A Bevy of Non-Standard Information Management Standards

Several associations, collaborative open standards groups, and professional services organizations and industry luminaries have succeeded to various degrees in filling the gap with their own information management-related methodologies or other tools. These include the Capability Maturity Model Integration (CMMI), Data Management Association International (DAMA), Enterprise Data Management (EDM) Council, Experience Matters, Cicero Group, MIKE2.0, Accenture, CapGemini, Deloitte, EY, IBM, KPMG, Wipro, John Ladley, Rob Hillard, and William McKnight. As well, IT research organizations including Gartner publish a large body of research and consultative guidance on information management trends and best practices.⁴

Each of these bodies of knowledge, approaches, resources, and tools has its unique uses and benefits for information management leaders and professionals. Yet, most of them tend to be lacking in adoption, completeness, integration, and/or usability. Usually these challenges are by design. For example: research organizations are not in the “methodology business”; DAMA and CMMI are strictly focused on methodology maturity; and systems integrators generally do not publish their approaches for competitive and compensatory reasons. And as for accreditation, the ICCP and DAMA offer data management professional certifications, although they are neither widely recognized nor often required.

We’re well into the Information Age, and we have been managing electronic information for at least fifty years. Most business models and much of the world is flipping to digital, and in the last ten years many of the most successful companies have monetized information more than they have monetized products and services. Still, most organizations have their IT department (or worse, various business units themselves) managing their information as less of an asset than their technology, and without any generally accepted, enforceable standards.

Across the information realm, however, are other close neighbors such as the specialties of IT asset management, IT service management, records management, content management, knowledge management, and even library science. Each of these fields includes standards and procedures worthy of consideration, as we look to better manage information as an actual asset. In the next chapter, we’ll weave these best practices into an approach for improving EIM maturity across the seven dimensions described in chapter 5.

An IT Asset Management Eye-Opener

Recently, I attended an IT asset management conference and had a chance to speak with several attendees about their approaches to managing their company’s various software and hardware assets. To my surprise, not only are there entire departments in some companies just for tracking who has which corporate laptops and mobile devices, but there’s a whole industry around software solutions and best practices for inventorying, tracking, monitoring, and servicing—along with managing the vendors and contracts—for all manner of technology stuff.

First, there’s an entire family of International Organization for Standardization (ISO) standards for IT asset management (ITAM):

• ISO 19770–1 is a process defining best practices for software asset management (SAM) in an organization,
• ISO 19770–2 is an XML standard for inventorying and identifying what software is deployed on a given device,
• ISO 19770–3 is a schema describing the entitlements and rights associated with a software license, including how to measure the license and entitlement consumption, and
• ISO 19770–4 is a standard for reporting on resource utilization.

These processes and standards educate end users on compliance, help budget managers make technology redeployment decisions, provide IT service departments with guidance on warranty and other service information, and offer procedures on invoice and IT asset inventory level information for finance departments.⁵

Now, substitute the phrase “information asset” for “technology” or “IT asset.” Do information management departments or leaders have a global standard for information best practices? Do they have any kind of inventory standard for information assets? Do they have a standard way to document the contractual rights and privileges for information usage, or to track them (other than for information security or privacy regulations)? Is there a recognized standard for reporting on information utilization? At best, the answer to any of these is: hardly.

Now, ask yourself: which is more critical to an organization, the customer information or the hardware upon which it resides? It’s no wonder why the ITAM conference attendees I met were dumbfounded when I mentioned no such standards or procedures exist for the management of information assets.

I’m not suggesting at all that IT/infrastructure/technology isn’t important, only that there’s a whole lot that we info-folks can learn and perhaps steal from the impressive discipline around managing it.

IT Service Management—Servicing Information Needs?

A close cousin of ITAM is IT service management (ITSM), a discipline dealing with aligning IT services with the needs of the business. A set of processes, procedures and other tools known as the Information Technology Infrastructure Library (ITIL) is the prevailing standard for IT service management.⁶⁷

ITIL currently specifies twenty-six processes grouped into five high-level areas:

1. ITIL Service Strategy: understanding organizational objectives and customer needs.
2. ITIL Service Design: turning the service strategy into a plan for delivering the business objectives.
3. ITIL Service Transition: developing and improving capabilities for introducing new services into supported environments.
4. ITIL Service Operation: managing services in supported environments.
5. ITIL Continual Service Improvement: achieving incremental and large-scale services improvements.

Imagine if there were such a library of standards and procedures for information management. Or even in advance of one, what if CDOs borrowed liberally from the ITIL cookbook to establish similar approaches for their own organization: a discipline dealing with aligning information services with the needs of the business. Such an “information management library” could include:

• An Information Service Strategy process that identifies business demand for information, a catalog of information assets, a set of user profiles, patterns of information creation and usage, budgeting and charging for information access, and an operations approach for fulfilling information needs/requests and resolving information service failures.
• An Information Services Design for a catalog of information assets and services, service level agreements (SLAs) among users and providers of information and information services, and the management of information capacity and throughput, continuity, and supplier/provider management.
• An Information Service Transition process to ensure information services supports continual and periodic changes to information availability, demand, and needed information service components.
• Information Service Operations to ensure information demand and delivery are constantly monitored, and that requests, incidents, and problems related to information assets and their required facilities and technical components are managed effectively.
• An Information Service Continual Service Improvement process for monitoring, reviewing, and evaluating ongoing information service needs, and learning from past successes and failures.

It’s well beyond the scope of this book, but I’d be really impressed with anyone who took the initiative to adapt and adopt ITIL for an information services organization! But wait, we have several other asset management approaches yet to examine and learn from.

Records Management—From Hard Copies to Hardened Practices

Records information management (RIM) is a mysterious function within many organizations that quietly goes about its business of preserving and safeguarding the organization’s institutional memory. Often RIM is part of a broader governance, risk, and compliance (GRC) function under the auspices of the legal department, not IT. Although RIM’s heredity is in moving about boxes of files among offices and storage facilities, the discipline has kept up with the times. It now includes the management of electronic records as well.

The current ISO standard for RIM, ISO 15489–1:2016, defines records as “information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business.”⁸⁹ The standard describes concepts and principles relating to:

• Records, metadata for records, and record systems,
• Policies, assigned responsibilities, monitoring, and training in support of effective records management,
• Recurrent analysis of business context and identifying records requirements,
• Records controls, and
• Processing for creating, capturing, and managing records.¹⁰

Even with a somewhat dated set of vernacular, this standard seems like an excellent framework for a set of data governance policies and procedures. Invariably, however, data governance programs are designed from scratch, based on someone else’s data governance program, or leaning on a specific practitioner’s book or methodology, enhanced with a smattering of best and emerging practices from magazine articles and analyst organization research reports.

RIM standards also introduce some concepts seldom seen well documented at all in data governance programs, such as that of a defensible solution—one which can be supported with clearly documented policies, processes, and procedures. One defensible solution I see only occasionally in information management policies and practices is that of “defensible disposition” or “defensible destruction” of records, which defines explicitly which records to destroy/dispose of, by whom, where, and when. Another well-defined RIM concept that would be useful in architecting and articulating an information lifecycle is classifying records as “active,” “inactive,” or “semi-current,” along with their disposition or other handling requirements.

RIM standards are meticulous about defining a record’s lifecycle—from creation, through its storage, modification, conversion, movement, circulation, retrieval, and destruction. RIM discriminates different classes of records with different properties and legal status. RIM professionals themselves can become formally certified via the Institute of Certified Records Managers and other societies, and even can obtain a master’s degree in archives and records administration from various universities around the world. Surely this is a sound basis on which to build information asset management practices, standards and accreditation, right?

Contending Approaches for Content Management

Enterprise Content Management (ECM) is a discipline for “the strategies, methods and tools used to capture, manage, store, preserve, and deliver content and documents related to organizational processes.”¹¹ In this way, ECM is more workflow-oriented that RIM. Gartner’s definition also incorporates the creation, discovery, and usage analysis of content, and its graphical depiction of ECM includes “return on information” at the center.¹² Often the main discriminator between ECM and EIM is a simple artificial one: unstructured versus structured information. Yet they remain almost entirely distinct disciplines with distinct departments and distinct technologies.

Also, within the family of ECM are intersecting, overlapping, and sometimes conflicting disciplines of: Document Management, Digital Asset Management (DAM), and Web Content Management (WCM). Vendors rather than standards bodies tend to drive most of the accepted or expected capabilities and processes.

Because ECM and EIM are closely related, requiring some of the same basic methodological approaches, there may not be much we can borrow from ECM. However, some unique concepts and focus areas from these disciplines CDOs might consider incorporating into their overall information management approach include:¹³

• Specifications concerning the capture or entry and validation of content,
• Storing content in an optimal format/structure,
• Content classification,
• Content findability, searchability, and discovery,
• Digital rights and digital signatures,
• Content as a service,
• Content versioning and derivatives, and
• Collaboration among users in terms of: 1) document workflows and 2) joint content creation and editing.

Very few CDOs also oversee content management, but in the realm of overall enterprise information management, it makes sense that they should. And I believe they will in the coming years. As the founder and CEO of one content management vendor suggested to me, “Other than the different technologies involved and a few unique workflow considerations, data and content management are more like ‘brothers from another mother.’” It might make sense they live under the same roof.

Knowledge Management Know-How

More than two decades after release of the album In the Court of the Crimson King, rules around compiling and deploying institutional knowledge began to coalesce. Knowledge Management (KM) became a more formalized discipline in the early 1990s, but still sufferers from an unwieldy number of differing definitions. Most center on the identification, capture, structuring, value, sharing, and deployment of an organization’s intellectual assets to enhance its performance and competitiveness. Knowledge assets are segregated into explicit and tacit knowledge. As such, KM is quite human-centered compared to asset management disciplines and draws upon a number of diverse fields, from cognitive science to anthropology to web and document management technologies:¹⁴¹⁵

Information leaders such as CDOs would be well advised to leverage much of what KM offers in the way of:

• Adapting and dealing with new and exceptional situations in establishing a vision for EIM, including scenario planning,
• Developing, communicating, and sharing an EIM vision to transmit an “information culture,”
• Collaborating across other areas of the organization, including IT, business, finance, legal, etc.,
• Identifying, capturing, codifying, and sharing expertise as part of defining the information management organization and associated roles (including other resources spread throughout the enterprise),
• Developing, implementing, and improving repeatable, experience-based information asset management methods, and
• Transferring and incorporating knowledge/information assets into business products and services.

CDOs would also benefit by adopting certain KM technologies such as work-flow management, and groupware for capturing and disseminating knowledge.

What’s on the Library Science Shelf?

Closing the book, as it were, on formal approaches to other information-related management disciplines, is that of library science, or library and information science (LIS).

Although a French librarian, Gabriel Naudé, published the earliest known text on library operations in 1627, a Bavarian librarian named Martin Schrettinger coined the discipline in the early 1800s with his work, Versuch eines vollständigen Lehrbuchs der Bibliothek-Wissenschaft oder Anleitung zur vollkommenen Geschäftsführung eines Bibliothekars.¹⁶ Oddly, Schrettinger opted to organize his library not by topic, but in alphabetical order.

OK, maybe there’s not a lot we can learn from old Schrettinger himself.¹⁷ However, many of Naudé’s principles endure, and are instructive to information professionals even today. In Naudé’s first chapter of his book, Advis pour dresser une bibliothèque, he poses and answers the question: Why create a library? His answer suggests he believed there to be no greater honor than collecting human knowledge and sharing it. Naudé goes on to define a plan which includes inspecting the catalogs of other libraries. He advises that the first books curated ought to be those highly regarded books by highly regarded practitioners in a particular field, and they ought to be collected in their original languages to avoid meanings being lost in translation. He also writes that select interpretations or commentaries should be included, that every book has a reader no matter how obscure the topic, and that multiple copies of popular books should be considered. As for arranging the library, he quoted Cicero: “It is order that gives light to memory,” suggesting books should be organized by key subjects and subcategories. Additionally, Naudé offered guidance on bookbinding techniques.¹⁸

Any information professional will recognize several key principles in Naudé’s Advice which could be readily adopted as part of a vision and strategy for information asset management, such as:

• There is no greater asset than information (if you think your office furniture, laptops, or other equipment are of greater importance, then you’re a 17th century and a 21st century laggard),
• Learn what information assets are collected and compiled by competitors and others,
• Focus on the most important information first,
• Collect information from respected (high quality) sources,
• Capture raw, original (not transformed) data when possible,
• Include available commentaries (i.e., metadata) on information,
• Recognize that all information has potential and probable value to someone or some process,
• Ensure the availability for high-demand information assets,
• Organize information assets in ways they are easy to locate, and nearby other information assets of similar topic interest, and
• Ensure the protection and preservation of information assets.

Today, the leading LIS governing body is the International Federation of Library Associations and Institutions (IFLA), whose principles include:

• The promotion of high standards for the provision and delivery of library information services,
• Encouraging widespread understanding of the value of good library and information services, and
• Endorsing the principles of freedom of access to information, and the con viction that the delivery of high-quality LIS helps guarantee that access.

Over the past couple of decades LIS has been transformed by the digital age. The IFLA has developed and published conceptual models and digital formats for bibliographic encoding and sharing, and for resource descriptions. Additionally, it offers dozens of formal guidelines on the handling and storage of various media, content curation and sharing, a growing range of library services, ensuring easy resource accessibility for multiple types of user communities, artifact digitization and preservation, and overall operations.¹⁹ Many of these guidelines, no doubt, would offer CDOs and other information professionals fascinating insights and useful ideas to bring into the information asset management fold.

Balance Sheet Assets and Other Major Proto-Assets

Now let’s get away from the world of IT and information to expand our exploration of asset management concepts into other areas.

Human Capital Management

As I mentioned in the previous chapter, people are not assets because we can no longer be owned. (Score one for humanity at the expense of accounting.) Still, labor is expensed on the income statement, and the discipline of human capital has emerged to manage us as if we were assets. If you think I’m kidding, see the 619-page People Capability Maturity Model (P-CMM). It’s longer than any of these other standards (other than SCOR), because well, I guess people and organizations are more difficult to manage than most other things.

The P-CMM, fi rst released in 1995, is advertised as “a tool to help you successfully address the critical people issues in your organization… [and] guides organizations in improving their processes for managing and developing their workforce.” As one of Software Engineering Institute’s many capability maturity models, it is more assessment-oriented than methodological.

Oriented toward the chief resource officer (CRO) or chief human resource officer (CHRO) and their organizations, the P-CMM contains guidance on:

• Developing and implementing human capital strategies and plans,
• Managing and developing workforces,
• Nurturing teams,
• Transforming organizational culture,
• Guiding organizational changes (e.g., downsizing, mergers and acquisitions, changes in ownership, etc.),
• Managing individual development and growth,
• Managing knowledge assets,
• Improving workforce practices,
• Motivating individuals,
• Improving retention, and
• Dealing with changing demographics, labor markets, and other external workforce issues.

Similarly a robust information management process should include strategies and plans, “nurture” information assets, help to transform the organization, enable organizational changes, improve the acquisition and retention of business, and respond to a changing landscape of externally available information sources.

As with the Gartner Information Management Maturity Model, the P-CMM’s maturity levels parallel a stepwise improvement in planning, competencies, collaboration, and performance. The P-CMM (Figure 7.1), however, includes ten principles upon which the model is based, which are worth calling out:²⁶

Figure 7.1 People Capability Maturity Model

Not to poke fun at these philosophies, but rather embrace them—if we were to substitute “information” for “workforce” and do a little tweaking, we can construct a similar set of philosophies for information management:

1. In mature organizations, information capability is directly related to business performance.
2. Information capability is a competitive issue and a source of strategic advantage.
3. Information capability must be defined in relation to the organization’s strategic objectives.
4. Knowledge-intensive work shifts the focus from job elements to information competencies.
5. Capability can be measured and improved at multiple levels of enterprise information, including at a record level, a dataset level, information competencies, and the entire portfolio of information assets.
6. An organization should invest in improving the information-related capabilities that are critical to its core competency as a business.
7. Information leadership (e.g., the CDO) is responsible for the capability of the information assets.
8. The improvement of information capabilities can be pursued as a process composed from proven practices and procedures.
9. The organization is responsible for providing opportunities to use information, and business people are responsible for taking advantage of them.
10. Because technologies and business models evolve rapidly, organizations must continually evolve their information management practices and competencies.