ISO Standard for Information Governance Arrives – But What is Missing?

Last Updated: March 2, 2024By

Hooray! Finally, a standard for Information Governance (IG) has been established.


Last month, the International Organization for Standardization (ISO) published ISO 24143:2022 Information and documentation — Information Governance — Concept and principles, which provides needed clarity and credibility to the IG discipline. Yes, IG is real, and not a “phony discipline” as some Luddites have suggested.


The first issuance of this standard covers a wide swath of IG, but what is missing? Some key concepts, I believe.


Let’s look at the definition of IG provided by ISO in this new standard in section 3.2.7:


“Information Governance [is a] strategic framework for governing information assets across an entire organization in order to enhance coordinated support for the achievement of business outcomes and obtain assurance that the risks to its information, and thereby the operation capabilities and integrity of the organisation, are effectively identified and managed.”


Whew! That’s a mouthful. It looks like they are covering all the bases – except they did not.


In further defining IG, ISO states, “ Information Governance includes but is not limited to policies, processes, procedures, roles and controls put in place to meet regulatory, legal, risk and operational requirements. Information Governance provides an overarching high-level framework that:


— aligns all information-related activities with the mission and goals of an organisation, and its business, legal and societal obligations,


— ensures a comprehensive and systematic approach to information by integrating processes relevant to directing and controlling information,


— supports cooperation between stakeholders, and


— creates a high-level basis for managing information regardless its form, type and format, informs education, professional development of the workforce and awareness about information-related obligations, risks and possibilities.”


That is a lot to unpack. But still, it is incomplete. There is no mention of reducing or minimizing costs in the ISO definition of IG, or the extended definition. However, to ISO’s credit, in section 4.3 (e), the ISO 24143:2022 standard states that an Operational Benefit of IG is that it, “Reduces costs associated with storing and the resources required to manage or discover information by adopting a disposition program that destroys information no longer needed or required to be retained.”


But the biggest thing that is lacking with this new ISO IG standard is featuring the Value side of IG. It seems the ISO team has fallen into the traditional trap of looking at IG primarily from a risk and compliance standpoint and ignoring the potential value that can arise from harvesting and sharing information across the enterprise, and with partners within a business ecosystem. That is, there is no reference to the tremendous value that can be unlocked by organizing and standardizing the metadata associated with unstructured information – that is the Holy Grail of IG. By applying the principles of infonomics and data monetization, new insights and new value can be unlocked.


So kudos to ISO for getting a great start on providing guidance on IG in the form of ISO 24143:2022, and congratulations to the thousands of IG professionals out there who can leverage this newfound legitimacy. We look forward to the continued development and refinement of this welcome and long-awaited standard.

recent posts

About the Author: Robert Smallwood

Robert F. Smallwood, MBA, CIP, IGP, is a thought leader in Information Governance, having published seven books on IG topics, including the world's first IG textbook which is being used in many graduate university programs as well as to guide corporate IG training programs.