Corporate Governance

 

Documentation is the core of most evidence relating to business activities. Since the introduction of the ISO 30300 Management System for Records series of standards, and the 2016 version of ISO 15489, the concept of "Documented Information" has become important, going beyond our traditional definition of a record. Changes, including the way that information is created, the vast volumes of documented information which include AI generated documents, webpages, e-mails etc, our need as information governance professionals to become extra vigilant becomes greater. And we need to take on an even greater advocacy role, educating business on how to and why they should create accurate, trustworthy documentation, which can be trusted as the authoritative source.

Many people don't know about the ISO 30300 family, so here is a brief introduction and how and why it should be used, with some key terms that stem from the standard.

It is a Management System Standard at the same level as some more familiar standards such as ISO 9001, 14001, 18001, 27001 etc. It is written in different language to the Records Management Technical standards such as ISO 15489. The audience is different. Mangement Systems are designed to be at a management level, understandable to the executive of an organisation. Technical standards are for practitioners, although they also need to be involved in and implement the Management System standards.

A few essential terms from the standard that should be understood are:

Authoritative records

record which possess the characteristics of authenticity, reliability, integrity and useability.

The purpose of this was to create a term that could be used once, incorporating all the characteristics without having to re-write again and again which tended to make documents cumbersome to read.

Documented Information

information required to be controlled and maintained by an organization and the medium on which it is contained.

Note 1: From a records management viewpoint, documented information is a type of record. It is created and named as documented information when any management system standard is implemented by an organization.

Note 2: Documented information refers to the information required to be controlled and maintained by the organization when implementing a management system.

Information

data in context with a particular meaning

Data

set of characters or symbols to which meaning is or could be assigned.

Information system

system that processes, provides and distributes information together with associated organizational resources.

Some things are immediately apparent:

Is it a Document or a record? Who cares?

As industry professionals we have spent decades debating the differences between a "document" and a "record" and maybe it's time to move beyond that. If information has value to an organisation, regardless of whether it is a draft, or copy, it should be included in our information governance processes, even if it is to identify, find and dispose of it. The concepts of "information as an Asset" and "Information Capital" highlight the value of information to the organisation, regardless of whether it comfortably fits into our definition of record.

Is it data or information? Who cares?

As above, so much time has been wasted on debating and arguing whether "data" or "information" is the superior term. The old "Data, Information. Knowledge, Wisdom" (DIKW) model has/had value, but it changes depending on the lens from which it is viewed. I have read too many papers, models, or frameworks from different perspectives which contain alternative views. They all contain the proviso as one of the first sentences that "data includes information, physical or digital" or alternatively "Information includes data, physical or digital".

Which of course leads to the discussion as to whether we should be implementing "Data Governance" or "Information Governance". Way back in 2009, the concept of Information Governance was described on Wikipedia as

Information governance may refer to:

Later that year I created the first definition of Information Governance on Wikipedia which has clearly evolved since then. Regardless of whether your organisation prefers the term "data" or "information", use the term which works for the organisation and stick with it. Just much sure it includes all the elements of managing and governing all the data/information you have in the organization regardless of format, medium, or whether it sits structured in databases or unstructured in some other form.

Information Governance Strategist @ CORConcepts | Analytical ECM Consulting and training