Policy enforcement is a challenging task for most organizations – more so for those in regulated industries that have a highly complex legal and compliance profile. The more regulated or more geographically diverse a corporation, the more burdened it will be with nuanced policies and compliance requirements. For companies that have taken the step of getting information governance programs up and running, their legal and compliance teams are typically accountable to garner some ROI from them, having spent sizeable resources to implement. However, all too often, even after an investment into IG has been made, many projects are not monitored for success or kept evergreen, thus falling short of leadership’s expectations.
While technology is a necessary piece in ensuring that IG programs are sustainable and enforceable, there are also best practices that should be taken into consideration at the outset of any IG effort. I recently contributed a two-part article to Corporate Counsel discussing some of these practices. Highlighting the importance of strategic technology execution, change enablement and training, the articles outlined the most effective ways IG stakeholders can ensure that the policies they invest in are not left collecting dust and unenforced. Recommendations included the following:
Recommendations included the following:
- Cross-Functional Support: To be successful, IG must be a cross-stakeholder initiative with sponsorship from top company leadership. Stakeholders can partner to achieve their range of unique goals through the implementation of a single IG effort, and should be prepared with a risk analysis and ROI calculations for proposed projects.
- Executive Sponsorship: An IG project simply cannot be successfully implemented – or enforced – without C-level involvement. The key to gaining their buy-in is communicating the program’s benefits that will specifically address their pain points. Quantify what the business will save in the long run, the risks involved and how those risks will be mitigated. Generally, starting with small projects can show value quickly and grow in scope (and ROI) over time.
- Change Management: In IG, the course of changing business processes should be rooted in compliance. Change is difficult, so understanding how to manage and enable change – and approaching it as a journey – is essential for anyone looking to drive IG.
- Training: When rolling out a new legal hold program, Microsoft 365 migration or any other IG initiative, it is imperative to have a computer-based training module in place for all users. Training should not be out of the box from software providers, nor should it necessarily be the same for everyone in the organization. Training collateral should be tailored to the organization’s unique needs and show users what the new policies look like within the context of their work environment.
- Strategic Technology Implementation: Every technology evaluation that impacts the company’s data in any way should involve the legal and/or e-discovery team, in addition to records, IT and compliance. This is particularly important when it comes to legal hold implementations. The process should start with clear goals for the project, such as, thoroughly retaining data for any custodians that are under legal hold, monitoring activity per compliance requirements and escalating events of non-compliance to stakeholders.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.