Privacy & Security Added to The Information Governance Reference Model (IGRM) v3.0 to Provide Cohesive Governance Framework for Legal, Records, Privacy, IT and Business Information Stakeholders
October 9, 2012 – St. Paul, MN – The Electronic Discovery Reference Model (EDRM) Project, through its Information Governance Reference Model (IGRM) Project, announced today the release of version 3.0 of the IGRM. The updated model now includes privacy and security as primary functions and stakeholders in the effective governance of information. This release of the IGRM reflects broad industry support and collaboration across the expert communities of ARMA International and CGOC (Compliance, Governance and Oversight Council).
The mission of the IGRM Project is to provide a common, practical framework enabling organizations to establish information governance programs that more effectively deal with the rising volume and diversity of information and the risks, costs, and complications this presents. IGRM is most frequently used to facilitate dialogue and coalesce disparate information stakeholders and perspectives across Legal, Records, IT and Business organizations. The Model helps organizations more effectively associate the duties and value of information to information assets through policy integration and process transparency so they can maximize information of value, meet their legal obligations, efficiently manage information and defensibly dispose of it at the right time. When these stakeholders are not working in concert, information accumulates rapidly and indefinitely, which adds significant cost and risk and undermines the ability to get value from information. IGRM v3.0 now incorporates Privacy and Security as key stakeholders, reflecting the increasing importance of Privacy and Security duties and the efficiencies organizations can achieve when privacy and security efforts are more holistically integrated with other essential governance practices and programs.
Data Volume Growth Driving Complexity in Securing Data and Managing Privacy Obligations
The IGRM Project started in 2010 to help organizations struggling to meet legal ediscovery obligations and control legal costs in the face of growing data volume. Today, Chief Privacy Officers (CPOs) face the same challenges as their litigation and records counterparts; they must partner with legal, records, business, security and IT peers to manage privacy and security obligations in concert with other legal duties and the business uses of data as well as work with IT to ensure information can be cost-effectively managed in difficult economic conditions.
With the growing volume and variety of data (social media, geo-location data, web-site tracking data, etc.) the risks and costs associated with amassing data are substantial and exponentially increasing. Data typically loses its value steadily, while the costs and risks of managing it increase over time. This inverse relationship means that data without value often costs companies more than data with value. When information and data are no longer required for business, legal, or regulatory purposes, it must be defensibly disposed. Moreover, privacy regulations often require or warrant timely disposal of information, and privacy-related litigation is shining a bright light on weak privacy management process. Chief Privacy Officers cannot be effective without their IT, business, records and legal counterparts in properly managing and defensibly disposing of unnecessary data. IGRM v3.0 provides an integrated process and policy framework.
CGOC, a 1900-member corporate practitioner community, has widely adopted the IGRM model. It has developed a companion process maturity model for the IGRM v3.0 with active community participation.
Additional resources on the updated model include:
- IGRM v3.0 graphic
- White Paper “IGRM Update: Privacy & Security Officers As Stakeholders”
- Information Lifecycle Governance (ILG) Leader Reference Guide
“IGRM Update: Privacy and Security Officers as Stakeholders”
Date: November 1, 2012
Time: 1 PM CST
Register now at www.cgoc.com
Deidre Paknad, Founder of CGOC and VP of ILG Solutions at IBM
George J. Socha, Jr., Esq. Co-founder, EDRM; President, Socha Consulting LLC
Launched in May 2005, the EDRM Project was created to address the lack of standards and guidelines in the ediscovery market – a problem identified in the 2003 and 2004 Socha-Gelbmann Electronic Discovery surveys as a major concern for vendors and consumers alike. The completed reference model provides a common, flexible and extensible framework for the development, selection, evaluation and use of ediscovery products and services. Expanding on the base defined with the Reference Model, the EDRM projects now include nine projects including the Information Governance Reference Model project. Over the past seven years, the EDRM project has comprised more than 250 organizations, including 150 service and software providers, 61 law firms, three industry groups and 22 corporations involved with ediscovery. Information about EDRM is available at http://www.edrm.net.
About CGOC (Compliance, Governance and Oversight Council)
CGOC (Compliance, Governance and Oversight Council) is a forum of over 1900 legal, IT, records and information management professionals from corporations and government agencies. CGOC conducts primary research, has dedicated practice groups on challenging topics, and hosts meetings throughout the U.S. and Europe where practice leaders convene to discuss discovery, retention, privacy and governance. Established in 2004, it fills a critical practitioners’ gap by integrating legal, records, privacy and IT stakeholders in a single practice community. For more information, please visit https://www.cgoc.com
About ARMA International
ARMA International is a not-for-profit professional association and the authority on managing records and information. Formed in 1955, ARMA International is the oldest and largest association for the records and information management profession with a current international membership of nearly 10,000. It provides education, publications, and information on the efficient maintenance, retrieval, and preservation of vital information created in public and private organizations in all sectors of the economy. It also publishes the award-winning Information Management magazine. The association also develops and publishes standards and guidelines related to records management. It was a key contributor to the international records management standard, ISO-15489. For more information, please visit http://www.arma.org