Guerrilla Tactics – IG Whether or not they want it


Gas Mask VeggiesOn September 18 the Information Governance Initiative hosted a twitter chat to discuss their 1st annual report. At some point in the chat I referred to myself as using Guerilla tactics to apply Information Governance practices in client projects.

Question 3 of the chat was “Do you have any active InfoGov projects under way at your organization?” Now, I’m a consultant so for me the question’s really about my clients’ organizations. My answer to the question was “No. My client has biz projects that are being framed by good #infoGov practices.” Followed by my comment “I am turning into an IG Guerrilla Tactician.”

Just because your client doesn’t have IG budget, programs, or projects, doesn’t mean that good IG practices can’t be infused into the projects that are happening.

I have yet to work on an Information Governance project for a client – they just don’t want to hear about it. That doesn’t mean that I execute projects while ignoring IG practices. For example: I am currently working on a couple of SharePoint projects for a client. One project is to develop a site for their regulatory team to build and submit applications to a regulator. The second project is to create and publish field reference manuals. Both of these projects have concrete business objectives; neither has any sort of IG or IM as part of the mandate. In fact, until I got involved no one was even thinking about applying any sort of overarching IG/IM policies or procedures into any of the projects, much less on an organization wide basis.

The client’s environment is rife with poor information governance and management practices:

  • Content duplication;
  • Emailing attachments instead of links;
  • Information silos;
  • Keep everything forever;
  • No centralized accountability for information;
  • Won’t mention the fustercluck that is their SharePoint environment;
  • No metadata standards or taxonomy;
  • Severely limited search capability;
  • No use of automation for capture, tagging, sharing, or routing of information;
  • A rudimentary file plan and retention schedule that is largely ignored;
  • Etc.

The funny thing is that many people at the client know that much of what they’re doing is wrong, even if they don’t know why it’s wrong. What they don’t know is how to eliminate the bad practices and replace them with good practices (forget “best practices” they really only exist in theory). They also don’t know, in all cases, what a good practice is.

We start with Principles of Holistic Information Governance (PHIGs). The clients like them because they’re common sense and written in English; they’re also loose enough so they can be adjusted for the business being supported / addressed. We also use an iterative approach to designing and building the solution (it’s very agile-like) that involves all the major business and technical stakeholders (the pure tech stuff takes place off-line). Our focus in these projects, beyond solving the problem, is really on two things: 1) eliminating waste (effort and info); 2) delivering a solid user experience. We also impose a lot of rules around how information is created, managed, and delivered. To illustrate:

  1. Thou shalt send links, not attachments (client VPN is an obstacle that’s being dealt with in a separate project);
  2. Thou shalt use versioning rather than sending more copies with “v2_0_3_d_SOMEGUY_Edits” in the file name (change mgt and training required);
  3. Thou shalt label thy contributions appropriately (we’ll help by implementing some workflows and forms);
  4. Thou shalt not make copies when thou needst them not (metadata and user roles will help users find what they need, proper backup & restore will be implemented);
  5. Thou shalt not keep thy stuff indefinitely (ah, retention and disposition policies will finally be enforced);
  6. Thou shalt not facilitate unauthorized access to information in thy care and keeping (keep it in the repository, where it can be secured);
  7. Thy content is not thine, it’s thy employer’s.

As we’re working on things like metadata models, user roles & groups, user interfaces, and other stuff, we’re doing so with the view that we’ll be creating a set of practices that the organization can adopt for all projects going forward. We’ve even got a couple of really hot SharePoint people on the project that are helping us to define repeatable SP practices. There’s only one tiny problem with our approach …

can-of-worms

At a recent Steering Committee meeting, our venerable Project Manager invited two guest speakers: 1) Jason – to talk about SP standards and best practices; 2) me – to talk about PHIGs and IM best practices. Jason and I said the same things, albeit focusing on our particular areas of expertise. All was well until the VP of IT realised that while we were doing some really good things on the project, these things were totally under the radar. Much to her credit, instead of demanding that we revert to the client’s methodologies (which were in part responsible for the current situation), she began asking what needed to be done to leverage the good things we’re doing on this project and apply them across the organization.

So what’s next? Well, the client is having me get involved in at least one more of their projects; SharePoint will be the deployment platform and IG will provide a foundation. It’s not a SP or IG project; it’s an HR project that relies on information. Sometime in October Jason and I will be invited to speak to the corporate governance council; Jason will talk about SharePoint and I’ll talk about PHIGs. The whole point of our attendance will be about how to get this heavily regulated client to adopt good practices for managing their information and the technologies they use to access it. Pretty cool, I think (I might even wear a tie).

Sometimes you’ve just got to sneak IG into your clients’ projects the same way that you sneak veggies into a recalcitrant child’s diet.

Information Governance Is


Over the last few weeks some pretty bright minds have been talking / writing about what Information Governance (IG) is and isn’t. Unfortunately, I couldn’t find the restraint to stay out of it. To get some of the background of what’s been going on, read a few posts from these guys (I don’t always agree with them, but I do have a great deal of respect for them and their smarts):

There’s also been a bit of a conversation going on on Twitter involving the folks mentioned above, along with Jeffrey Lewis, Ron Layel, Ron Miller, Bryant Duhon, et moi. Had I been prescient I would have captured / saved the stream and included it here. Oh well.

First things first … the definition of Information Governance I use is the one I wrote: “Information governance is all the rules, regulations, legislation, standards, and policies with which organizations need to comply when they create, share, and use information.

The thing to remember about IG is that it’s really about policies that put constraints and roadblocks in the way of working with information.  Implementing the policies, via procedures, is where value gets added; using the right technologies helps take the burden off of people. Information Governance without appropriate procedures and tools is just not going to work. Don’t even bother to try.

I am definitely in the camp with those who view IG as an overarching thing that covers a vast array of disciplines that determine every aspect of managing, using, storing, sharing, and disposing of information. And therein lies the problem with IG; it is too broad to be of real interest to any single executive in the C-suite, unless that executive’s job is IG and only IG. That said, oversight for IG has to be centralized in order to be effective on a broad scale, and it has to be centralized in a manner that allows no bias.

Putting oversight for IG in the hands of the CMO, the CIO, the CLO, or anyone else in the C-suite, assuming they actually wanted the job, would likely end up biasing IG towards a specific agenda. IG implemented has to be good for the overall business. Granted, there are various drivers, but those drivers cannot be used as justification to sacrifice or jeopardize other business concerns. Does that mean we need a new title in the C-suite? Maybe, maybe not. Personally, I’d like to see the CIO role redefined on a global basis to be the information equivalent of the CFO and let the various disciplines report into it.

If an organization is a litigation magnet for sure that organization needs to do whatever is necessary to reduce the risk and the burden. But it can’t be done in a way that compromises business effectiveness of other parts of the organization. The policies need to be implemented via procedures and tools that support the business moving forward. There is no legitimate reason that one cannot implement litigation risk mitigation that also benefits the rest of the organization. The immediate need may be related to litigation, but the long play has to be holistic. By the same token, getting field manuals to engineers cannot expose the organization to unnecessary risk or exposure.

During the past few weeks there was also talk about splitting out Information Governance and Information Management. The short version is that governance is the policies and management is the procedures. I don’t think that there’s anything wrong with splitting things out like that, but does it make a huge difference when trying to convince clients or execs about the need for governance? I’ve been guilty of using the terms interchangeably, but I’ve made progress so I don’t care. The fact is some of my clients get the shakes when I mention IG, but they’re cool when we talk about IM. The end result is the same except that I have not “educated” the client about the right terminology. Again, who cares? My clients don’t hire me to teach them the right terminology so that they can sound hip when having beverages with the IG illuminati; they hire me to solve problems or leverage information better.

I really like Barclay’s sentiment: it doesn’t matter what you call it as long as the concepts are understood and progress is being made. Ultimately, that’s the bottom line.

We can bang on all we want about IG vs IM or whatever, and continue to struggle to get buy in and move things forward. Or, we can compromise our principles a little (it’s not like it’ll matter in the long run anyways) and focus on telling clients, sponsors, and executives what they need to hear in a way they understand, are comfortable with, and ultimately buy into. As long as I do right by my clients, I personally don’t care whether we call it IG or IM. We can have the philosophical conversations next time we’re gathered at some conference and it’s only us nerds talking.

During the Twitter conversation, Ron Layel asked me if I thought that information is the currency of business. I don’t think so. If an organization has a bunch of cash sitting in the bank, idle, the cash doesn’t expose the organization to risk, and it appreciates in value. If information is just sitting around, it potentially causes risk, and has no value. Information accumulates, morphs, and transmogrifies too fluidly to really be considered currency. To be sure, businesses couldn’t run without information or currency, but unlike information you can fake currency (think about letters of credit, loans, debentures, IPO’s, etc.).

One last little point … peeve, actually … there are vendors out there (hardware, software, services, associations) that tout themselves as Information Governance vendors. They’re not. They may solve portions of what IG is, but they don’t do it all.

From the Podium – My Perspective on AIIM and ARMA Canada Conferences


PHIGs God Cow

On June 10th I presented, for the third time, at the ARMA Canada regional conference. Earlier this year, in April, I presented for the first time at AIIM’s annual conference. The experiences were both positive, but very different. This post isn’t really about those experiences; it’s about a comment I received on the evaluation forms from my ARMA Canada session.

The comment was that I was “preaching to the choir”. Uhm, yeah, I was. The topic of my session wasn’t related to the “why” of information governance, it was about a variant of how to do it. I’d fully expect that the session would be attended by people that already understood why information governance is necessary. That said, I fully agree with the sentiment.

Whether it’s at industry conferences, at vendor events, at analyst events, or on online communities, we (IG / IM practitioners) do spend a lot of our time preaching to the choir. But, it’s not always our fault. And I’m going to keep my focus on conferences …

Pick a conference you’re fond of attending, go back over the last few years’ agendas and pick out what’s really fresh/new/exciting year after year. Not much, really. Even at a single conference you can see tons of repetition, albeit using different PowerPoint templates. So, what are we going to do about it? My guess is not very much, but here’s a few suggestions anyways.

Presenters need to give themselves a kick in the hindquarters to get out of their comfort zones. I’ve got my topic for this year, but I will go on to something different next year, or I won’t bother to submit a proposal. Here’s a thought … try something new that doesn’t just address the latest SharePoint release or, if you’re a vendor, the latest version of your product (new branding doesn’t count).

Attendees, you need to get active in conference planning and let the organizers know what you want to hear and see. I know that some of you are there primarily for the networking opportunities and vendor swag, but the sessions can be pretty useful too. In order to make them useful you need to jump in and provide direction. Here’s a little secret … YOU’RE PAYING THE FRICKIN’ FEES YOU ARE THE FRICKIN’ CUSTOMER!!!

Conference organizers need to do a better job of screening and selecting content. Before you slit my throat, I do appreciate that your lot isn’t easy, and you really do a pretty terrific job. I do realize that it’s not easy to get people and organizations to show up and speak for however long you need them to. But, I’d rather see a two day conference with stellar content, than three days that includes some pretty mediocre content. If you’ve got one session that addresses “the state of IM in 2020 and beyond”, you really have more than enough.

As for getting people not in the choir to attend … I don’t know. But I would start with making sure the content to be presented is appealing to them. When was the last time you heard a CMO say “I am so gonna attend that session on managing documented images as records in SharePoint 2013!”? I’d love to see more attendance from IM beneficiaries instead of practitioners.

As for comparing my AIIM experience to the ARMA Canada experience … sorry AIIM, ARMA Canada wins by a landslide because the session was way more a discussion than a lecture. And the credit for that goes to the 39 people that came out at 8:15am (though some did linger a bit over their breakfast). So here’s my proposal for next year’s AIIM conference: I’ll put up a slide with my contact info only. I’ll field questions, challenges, comments from the audience and we’ll all have nice chat for 25 minutes or so. We can call it IM Improv. Deal? Oh, I’ll also try not to step off any stages this time. :-)

To those in the audience being critical – if you do it the right way, I appreciate it because it makes me better the next time. My contact info is included on every slide deck I use; call or email me to offer criticisms and suggestions. I received some criticism after my AIIM presentation and used it to make my ARMA Canada session, I hope, better. As long as you’re not just being mean I’ll use the input to improve.

Lastly, to those of you sitting in the choir and not singing, get up on stage and join us. I’m certain you’ve got stories, wisdom, and experience that we could all benefit from. The experience is always rewarding, whether it’s by making new connections, learning something, or seeing that “aha” look on someone’s face. It’s hard work and can be nerve-wracking, but it is so worth it.