Information governance is corporate governance
Corporate governance in business today is an information-centric issue. The key to effective governance is the absolute control over all corporate information, ensuring it is securely stored and protected from unauthorised access, while also making it easily available to those with a need and a right to access it.
This information covers everything from confidential customer contact and account data, to access codes to banking accounts and strategic plans.
"This protection of information goes much further than the usual IT security practices, focusing on the easy availability and reliability of data that is, in a perfect world, inaccessible to those without the correct credentials," says Alan Rehbock, sales and marketing director at Magix Integration.
"Furthermore, compliance means making pertinent information available to business leaders, shareholders and investors in order to empower them to make better decisions."
To complicate matters, today's business information is no longer confined to corporate networks and filing cabinets as enormous amounts of confidential data are transmitted over public networks. Moreover, information today is shared between suppliers, partners, customers and government agencies, making confidentiality even more difficult.
Good governance is therefore a matter of accurately and securely collecting, collating and disseminating information about various aspects of an organisation and its supply chain in order to ensure that the business meets the regulatory and ethical standards that apply to it, not to mention its revenue and profit expectations.
With the amount of information generated today, it is impossible that humans can be employed to manage it effectively. Not only are there too many avenues of access to information for people to patrol, the potential of corruption and collusion is always an issue.
"The use of technology to oversee that the use of, access to, disclosure and dissemination of information is done according to corporate and legislative guidelines is therefore a strategic decision," says Rehbock. "Once again, this is not an IT decision, but the board and the operational executives are responsible for making the right decision and ensuring the right processes are designed, implemented and enforced.
"Using technology to assist in enforcing these processes will ensure they are adhered to, but more importantly, will automatically prevent any person from circumventing regulations and raise an alert as soon as someone tries to. Once alerted, the company can investigate and take action before any information or money vanishes, and especially before the company is publicly embarrassed and directors find themselves facing legal problems."