ISO 24143 Information and documentation — Information Governance — Concept and principles
Introduction
Information is a critical asset that is indispensable to support business processes and therefore, a foundation for the success of any business activities. Due to numerous existing and emerging forms and uses of information and information-related risks, organizations often struggle with implementing consistent and comprehensive systems to store, retrieve, share and analyse information. The current global digital transformation and the changes in societal expectations increasingly demand greater transparency, accountability, data protection, security, interoperability and information sharing within and between organisations. This trend requires a solid vision and strategy for Information Governance that supports the business process at a strategic level including digital transformation initiatives. Many governmental and non-governmental organisations worldwide already perceive the necessity and understand the benefits of coordinating at a strategic level the efforts of multiple information-, data- and knowledge-related disciplines.This document defines concepts and principles for Information Governance.This document provides guiding principles for members of governing bodies of organisations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, compliant, secure, transparent and accountable creation, use, maintenance, preservation and disposition of information within their organisations.Information Governance is an integral part of the overall governance of the organisation. It identifies common high-level principles and provides a framework enabling effective and efficient cooperation of all the information-related professionals, in support of the mission of an organisation and achievement of its strategic goals. Stakeholders which are engaged in the collaboration include but are not limited to:
- — Data Management
- — Information Management
- — Records Management
- — Knowledge Management
- — Regulatory Compliance
- — Digital Preservation
- — Information Security
- — Enterprise Architecture
- — Data Protection
- — Open Data
- — Big Data
- — Artificial Intelligence (AI)
- — Blockchain
- — Business Processes
- — Quality Management.
Information Governance requires coherence and integration with relevant Management System Standards (MSS), such as ISO 9000, ISO/IEC 27000 and the ISO 30300 series.Information Governance is a strategic framework for managing information assets across an entire organisation to support its business outcomes and obtain assurance that the risks to its information, and thereby the operational capabilities and integrity of the organisation, are adequately identified and managed. Information Governance includes but is not limited to policies, processes, procedures, roles and controls put in place to meet regulatory, legal, risk and operational requirements. Information Governance provides an overarching high-level framework that:
- — aligns all information-related activities with the mission and goals of an organisation, and its business, legal and societal obligations,
- — ensures a comprehensive and systematic approach to information by integrating processes relevant to directing and controlling information,
- — supports cooperation between stakeholders, and
- — creates a high-level basis for managing information regardless its form, type and format, informs education, professional development of the workforce and awareness about information-related obligations, risks and possibilities.
