Information management policy is a discipline that governs accountability for the structure and design, storage, movement, security, quality, delivery and usage of information required for management and business intelligence purposes.

What governs accountability?

Policies, standards and processes are used within an organization to provide information management direction.

What is an information management policy?

We usually think of policy statements as something created by the government.  Fiscal policy comes to mind but there are varieties of other policies that help dictate how we should operate within a specific country or state or province. 

Companies also have policies, which state how they want to conduct business. 

Think of companies who have a “30-day no question return policy". This policy lets customers know how they can expect to do business.  Now the important part.  Everyone who might be involved with the policy also has to know about it. 

Imagine you call customer service, ask for a refund, and are told, “Sorry, we don't accept returns”.  Well that's certainly going to result in a second set of calls to customer service and is guaranteed to ensure customer dissatisfaction

A good policy needs to spell out certain key things:

• Purpose, lets everyone know what the policy covers;
• Effective date—specifies the date the policy started;
• Application lets everyone know who is expected to follow the policy; (The policy may not apply to everyone in the organization)
• Background or context provides more information as to why the policy is needed. Depending on the organization this could discuss things like “risks addressed";
• Definitions provides clearer definitions for any terms and concepts found in policy;
• Related policies;
• Related standards if any;
• Policy objectives should lists specific objectives and expected results. In other words, what the company hopes to achieve with this policy.
• Policy statements in terms of “customer services shall accept all customer returns, without question, within thirty days of the original purchase";
• Accountability should specify the specific responsibilities of people concerned with the policy;
• Consequences should specify what will happen in the policy is not followed. This could spell out disciplinary actions for failure to adhere to the policy; and
• Review cycle specifies how frequently the policy will be reviewed
  

What is important for an information management strategic plan?

• Business continuity policy specifies how the business will continue to operate in the event of a disaster.  Business continuity is not specific to information management however information management is part of the business continuity policy;

• Disaster recovery policy specifies the procedures and processes required to recover data in the event of a disaster.  The disaster might be a natural disaster such as a fire or flood or it might be man-made such as the destruction of all data by a virus;

• Information security Policy specifies how data and information will be protected from authorized access;

• Meta data management policy specifies internal requirements for gathering, maintaining and providing metadata;

• Data quality metrics policy should specify how metrics will be maintained to report information on the quality of data stored within various computer systems;

• Corporate metrics management policy specifies how metrics will be defined for business intelligence purposes and who is possible for maintaining metric classification;

• Database management policy specifies how database operations will function within the organization and will cover things like: how frequently is data “backed up”?  Is off-site storage utilized? Where it is located?

• Information delivery methodology specifies how business intelligence systems will be developed, tested and moved into production.

What standards and best practices should we review?

Best practice defines “industry accepted” methods of completing work in an effective and efficient manner based on repeatable processes that have proven themselves over time.

Best practices within a specific organization frequently define  “rules” for working within the specific environment and technology constraints.

Key data management best practices will include:

• Data model (structure and design);
• Database management (storage);
• Data movement;
• Security;
• Data quality; and
• Business intelligence

Other information management plans should include:

• Metadata management;
• Master data management;
• Configuration management;
• Change management; and
• Release management

Summary...

Policies, standards, best practices and management plans are required to govern accountability for information management—It is critical that we assess the current information management policy during the information management strategy stage