P2P

48 P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | S P R I N G 2 0 2 2 First, organizations begin by aligning their approach(es) - harmonizing the various policies and policy documents across an organization. They look to standard policy documents from information-related disciplines, such as records retention schedules, IT policies, legal operations, etc., and their corporate governance documents. Once policies are aligned, organizations begin to undertake projects, often one-time projects targeted at solving whatever problem or problems led to the formation of Information Governance. Projects here can include applying legal holds or legal hold audits, ROT (redundant, outdated, trivial) cleanup, and deduplication projects. Other projects include: • Data access governance and sensitive information access minimization • FOIA/FOIP/ATIP • M&A due diligence • Any number of other information-related projects Lastly, in mature Information Governance programs, we see the application of automation. Most of the time, when you ask, it's automation to make up for understaffing, which continues to plague IG efforts. Automation areas include everything from auto-classification and sensitive information movement monitoring to lockdown and fencing and automated report generation. When you start to look at Information Governance as a process, it starts to unlock new understanding. F R O M T H E I N F O G O V C C T

• Cover