Data lifecycle management:
The volume and complexity of digital data generated by companies and their customers is exploding. Companies recognize the competitive advantages that can be gained from better understanding their data and want to unlock the full value of the data within their systems. Setting up systems and process to get full insight from data and effectively executing these plans are the newest frontiers in business strategy. An end to end understanding of how and what data is created, shared, transformed, consumed and eventually destroyed within the organization is critical. Information governance is an essential component of a good information security program.
An active and fully operational information management plan helps you:
Ensure compliance to regulatory requirements
Increase efficiency while also increasing security and internal controls
Bring consistency across the organization on information governance – for example by integrating your records and information management programs with privacy and other compliance programs
A comprehensive Information Governance program puts the right people, process, technology, and governance in place to comply with various industry specific reporting and regulatory requirements. It ensures an organized, consistent, repeatable and documented process for governing data. The DataMap is a foundational element that underpins governance and brings together stakeholders. An active and comprehensive Datamap provides a clear understanding of –
What information you have, Where it is located and Who has access
Purpose and use for Data: Business requirements or regulatory requirements
What needs to be retained and for how long; secure and defensible disposal plan
Data and process ownership: Who owns the data, who is responsible for aspects of governance including regulatory reporting requirements etc.
Why Retention Management is Important
Everybody recognizes the importance of properly governing and managing the data. But it is also important to dispose of the data properly after the useful life of the data. Defining and governing retention is indeed a key aspect of a comprehensive data lifecycle management. Well-managed retention processes will be in concert with data classification efforts and will allow flexibility to define appropriate retention schedules based on type of data, business and regulatory requirements.
Regulatory environments are constantly changing with increasing focus on data. The worlds of records, data, privacy and security are intertwined and need to be managed more carefully. Retention is a critical aspect of this for:
Complying with Regulatory Requirements: Regulatory requirements often immediately drive retention of data. This has always been the case in heavily regulated sectors like Financial Services and Health care. Of late, Privacy regulations like GDPR and CPRA have emphasized the importance of having a comprehensive retention plan for sensitive personal information.
Reduce redundant, obsolete and trivial data(“ROT”): Identifying and deleting redundant, obsolete or trivial data that gets generated routinely will help us to focus on data that matters.
Security and Costs: Timely disposal of unwanted data considerably improves the security posture of the company. Drives significant reductions in eDiscovery costs, storage and licensing costs.
Meru believes IG programs need to sustaining and continuously improving. A common approach is to have isolated one-off projects that often do not go beyond those projects. These typically address some “immediate low-hanging fruit” but do not consider the longer term goals. There is a heavy engagement of external resources in these efforts with limited expertise developed internally.
It is important for companies to recognize strategies available to sustain governance programs over the long term. At one end of the spectrum, large organizations with complex needs might find it best to develop internal resources who can manage this process. External resources might be engaged to provide guidance at key points but the program would be largely be run internally. At the other of the spectrum, smaller companies with limited and simpler needs might choose to adopt a managed service model where the entire program is run by competent external resources. And there might be different scenarios in between these two ends.
But in all cases, it is important to have a program that is sustaining, simple to use and that adds value. A comprehensive Data Map platform is critical to accomplish this. Information Governance is inherently cross functional and requires a platform that allows all stakeholders visibility to the same truth on current state, goals and metrics to track progress. All teams need to have clarity on what they need to be doing and how it fits with what other teams are doing. Without such a comprehensive Data Map platform, stakeholder engagement will be difficult to maintain and the IG program will not sustain.
Meru Data software and services offered
We provide solutions that span the entire IG spectrum with the right mix of technology and process. Our industry leading DataMap technology provides a platform that allows our customers to build sustaining information governance programs. Our workflows help to govern the entire data footprint across cloud, on-prem and third parties and highlight critical areas to review. We integrate requirements from business, privacy and retention to give you a comprehensive view to manage compliance. Auto classification allows retention policies to be actionable and dynamic. Retention schedules can be associated to data sources and incorporate requirements by jurisdiction.
We also bring a wealth of consulting experience across different industry sectors to help our customers rapidly augment their Information Governance efforts. We have helped with assessments of current state and benchmarking around Information Governance.