WHAT? eDiscovery is Left Out of Stakeholders in New Information Governance Standard
ISO 24143:2022 Information Governance – Concept and Principles was published in May, however, a close examination reveals some serious omissions – and some entries that simply do not belong.
Key Stakeholders
The new standard lists these, “Stakeholders which are engaged in the collaboration include but are not limited to:”
— Data Management
— Information Management
— Records Management
— Knowledge Management
— Regulatory Compliance
— Digital Preservation
— Information Security
— Enterprise Architecture
— Data Protection
— Open Data
— Big Data
— Artificial Intelligence (AI)
— Blockchain
— Business Processes
— Quality Management
There are some omissions from this core list, and some entries which really belong under a different category.
Where is Legal or eDiscovery? When we look at the IG Reference Model (newly updated at EDRM.net) we see that Legal is a key stakeholder:
And so is Privacy (slightly different than Data Protection), IT (could be included in Data Management and Information Management though, which are listed), and Business Units (most especially those with the most litigation, or compliance challenges), as well as Risk management, which is also missing – which is quite odd, given that this is what is emphasized in the ISO definition of IG.
Also, when viewing empirical studies, in the 2021-22 Global Information Governance Survey by IGWorld magazine, we see Legal at the top of the list and eDiscovery not far behind. We surveyed 350+ practitioners worldwide, and this is what they said they emphasize in their (actual) IG program.
The eDiscovery community should be up in arms! They should be lobbying ISO heavily to make this change – as soon as possible.
Adding eDiscovery (or eDiscolsure for UK organizations) is critical, as organizations worldwide are going to try to adhere to the new standard, and they must know that Legal and eDiscovery are key stakeholders and play a significant role – and must have a seat at the IG table.
What Else is Missing?
Although it is mentioned in section 5.14, also missing from the list of key stakeholders is Change Management, which plays a significant role in IG programs, especially in larger organizations. From the 2021-22 Global IG Survey:
Some Entries Don’t Belong
But what should be left out of the stakeholder list? These are listed as ‘stakeholders’ although they are rarely a bona fide group in most organizations. These are technology sets:
— Open Data
— Big Data
— Artificial Intelligence (AI)
— Blockchain
And as such, they should perhaps be listed under another heading, such as, “Core IG-enabling technologies” or similar.
IG Program Charter is Critical
ISO 24143:2022 does not mention an IG Program Charter. This should be a requirement for every IG program. Just as any program or project, an IG program needs to start off with a charter, which states the goals and strategic objectives of the program, how those objectives are aligned with enterprise business objectives, who the Steering Committee members are and their basic roles, how often they will meet, and other program-specific information. And that IG Program Charter should be signed off on by the Executive Sponsor, and then distributed to all steering committee members.
What else do you see is missing or needs to be changed in the new standard? Feel free to comment below.
Here’s to looking forward to these changes and more in ISO 24143:2023!
recent posts
You may already have a formal Data Governance program in [...]