IM vs. IG

Many professionals are often confused and struggle to define the differences between  Information Management (IM) and Information Governance. We’ll explain here, simply and clearly.

IM includes the how of managing information that is executed mostly by your IT department. It is the day-to-day management of information which includes activities such as provisioning systems, backups, software development, data modeling, cyber-security measures, and keeping the network running.

IG, on the other hand, focuses on the why of information. That is, when starting an IG program, you must first form business objectives, which is the “why” or purpose of the project. Then ask, “What information do we need to accomplish these business objectives?  How long do we need this information? How secure does it need to be?” The IG program ensures that lifecycle requirements are established and met; that old information with no business value is discarded to make room for new, high-value information. IG programs focus on reducing information risks and costs while finding new value.

For decades, organizations have implemented a myriad of IM systems, and created massive amounts of information. However, the information was not well-governed or controlled, and, with increasing volumes and the Big Data effect, knowledge workers became overwhelmed with the information and often did not trust the reports they were getting. Sure, the numbers are there in the report, but are they true and accurate? At one point, the IG Lead for JPMorganChase stated that they surveyed their business unit leaders and that their top concern was accuracy in reports. If managers do not trust the information in their reports, it hampers their decision-making capability.

Now, what is the difference between records and information management (RIM), and IG? RIM programs are a component of broader IG programs, a key component, but only one of a number of key functions in an IG program. When looking at the IG Reference Model we can see that other key areas include Business Units (typically those with the greatest IG or Legal challenges), Legal (mostly focused on e-discovery), IT, and two areas which have gained significance in the last few years, Privacy & Security. When examining the 22 IG processes measured by the CGOC (Compliance, Governance, & Oversight Council) IG Process Maturity Model, it is clear that the Legal, Privacy, and Security functions are weighted much more heavily than RIM. So RIM is certainly one key component in IG programs—one that has gained in stature since the advent of GDPR—but other functional areas typically play a larger role.