Search this site

JOIN ILM2.0

Sponsored By

IT and Information Governance in the Cloud

Clouds and Information Governance - an Oxymoron?

   The typical definitions of "IT governance" focus on the policies and alignment of IT services and practices to meet the organization's goals. This is good enough if you can really afford to only look at IT in a vacuum.  In an information governance context, the perspective changes. IT  services have to be aligned to the organization and the business requirements for its information assets.    

   Most information governance approaches also miss connecting IT services based on the business requirements for information. Just look at the classic "4 pillars (silos) of Information Governance" strategy from this perspective. It is far from adequate guidance on how to really implement a successful governance program based on ILM2.0 principles. Follow it and you'll have a pile of theory and many implementation gaps. 

Add the Cloud:

   Now, what more is the "cloud" than another set of IT services requiring governance?  As the "cloud" is introduced to an organization, external IT operations, other companies, and communities of datacenters with different IT governance practices get involved. Information Governance, especially the risk management elements, becomes global and potentially chaotic and unmanaged. 


"Information ... can be a toxic liability if not handled properly!"  
-- Richard Thomas, UK Information Commissioner


Ranking of Perceived Risk in Cloud Services

Source: 2010 IBM Global IT Risk Study

   Improvement against the above concerns is required. Using ILM2.0 methods, a practice can be implemented that will lead to success for the organization. No silver bullets, just good engineering and organizational development.  How well is your organization doing in utilizing cloud services? How have they impacted your information governance compliance?  We provide audit services that will assess these and other key questions.   

Best Practices - Cloud Governance Methodologies: 

  • The charter of an information governance committee with its authority at the highest levels in the organization
  • Follow ILM2.0 based practice methodologies to inventory, classify, and set requirements, service objectives, and policies for the organization's information assets. Then, design and implement IT services and SLAs to a service catalog that will meet those requirements. Finally, audit, measure and improve. 
  • Treat outsourced services as an extension of your own operations. Set in place, audit and measure similar SLAs. 
  • Know where your information is and how it is controlled
  • Measure and report progress including costs

Required Audit Services: 

  • Vendor neutral, no external biases
  • Reference the design and implementation against standard ILM2.0 based methods
  • Evidence based investigation
  • Audit information requirements, policies, and SLOs
  • Assess external service providers
  • Assess contracts and service agreements
  • Audit SLAs
  • Utilize a standard ILM2.0 Capability Maturity Model framework to assess the services capabilities, maturity, and to guide recommendations
  • Identifies & prioritize risk - using a heat map
  • Guide improvement programs and strategies 

To explore how a cloud governance and compliance audit will assist your organization and business processes, contact us at:

Sign in|Report Abuse|Print Page|Remove Access|Powered By Google Sites