Information Governance Insights: Looking Ahead
Get Your Training Plan Ready!
November is here once again! The holidays are just around the corner and the year-end activities are looming with many people scheduling to use the last of their vacation days before they lose them. This is the normal winding down that happens every year at this time, so what can Information Governance professionals do during this time to keep the momentum going? The answer is review your training plan and get it ready to go in January!
Information governance should be part of the annual training regime at every organization right along with safety and sexual harassment. In many organizations, these types of sessions are required for compliance. For others, it is recommended as a standard business process. Regardless, information governance should be part of the curriculum. If this is not the case in your organization you should be meeting with your training department staff immediately and bring it to their attention.
Making information governance part of the annual training serves two purposes:
1. You can’t expect people to understand what you expect of them if you do not tell them what you want them to do.
2. If and/or when an issue occurs where an individual has not followed standard procedure, such as in a legal matter, you will have a record that the individual was trained.
The key to success lies in including information governance as part of an ongoing process.
Having a comprehensive training plan will alleviate this concern. So what is a comprehensive training plan? An information governance training plan consists of two parts;
1. A complete review of the program beginning with a definition of standard terms so everyone is on the same page, an outline of the chain of command with clear definitions of the roles and responsibilities of everyone involved, a short description of the policies and procedures for the program including specific information related to legal holds and your email management policy.
2. A comprehensive review of security protocols and how each person has a role and responsibility in it. This part of the curriculum should review how to identify phishing attacks and have actual exercises each person can practice with so those needing additional training can be identified.
You will note I said “review” in the description of these training plan components. That is because each member of your staff should already be familiar with all of these subjects. A comprehensive training plan should also include both of these subjects as part of the onboarding process for new employees.
In today’s integrated, information driven environment it should be fairly easy to sell Upper Management on the need to include information governance training as part of the organization’s training program. Indeed most organizations have implemented the subjects into the orientation process for new employees.
However the key to success lies in including information governance as part of an ongoing process of educating the staff so that the policies and procedures become second nature in the course of daily business.
All the technology in the world will never solve every business issue. Your people are the weakest link in the chain regardless of the organization. You have to train them on what you expect them to do before you can hold them accountable. If information governance is not part of your annual training regime, now is the perfect time to get the ball rolling to make it happen!