WHAT? eDiscovery is Left Out of Stakeholders in New Information Governance Standard

ISO 24143:2022 Information Governance – Concept and Principles was published in May, however, a close examination reveals some serious omissions – and some entries that simply do not belong.

 

Key Stakeholders

 

The new standard lists these, “Stakeholders which are engaged in the collaboration include but are not limited to:”

 

— Data Management

 

— Information Management

 

— Records Management

 

— Knowledge Management

 

— Regulatory Compliance

 

— Digital Preservation

 

— Information Security

 

— Enterprise Architecture

 

— Data Protection

 

— Open Data

 

— Big Data

 

— Artificial Intelligence (AI)

 

— Blockchain

 

— Business Processes

 

— Quality Management

 

There are some omissions from this core list, and some entries which really belong under a different category.

 

Where is Legal or eDiscovery? When we look at the IG Reference Model (newly updated at EDRM.net) we see that Legal is a key stakeholder:

 

No alt text provided for this image

 

And so is Privacy (slightly different than Data Protection), IT (could be included in Data Management and Information Management though, which are listed), and Business Units (most especially those with the most litigation, or compliance challenges), as well as Risk management, which is also missing – which is quite odd, given that this is what is emphasized in the ISO definition of IG.

 

Also, when viewing empirical studies, in the 2021-22 Global Information Governance Survey by IGWorld magazine, we see Legal at the top of the list and eDiscovery not far behind. We surveyed 350+ practitioners worldwide, and this is what they said they emphasize in their (actual) IG program.

 

No alt text provided for this image

 

The eDiscovery community should be up in arms! They should be lobbying ISO heavily to make this change – as soon as possible.

 

Adding eDiscovery (or eDiscolsure for UK organizations) is critical, as organizations worldwide are going to try to adhere to the new standard, and they must know that Legal and eDiscovery are key stakeholders and play a significant role – and must have a seat at the IG table.

 

What Else is Missing?

 

Although it is mentioned in section 5.14, also missing from the list of key stakeholders is Change Management, which plays a significant role in IG programs, especially in larger organizations. From the 2021-22 Global IG Survey:

 

No alt text provided for this image

 

Some Entries Don’t Belong

 

But what should be left out of the stakeholder list? These are listed as ‘stakeholders’ although they are rarely a bona fide group in most organizations. These are technology sets:

 

— Open Data

 

— Big Data

 

— Artificial Intelligence (AI)

 

— Blockchain

 

And as such, they should perhaps be listed under another heading, such as, “Core IG-enabling  technologies” or similar.

 

IG Program Charter is Critical

 

ISO 24143:2022 does not mention an IG Program Charter. This should be a requirement for every IG program. Just as any program or project, an IG program needs to start off with a charter, which states the goals and strategic objectives of the program, how those objectives are aligned with enterprise business objectives, who the Steering Committee members are and their basic roles, how often they will meet, and other program-specific information. And that IG Program Charter should be signed off on by the Executive Sponsor, and then distributed to all steering committee members.

 

What else do you see is missing or needs to be changed in the new standard? Feel free to comment below.

 

Here’s to looking forward to these changes and more in ISO 24143:2023!

recent posts

About the Author: Robert Smallwood

Robert F. Smallwood, MBA, CIP, IGP, is a thought leader in Information Governance, having published seven books on IG topics, including the world's first IG textbook which is being used in many graduate university programs as well as to guide corporate IG training programs.