes introduced by the pandemic.

“Over the last few years we’ve seen significant increase in big data, compliance pressures, and cyber and security threats,” said a company spokesperson.

“At the same time, our workforce has almost halved creating gaps in organisational structure and process. So, we began looking for an information governance specialist to help identify areas of potential weakness that posed the biggest risks, as well as those that were performing well.”

Managing the complete totality of information

Information Governance (IG) is a subset of corporate governance, which describes how well an organisation manages the totality of its information – from creation, retention and disposition to robust policies and technologies.

IG extends right across the business including disciplines such as information security, data privacy and protection, records and information management, litigation readiness, regulatory compliance, long term digital preservation, analytics and infonomics. “It was an opportunity to take a close look at information, access policies and internal processes,” the spokesperson added. “And, to do that objectively through the eyes of an impartial expert.”

“We wanted to get to an effective IG programme that enhanced the value of data while lowering risks and costs through greater consistency and control.”

Baselining digital IG maturity

Following a competitive tender with subsequent solution demonstrations and conversations with vendors’ clients, the organisation engaged with Iron Mountain® Information Governance Advisory Services.

“Iron Mountain ticked far more boxes than the rest,” the spokesperson explained. “They presented a very solid methodology with clear milestones and tasks. By the end of our first meeting we’d established a joint working group with cybersecurity, IT, privacy, risk, finance and other key stakeholders.”

Specifically tasked with focusing on digital information and records, Iron Mountain specialists set about assessing IG maturity using Iron Mountain’s IGHealthRate™ tool. Along with reviewing current IG policies and procedures, they rigorously examined core IT systems used to manage records and information.

Securing C-Level sponsorship

Next, Iron Mountain worked closely with the client to produce an effective IG strategy and business case. This was underpinned by a practical roadmap to deliver the improvement programme, plus a short term action plan to remediate high and very high risk practices across the organisation.

Accelerating from strategy to execution

Although detailed findings from IG assessments always remain classified, examples of the business outcomes achieved can be shared.

The roadmap focused on the need to improve lG leadership and governance, data ownership and accountability, data classification, retention, destruction and IG culture and behaviours. The client is also exploring how machine learning and AI technology could improve their information governance.

“Iron Mountain have done a really great job of solutionising IG. We knew there were problems, we didn’t know where or what to look for. With their help we were able to quickly join-up all the dots, get our leadership onboard and take corrective action.”

Industry

Healthcare

Challenge

The client, a heavily regulated UK critical national infrastructure organisation, wanted to understand the current state of information governance (IG) maturity and create a practical roadmap for improvement.

Solution

Iron Mountain IG Advisory Services enabled them to assess existing policies and processes, and benchmarked them against world-leading best practice in data retention, protection, compliance and risk management.

Value

  • Quickly pinpointed good and bad IG areas, and benchmarked them against best practice
  • Educated leadership and secured sponsorship with compelling business case
  • Identified and addressed key risks with practical roadmap and action plan

Elevate the power of your work

Get a FREE consultation today!

Get Started