Establishing IT governance that effectively and securely manages all the organization’s information requires addressing four key areas—people, policy, technology and risk management, says Linda Ding, education program strategist for Laserfiche.
“People are an important element in setting up a good governance policy because ultimately this is a process of collaboration,” Ding explains. “You need to have buy-in from leaders and you need to have good engagement from staff.”
Achieving this requires universities and colleges to provide useful systems with manageable controls that enable the staff, students and faculty to easily search and access all the information they need, and to do so in real-time.
“If the implementation is too cumbersome and not useful, stakeholders will go around the system and do their own thing,” Ding says.
Institutional policies should give users the ability to store and access information that is relevant to them, Ding continues. “Institutions like to implement policies that lock people in and limit their access,” she says. “But rather than being restricting, policies must add value to stakeholders, giving them individualized, instant and direct admittance to the information they’re authorized to access. You do this through a decentralized control policy.”
This is a win/win approach, says Ding. It gives department members the ability to review information that is tailored to them, while at the same time heightening security for the institution through better controls.
The appropriate technology affords the capability of automating and streamlining digital information management, creating a central point of control for the organizational content, she says.
Finally, risk management is the process of identifying the magnitude and impact of non-compliant behaviors and how to reduce this risk. The automation of information technology management is an effective risk-reduction tool, says Ding.
“It not only ensures that the institution always provides consistent and accurate information, it also guarantees you have the capacity to monitor and audit the organization’s content so you can provide proof of compliance and transparency,” she explains.