In May, 2022, ISO published ISO 24143:2022 Information and documentation — Information Governance — Concept and principles, which provided needed clarity, concreteness, and credibility to the IG discipline. What could be the potential impact of this new standard?
IG, which is a “super discipline” that includes the collaboration of Privacy, Cybersecurity, Information Risk, Data Governance, Records Management, and eDiscovery functions (and more), is maturing rapidly. The new ISO standard arrives less than 10 years after IG hit the US in earnest, and about 20 years after the UK began requiring IG training for those in the National Health Service who handled confidential patient information.
The potential impact of the new standard:
1) IG Program Standardization – IG program managers can look to the new ISO standard to guide their efforts, to craft their Program Charter, and to look for core components that characterize successful IG programs. This is why it is so very important for the new standard to be quickly updated to include in its IG definition an emphasis on leveraging information Value, and on minimizing Costs, in addition to information Risk management. And critically, the standard must name Legal/eDiscovery as a key stakeholder, and a necessary representative on the IG Steering Committee;
2) Capital Inflows – Private equity investors will now see that there is a clear standard for IG, and startups and new entrants that are targeting the IG space will have added credibility for their business plans;
3) Expanding marketplace – now that there is more definition to the IG market space, companies selling IG solutions and services will more easily be able to identify target markets and hone their offerings to meet current and emerging IG needs;
4) University Curriculums – not many universities offer IG as a course (based on sales to this market of the only IG textbook, which I authored, now in its 2nd edition), although it has been taught at the graduate level at select schools in the US, Canada, UK, Australia, and Finland. Hopefully, professors will note the new ISO standard and gain an interest in teaching IG. Especially those teaching Privacy, Cybersecurity, eDiscovery and Records Management courses. In point of fact, it is relevant to various disciplines, and it should be taught to, at a minimum, students in business, law, computer science, and information science. It should also be taught in Privacy, Cybersecurity, Records Management, and eDiscovery training programs;
5) ESG Standardization – ESG (Environmental, Social and corporate Governance) obligations have emerged and become part of the corporate lexicon coming out of the pandemic, as ESG concerns have gained traction. Now, investors consider ESG scores or indices in their decisions. The United Nations and World Economic Forum are promoting ESG rules as the future of investment focus. The lack of standardized ESG rules makes it harder for investors to accurately assess a company’s ESG performance. Without standardization, the varying ESG ratings do not provide an accurate picture. For instance, ExxonMobil is on the S&P 500 ESG index, while Tesla was dropped (prompting Elon Musk to declare ESG a “scam.”) A standardized approach to Information Governance could help define a standard approach for the “G” in ESG. Standardization of ESG helps identify and clarify risks and opportunities, and adds value and accuracy to ESG ratings.
Surely there are other areas of potential impact. Please feel free to add to this list by commenting below.